OS-SOMMELIER: Memory-Only Operating System Fingerprinting in the Cloud

Precise fingerprinting of an Operating System (OS) is critical to many security and Virtual Machine (VM) management applications in the cloud, such as VM introspection, penetration testing, guest OS administration (e.g., kernel update), kernel dump analysis, and memory forensics. The existing OS fingerprinting techniques primarily inspect network packets or CPU states, and they all fall short in precision and usability. As the physical memory of a VM is always present in all these applications, in this paper, the authors present OS-SOMMELIER, a memory-only approach for precise and efficient cloud guest OS fingerprinting.

Provided by: Association for Computing Machinery Topic: Virtualization Date Added: Oct 2012 Format: PDF

Find By Topic