Operating System fingerprinting (OSF) is important to help on deciding security policy enforced on protected Virtual Machine (VM). Unfortunately, current OSF techniques suffer many problems, such as: they fail badly against modern Operating Systems (OS), they are slow, and only support limited OS-es and hypervisors.
This paper analyzes the drawbacks of current OSF approaches against VM in the cloud, then introduces a novel method, named UFO, to fingerprint OS running inside VM. Our solution fixes all the above problems: Firstly, it can recognize all the available OS variants and (in lots of cases) exact OS versions with excellent accuracy, regardless of OS tweaking. Secondly, UFO is extremely fast. Last but not least, it is hypervisor-independent: we proved that by implementing UFO for Xen and Hyper-V.
Nguyen Anh Quynh is a researcher at The National Institute of Advanced Industrial Science and Technology (AIST), Japan. His interests include computer security, networking, operating system, virtualization, trusted computing, digital forensic, and intrusion detection. He published a lot of academic papers in those fields, and frequently gets around the world to present his research results in various hacking conferences. Quynh obtained his PhD degree in computer science from Keio University, Japan. He is also a member of VnSecurity, a pioneer security research group in Vietnam.