{"updated":"2025-01-22T00:18:18.183040+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00068208","sets":["1164:3925:6047:6048"]},"path":["6048"],"owner":"10","recid":"68208","title":["準パススルー型VMMのマルウェア検出機能による拡張"],"pubdate":{"attribute_name":"公開日","attribute_value":"2010-02-25"},"_buckets":{"deposit":"dc2ae37c-60ca-424e-b1c1-8e2f21e7beed"},"_deposit":{"id":"68208","pid":{"type":"depid","value":"68208","revision_id":0},"owners":[10],"status":"published","created_by":10},"item_title":"準パススルー型VMMのマルウェア検出機能による拡張","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"準パススルー型VMMのマルウェア検出機能による拡張"},{"subitem_title":"Extension of Parapass-through VMM for Malware Detection","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"マルウェア1","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2010-02-25","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"電気通信大学大学院電気通信学研究科情報工学専攻"},{"subitem_text_value":"電気通信大学大学院電気通信学研究科情報工学専攻"},{"subitem_text_value":"筑波大学大学院システム情報工学研究科コンピュータサイエンス専攻"},{"subitem_text_value":"筑波大学大学院システム情報工学研究科コンピュータサイエンス専攻"},{"subitem_text_value":"筑波大学大学院システム情報工学研究科コンピュータサイエンス専攻"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/68208/files/IPSJ-CSEC10048035.pdf"},"date":[{"dateType":"Available","dateValue":"2012-02-25"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC10048035.pdf","filesize":[{"value":"276.7 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"d1af1d79-0c6c-4736-b4a5-68e9c6565324","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2010 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"TranTruongDucGiang"},{"creatorName":"大山, 恵弘"},{"creatorName":"忠鉢, 洋輔"},{"creatorName":"品川, 高廣"},{"creatorName":"加藤, 和彦"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Tran, TruongDucGiang","creatorNameLang":"en"},{"creatorName":"Yoshihiro, Oyama","creatorNameLang":"en"},{"creatorName":"Yosuke, Chubachi","creatorNameLang":"en"},{"creatorName":"Takahiro, Shinagawa","creatorNameLang":"en"},{"creatorName":"Kazuhiko, Kato","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"仮想マシンモニタ （VMM） を用いたセキュリティ向上は，最近数年の間に非常に良く研究された効果的なアプローチである．BitVisor はストレージデータの暗号化や VPN の構築を含む多様なセキュリティ機能を提供する VMM である．BitVisor は準パススルー型アーキテクチャを用いて構築されている．そのアーキテクチャでは，OS からの大半の I/O アクセスは VMM を通過し，セキュリティ機能を実装するための最小限のアクセスだけが VMM によって捕捉される．そのアーキテクチャは小さいオーバヘッドと Trusted Computing Base（TCB） をもたらす．現在の BitVisor はプライバシーの保護はできるが，マルウェアの検出はできない．そこで本研究では，マルウェア検出機能を準パススルー型 VMM に組み込むための方式を提案する．我々はその方式に基づいて BitVisor の拡張を実装した．その拡張は，データ I/O の中身を，VMM に保存されたマルウェアのシグネチャと比較する．我々は予備実験を行い，その拡張の実行時間オーバヘッドが極めて小さいことを確認した．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Security enhancement using a virtual machine monitor (VMM) is an effective approach studied deeply for the last decade. BitVisor is a VMM that provides various security functionality including encryption of storage data and creation of virtual private networks. BitVisor is implemented using a parapassthrough architecture, in which most of the I/O accesses from the operating system are passed through the VMM, while the minimum accesses necessary to implement security functionality are mediated by the VMM. The architecture brings a small overhead and trusted computing base (TCB). Although the current BitVisor does good work for privacy protection, it lacks functionality for malware detection. In this paper, we propose a scheme for incorporating malware detection functionality into a parapass-through VMM. According to the scheme, we implemented an extension of BitVisor for malware detection. The extension compares the contents of data I/O with malware signatures stored in the VMM. We confirmed through preliminary experiments that the runtime overheads imposed by the extension was extremely small.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"7","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2010-02-25","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"35","bibliographicVolumeNumber":"2010-CSEC-48"}]},"relation_version_is_last":true,"weko_creator_id":"10"},"created":"2025-01-18T23:28:19.252954+00:00","id":68208,"links":{}}