James Lau wrote: > My program is a utility for internet payment. It takes an important > role in the payment process to ensure security. One of the key > functions is that the program should detect which machine is paying. > So while virtual machine (like QEMU) is present, it can cheat the > program. Well, to say it bluntly: Your security concept is flawed, as you cannot assume a client to be trusted. Rethink your concept. A Kerberos 5 like model might help you here. > Checking the hard disk model, cpu type, and other hardward > informations makes little sense. Because the users or the hackers can > easily modify these informations. So I need a QEMU internal checking > method that hackers can't easily bypass. Just for your information: There's a project derived from qemu named 'argos' which tries to setup a high interaction honeypot to fool hackers into revealing their techniques and tools. If they can fool skilled hackers to take the vm for a real system, then your programm can be fooled as well.
With regards, Jan _______________________________________________ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
