Ufo: Operating System Fingerprinting For Virtual Machines presented at SyScan 2010

by Nguyen ANH Quynh,

Tags: Security

Summary : In computer security field, Operating System fingerprinting
(OSF) is the process of identifying the OS variant and version. OSF is
considered an important stage to decide security policy enforced on
protected Virtual Machine (VM). OSF is also the first step of VM
introspection process. Unfortunately, current OSF techniques suffer
many problems, such as: they fail badly against modern Operating
System (OS), they are slow, and only support limited OS-es and
hypervisors.This paper analyzes the drawbacks of current OSF approaches against
VM, then introduces a novel method named \emph{UFO} to fingerprint OS
running inside VM. Our solution fixes all the above problems: Firstly,
it can recognize all the available OS variants and (in lots of cases)
exact OS versions with excellent accuracy, regardless of OS tweaking.
Secondly, UFO is extremely fast. Last but not least, it is
hypervisor-independent: we proved that by implementing UFO on Xen and
Hyper-V.The presentation includes some demos, so the audience can see how UFO
really works. The full source code of the tool will be released under
GPL license.u5728u96fbu8166u5b89u5168u7684u9818u57dfu4e2duff0cu4f5cu696du7cfbu7d71u6307u7d0bu5efau6a94u662fu8fa8u5225u4f5cu696du7cfbu7d71u8b8au6578u548cu7248u672cu7684u904eu7a0bu3002
u4f5cu696du7cfbu7d71u6307u7d0bu5efau6a94u88abu8996u70bau6c7au5b9au5be6u65bdu5728u53d7u4fddu8b77u7684u865bu64ecu6a5fu5668u7684u5b89u5168u6e96u5247u7684u4e00u500bu91cdu8981u968eu6bb5u3002u4f5cu696du7cfbu7d71u6307u7d0bu5efau6a94u4e5fu662fu865bu64ecu6a5fu5668u5167u8996u904eu7a0bu7684u7b2cu4e00u6b65u3002
u4e0du5e78u7684u662fuff0cu76eeu524du7684u4f5cu696du7cfbu7d71u6307u7d0bu5efau6a94u9084u9762u81e8u8a31u591au554fu984cuff0cu50cfu662fuff1au5b83u5011u4f7fu7528u5728u73feu4ee3u7684u4f5cu696du7cfbu7d71u6642u5b8cu5168u5931u6557u3001u5b83u5011u5f88u6162uff0cu800cu4e14u53eau6709u652fu63f4u6709u9650u7684u4f5cu696du7cfbu7d71u548cu865bu64ecu6a5fu5668u7ba1u7406u54e1u3002u9019u4e00u4efdu5831u544au6703u5206u6790u76eeu524du4f5cu696du7cfbu7d71u6307u7d0bu5efau6a94u5728u865bu64ecu6a5fu5668u4e0au4f5cu9762u81e8u7684u56f0u96e3uff0cu7136u5f8cu518du4ecbu7d39u4e00u500bu53ebu505a\emph{UFO}u7684u65b0u65b9u6cd5uff0c
u4ee5u9054u5230u5728u865bu64ecu6a5fu5668u4e2du7684u4f5cu696du7cfbu7d71u6307u7d0bu5efau6a94u3002u6211u5011u7684u65b9u6848u53efu4ee5u89e3u6c7au4e0au8ff0u7684u6240u6709u554fu984cuff1au7b2cu4e00uff0cu5b83u53efu4ee5u975eu5e38u6b63u78bau7684u8fa8u8a8du6240u6709u76eeu524du6709u7684u4f5cu696du7cfbu7d71u8b8au6578uff0c
u548c(u5728u5f88u591au6848u4f8bu4e2d)u4f5cu696du7cfbu7d71u7248u672cuff0cu7121u8ad6u662fu5426u6709u8abfu6574u904eu4f5cu696du7cfbu7d71u3002u7b2cu4e8cuff0cUFO u975eu5e38u7684u5febu901fu3002u6700u5f8cuff0cu4f46u4e5fu540cu6a23u91cdu8981u7684uff0cu5b83
u4e0du9700u8981u4f9du8cf4u865bu64ecu6a5fu5668u7ba1u7406u54e1uff1au6211u5011u5df2u7d93u5728Xenu548cHyper-Vu4e0au8b49u5be6u4e86u9019u4e00u9edeu3002u9019u6b21u5831u544au6703u5305u62ecu4e00u4e9bu73feu5834u7684u5448u73feuff0cu6240u4ee5u89c0u773eu53efu4ee5u4e86u89e3UFO u662fu600eu9ebcu904bu4f5cu7684u3002u9019u500bu5de5u5177u5b8cu6574u7684u539fu59cbu78bcu6703u5728u901au7528u516cu5171u6388u6b0au4e0bu767cu4f48u3002