Provided by: Association for Computing Machinery
Date Added: Oct 2012
Precise fingerprinting of an Operating System (OS) is critical to many security and Virtual Machine (VM) management applications in the cloud, such as VM introspection, penetration testing, guest OS administration (e.g., kernel update), kernel dump analysis, and memory forensics. The existing OS fingerprinting techniques primarily inspect network packets or CPU states, and they all fall short in precision and usability. As the physical memory of a VM is always present in all these applications, in this paper, the authors present OS-SOMMELIER, a memory-only approach for precise and efficient cloud guest OS fingerprinting.