Operating System fingerprinting (OSF) is important to help on deciding security policy enforced on protected Virtual Machine (VM). Unfortunately, current OSF techniques suffer many problems, such as: they fail badly against modern Operating Systems (OS), they are slow, and only support limited OS-es and hypervisors.
This paper analyzes the drawbacks of current OSF approaches against VM in the cloud, then introduces a novel method, named UFO, to fingerprint OS running inside VM. Our solution fixes all the above problems: Firstly, it can recognize all the available OS variants and (in lots of cases) exact OS versions with excellent accuracy, regardless of OS tweaking. Secondly, UFO is extremely fast. Last but not least, it is hypervisor-independent: we proved that by implementing UFO for Xen and Hyper-V.