| Item type |
JInfP(1) |
| 公開日 |
2014-10-15 |
| タイトル |
|
|
タイトル |
Secure and Fast Log Transfer Mechanism for Virtual Machine |
| タイトル |
|
|
言語 |
en |
|
タイトル |
Secure and Fast Log Transfer Mechanism for Virtual Machine |
| 言語 |
|
|
言語 |
eng |
| キーワード |
|
|
主題Scheme |
Other |
|
主題 |
[Special Issue on Computer Security Technology against New Risk] secure logging, virtual machine, library modification, digital forensics. |
| 資源タイプ |
|
|
資源タイプ識別子 |
http://purl.org/coar/resource_type/c_6501 |
|
資源タイプ |
journal article |
| 著者所属 |
|
|
|
Graduate School of Natural Science and Technology, Okayama University |
| 著者所属 |
|
|
|
Graduate School of Natural Science and Technology, Okayama University |
| 著者所属(英) |
|
|
|
en |
|
|
Graduate School of Natural Science and Technology, Okayama University |
| 著者所属(英) |
|
|
|
en |
|
|
Graduate School of Natural Science and Technology, Okayama University |
| 著者名 |
Masaya, Sato
Toshihiro, Yamauchi
|
| 著者名(英) |
Masaya, Sato
Toshihiro, Yamauchi
|
| 論文抄録 |
|
|
内容記述タイプ |
Other |
|
内容記述 |
Ensuring the integrity of logs is essential to reliably detect and counteract attacks because adversaries tamper with logs to hide their activities on a computer. Even though some studies proposed various protections of log files, adversaries can tamper with logs in kernel space with kernel-level malicious software (malware) because file access and inter-process communication are provided by an OS kernel. Virtual machine introspection (VMI) can collect logs from virtual machines (VMs) without interposition of a kernel. It is difficult for malware to hinder that log collection, because a VM and VM monitor (VMM) are strongly separated. However, complexity and unnecessary performance overhead arise because VMI is not specialized for log collection. This paper proposes a secure and fast log transfer method using library replacement for VMs. In the proposed method, a process on a VM requests a log transfer to a VMM using the modified library, which contains a trigger for a log transfer. The VMM collects logs from the VM and isolate them to another VM. The proposed method provides VM-level log isolation and security for the mechanism itself with low performance overhead. |
| 論文抄録(英) |
|
|
内容記述タイプ |
Other |
|
内容記述 |
Ensuring the integrity of logs is essential to reliably detect and counteract attacks because adversaries tamper with logs to hide their activities on a computer. Even though some studies proposed various protections of log files, adversaries can tamper with logs in kernel space with kernel-level malicious software (malware) because file access and inter-process communication are provided by an OS kernel. Virtual machine introspection (VMI) can collect logs from virtual machines (VMs) without interposition of a kernel. It is difficult for malware to hinder that log collection, because a VM and VM monitor (VMM) are strongly separated. However, complexity and unnecessary performance overhead arise because VMI is not specialized for log collection. This paper proposes a secure and fast log transfer method using library replacement for VMs. In the proposed method, a process on a VM requests a log transfer to a VMM using the modified library, which contains a trigger for a log transfer. The VMM collects logs from the VM and isolate them to another VM. The proposed method provides VM-level log isolation and security for the mechanism itself with low performance overhead. |
| 書誌レコードID |
|
|
収録物識別子タイプ |
NCID |
|
収録物識別子 |
AA00700121 |
| 書誌情報 |
Journal of information processing
巻 22,
号 4,
p. 597-608,
発行日 2014-10-15
|
| ISSN |
|
|
収録物識別子タイプ |
ISSN |
|
収録物識別子 |
1882-6652 |
| 出版者 |
|
|
言語 |
ja |
|
出版者 |
情報処理学会 |
IPSJ-JIP2204008.pdf (941.1 kB)
