{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00201314","sets":["6164:6165:6462:10022"]},"path":["10022"],"owner":"44499","recid":"201314","title":["単一フックポイントのゲストOS監視による検知可能な権限昇格攻撃の拡大とオーバヘッド削減の実現"],"pubdate":{"attribute_name":"公開日","attribute_value":"2019-10-14"},"_buckets":{"deposit":"bfdc8650-aaa3-40b5-aaf3-610a7c0b3d6b"},"_deposit":{"id":"201314","pid":{"type":"depid","value":"201314","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"単一フックポイントのゲストOS監視による検知可能な権限昇格攻撃の拡大とオーバヘッド削減の実現","author_link":["491803","491804","491806","491805"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"単一フックポイントのゲストOS監視による検知可能な権限昇格攻撃の拡大とオーバヘッド削減の実現"},{"subitem_title":"Expanding Detectable Privilege Escalation Attacks and Reducing Overhead by Guest OS Monitoring Using Single Hook Point","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"KVM，仮想化，権限昇格攻撃，権限情報，システムコールフック","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2019-10-14","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"岡山大学大学院自然科学研究科"},{"subitem_text_value":"岡山大学大学院自然科学研究科"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Natural Science and Technology, Okayama University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Natural Science and Technology, Okayama University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/201314/files/IPSJCSS2019021.pdf","label":"IPSJCSS2019021.pdf"},"date":[{"dateType":"Available","dateValue":"2021-10-14"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2019021.pdf","filesize":[{"value":"311.2 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"9b70f443-2662-4ac5-b1b5-0446c321759e","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2019 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"福本, 淳文"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"山内, 利宏"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Akifumi, Fukumoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Toshihiro, Yamauchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_18_relation_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_relation_type_id":{"subitem_relation_type_select":"NCID","subitem_relation_type_id_text":"ISSN　1882-0840"}}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"権限昇格攻撃はシステムの改ざんや情報漏えいにつながる可能性がある．これに対処するため，システムコールによる権限の変更に着目した権限昇格攻撃防止手法が提案された．この手法は，導入するためにカーネルソースコードを変更する必要がある．また，保存した権限情報が攻撃者に改ざんされる可能性がある．これらの課題に対して，我々は KVM 内に同様のセキュリティ機構（以降，従来手法）を実現することで対処した．しかし，従来手法は，システムコール処理中に発生する権限の改ざんしか検知できない．また，システムコールを発行するたびに VMexit が2 回発生し，システムコール処理のオーバヘッドが大きい．そこで，本稿では，従来手法からシステムコール処理後のフックポイントを削除し，システムコール処理前の権限の監視のみで権限昇格攻撃を防止する手法を提案する．提案手法は，従来手法では対応できなかったシステムコール処理外で発生する権限の変更を検知できる．また，システムコールあたりに発生する VMexit が1 回となり，システムコール処理のオーバヘッドが抑えられる．本稿では，提案手法の設計と実現方式について述べ，従来手法では検知できない攻撃を検知できることとオーバヘッドを半分に削減できることを述べる．\n","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"To address privilege escalation attacks, a prevention method focusing on the change of credentials by system calls has been proposed. Because this method is implemented in OS, it requires modication of kernel source code. In addition, the stored credentials may be forged by an attacker. We addressed these problems by implementing the same mechanism (referred to as previous method) in KVM. But the previous method only can detect the change of credentials that occurs during system call and two VMexit added by previous method per system call may lead to large overhead. To address these problems, we set a hook only before system call. The proposal method can detect the change of credentials that occurs outside system call processing. In addition, the overhead can be reduced because additional VMexit is reduced to once. In this paper, we describe the design and implementation of the proposed method and report the evaluation result. ","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"151","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2019論文集"}],"bibliographicPageStart":"144","bibliographicIssueDates":{"bibliographicIssueDate":"2019-10-14","bibliographicIssueDateType":"Issued"},"bibliographicVolumeNumber":"2019"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":201314,"updated":"2025-01-19T21:05:53.755821+00:00","links":{},"created":"2025-01-19T01:04:35.342405+00:00"}