Virtual machine remote detection method using network timestamp in cloud computing

As any new technology advancement, cloud computing also creates disruptive possibilities and security risk potentials. Virtualization which are the engine that drives cloud computing turns the data center into self-managing, highly scalable, highly available and pools of easily consumable resources. The increase in virtualization and usage of virtual machines (VM) in cloud computing environment has attracted a lot of attention from the computer security research community on the potential treats that could occurs from vast use of virtual machines in cloud computing. In this paper, methods for detecting VM using remote IP and ICMP packet timestamp detection methods and the timestamp behavior are studied, tested and investigated to determine either the problem still exist in high performance cloud computing infrastructure. The results from this study shows that there were distinguishable differences in the timestamp replies behaviors received from VM and non-VM machines even in a high performance private cloud computing environment. These results prove a significant potential that timestamp detection method could be exploited by malware as a VM detection method even in high performance cloud computing infrastructure. From the finding of this study, we proposed theory for the stand-alone environment to reply timestamp in such differences similar to the VM.