Fingerprinting in Single Host VM Environments

Imagine that a License Manager host, one that authorizes a number of node-locked licenses, is emulated using a virtualization software. The traditional locking criteria can be vulnerable on virtual machines due to easy duplication of virtualized hardware. This implies that the number of license authorizations can actually be doubled up despite implementing license copy protection. Therefore, a new approach to locking licenses within virtual environments is needed. If someone creates a duplicate image of a virtual machine, VM detection prevents the new license from being valid on the copied VM. We do this by including the "CPU info" locking attribute as part of the license fingerprint.

CPU info is a locking criterion which binds licenses to a specific set of CPU properties. It is obtained at run-time using the cpuid instruction set. Unfortunately, it is not unique and can be matched on an identical processor. But when combined with other identifiers of a system, such as Ethernet address, the combined attributes become practically unique on an enterprise-level connected network.

The concept of locking to the CPU stems from the fact that a machine processor is not virtualized. Therefore, any attributes obtained from the CPU will always be taken from the physical hardware. Identifying the physical processor ignores the layer of virtual technology and assists ongoing protection against future virtualized environments. To see the list of VM technologies which have been currently validated as detectable, refer to the beginning of Virtual Machine Detection.

CAUTION!   CPU info should be used in combination with other locking criteria, such as Ethernet address, host name, and IP address that typically remain unique in a connected organization.