WEKO3
アイテム
Secure and Fast Log Transfer Mechanism for Virtual Machine
https://ipsj.ixsq.nii.ac.jp/records/103096
https://ipsj.ixsq.nii.ac.jp/records/103096259d520f-338e-4ea5-9743-ab79b1767994
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL5509006 (939.4 kB)
|
Copyright (c) 2014 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Journal(1) | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2014-09-15 | |||||||||
| タイトル | ||||||||||
| タイトル | Secure and Fast Log Transfer Mechanism for Virtual Machine | |||||||||
| タイトル | ||||||||||
| 言語 | en | |||||||||
| タイトル | Secure and Fast Log Transfer Mechanism for Virtual Machine | |||||||||
| 言語 | ||||||||||
| 言語 | eng | |||||||||
| キーワード | ||||||||||
| 主題Scheme | Other | |||||||||
| 主題 | [特集:新しいリスクに対応するコンピュータセキュリティ技術] secure logging, virtual machine, library modification, digital forensics. | |||||||||
| 資源タイプ | ||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||
| 資源タイプ | journal article | |||||||||
| 著者所属 | ||||||||||
| Graduate School of Natural Science and Technology, Okayama University | ||||||||||
| 著者所属 | ||||||||||
| Graduate School of Natural Science and Technology, Okayama University | ||||||||||
| 著者所属(英) | ||||||||||
| en | ||||||||||
| Graduate School of Natural Science and Technology, Okayama University | ||||||||||
| 著者所属(英) | ||||||||||
| en | ||||||||||
| Graduate School of Natural Science and Technology, Okayama University | ||||||||||
| 著者名 |
Masaya, Sato
× Masaya, Sato
× Toshihiro, Yamauchi
|
|||||||||
| 著者名(英) |
Masaya, Sato
× Masaya, Sato
× Toshihiro, Yamauchi
|
|||||||||
| 論文抄録 | ||||||||||
| 内容記述タイプ | Other | |||||||||
| 内容記述 | Ensuring the integrity of logs is essential to reliably detect and counteract attacks because adversaries tamper with logs to hide their activities on a computer. Even though some studies proposed various protections of log files, adversaries can tamper with logs in kernel space with kernel-level malicious software (malware) because file access and inter-process communication are provided by an OS kernel. Virtual machine introspection (VMI) can collect logs from virtual machines (VMs) without interposition of a kernel. It is difficult for malware to hinder that log collection, because a VM and VM monitor (VMM) are strongly separated. However, complexity and unnecessary performance overhead arise because VMI is not specialized for log collection. This paper proposes a secure and fast log transfer method using library replacement for VMs. In the proposed method, a process on a VM requests a log transfer to a VMM using the modified library, which contains a trigger for a log transfer. The VMM collects logs from the VM and isolate them to another VM. The proposed method provides VM-level log isolation and security for the mechanism itself with low performance overhead. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.22(2014) No.4 (online) DOI http://dx.doi.org/10.2197/ipsjjip.22.597 ------------------------------ |
|||||||||
| 論文抄録(英) | ||||||||||
| 内容記述タイプ | Other | |||||||||
| 内容記述 | Ensuring the integrity of logs is essential to reliably detect and counteract attacks because adversaries tamper with logs to hide their activities on a computer. Even though some studies proposed various protections of log files, adversaries can tamper with logs in kernel space with kernel-level malicious software (malware) because file access and inter-process communication are provided by an OS kernel. Virtual machine introspection (VMI) can collect logs from virtual machines (VMs) without interposition of a kernel. It is difficult for malware to hinder that log collection, because a VM and VM monitor (VMM) are strongly separated. However, complexity and unnecessary performance overhead arise because VMI is not specialized for log collection. This paper proposes a secure and fast log transfer method using library replacement for VMs. In the proposed method, a process on a VM requests a log transfer to a VMM using the modified library, which contains a trigger for a log transfer. The VMM collects logs from the VM and isolate them to another VM. The proposed method provides VM-level log isolation and security for the mechanism itself with low performance overhead. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.22(2014) No.4 (online) DOI http://dx.doi.org/10.2197/ipsjjip.22.597 ------------------------------ |
|||||||||
| 書誌レコードID | ||||||||||
| 収録物識別子タイプ | NCID | |||||||||
| 収録物識別子 | AN00116647 | |||||||||
| 書誌情報 |
情報処理学会論文誌 巻 55, 号 9, 発行日 2014-09-15 |
|||||||||
| ISSN | ||||||||||
| 収録物識別子タイプ | ISSN | |||||||||
| 収録物識別子 | 1882-7764 | |||||||||
