Complicating process identification by replacing process information for attack avoidance

Research output: Contribution to journalArticle

Abstract

Security-critical software is open to attacks by adversaries that disable its functionality. To decrease the risk, we propose an attack avoidance method for complicating process identification. The proposed method complicates identification based on process information by dynamically replacing the information held by a kernel with dummy information. Replacing process information makes identifying the attack target difficult because adversaries cannot find the attack target by seeking the process information. Implementation of the proposed method with a virtual machine monitor enhances the security of the mechanism itself. Further, by implementing the proposed method with a virtual machine monitor, modification to operating systems and application programs are unnecessary.

Original languageEnglish
Pages (from-to)33-47
Number of pages15
JournalLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8639 LNCS
DOIs
Publication statusPublished - 2014

Fingerprint

Attack
Computer monitors
Computer operating systems
Application programs
Virtual Machine
Monitor
Target
Operating Systems
Virtual machine
kernel
Decrease
Software

Keywords

  • Attack avoidance
  • process information
  • virtual machine

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

@article{b5a0a00036b74aa28206186268585def,
title = "Complicating process identification by replacing process information for attack avoidance",
abstract = "Security-critical software is open to attacks by adversaries that disable its functionality. To decrease the risk, we propose an attack avoidance method for complicating process identification. The proposed method complicates identification based on process information by dynamically replacing the information held by a kernel with dummy information. Replacing process information makes identifying the attack target difficult because adversaries cannot find the attack target by seeking the process information. Implementation of the proposed method with a virtual machine monitor enhances the security of the mechanism itself. Further, by implementing the proposed method with a virtual machine monitor, modification to operating systems and application programs are unnecessary.",
keywords = "Attack avoidance, process information, virtual machine",
author = "Masaya Sato and Toshihiro Yamauchi",
year = "2014",
doi = "10.1007/978-3-319-09843-2_3",
language = "English",
volume = "8639 LNCS",
pages = "33--47",
journal = "Lecture Notes in Computer Science",
issn = "0302-9743",
publisher = "Springer Verlag",

}

TY - JOUR

T1 - Complicating process identification by replacing process information for attack avoidance

AU - Sato, Masaya

AU - Yamauchi, Toshihiro

PY - 2014

Y1 - 2014

N2 - Security-critical software is open to attacks by adversaries that disable its functionality. To decrease the risk, we propose an attack avoidance method for complicating process identification. The proposed method complicates identification based on process information by dynamically replacing the information held by a kernel with dummy information. Replacing process information makes identifying the attack target difficult because adversaries cannot find the attack target by seeking the process information. Implementation of the proposed method with a virtual machine monitor enhances the security of the mechanism itself. Further, by implementing the proposed method with a virtual machine monitor, modification to operating systems and application programs are unnecessary.

AB - Security-critical software is open to attacks by adversaries that disable its functionality. To decrease the risk, we propose an attack avoidance method for complicating process identification. The proposed method complicates identification based on process information by dynamically replacing the information held by a kernel with dummy information. Replacing process information makes identifying the attack target difficult because adversaries cannot find the attack target by seeking the process information. Implementation of the proposed method with a virtual machine monitor enhances the security of the mechanism itself. Further, by implementing the proposed method with a virtual machine monitor, modification to operating systems and application programs are unnecessary.

KW - Attack avoidance

KW - process information

KW - virtual machine

UR - http://www.scopus.com/inward/record.url?scp=84907337831&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84907337831&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-09843-2_3

DO - 10.1007/978-3-319-09843-2_3

M3 - Article

AN - SCOPUS:84907337831

VL - 8639 LNCS

SP - 33

EP - 47

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

SN - 0302-9743

ER -