Design of function for tracing diffusion of classified information for IPC on KVM

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

The leaking of information has increased in recent years. To address this problem, we previously proposed a function for tracing the diffusion of classified information in a guest OS using a virtual machine monitor (VMM). This function makes it possible to grasp the location of classified information and detect information leakage without modifying the source codes of the guest OS. The diffusion of classified information is caused by a file operation, child process creation, and inter-process communication (IPC). In a previous study, we implemented the proposed function for a file operation and child process creation excluding IPC using a kernel-based virtual machine (KVM). In this paper, we describe the design of the proposed function for IPC on a KVM without modifying the guest OS. The proposed function traces the local and remote IPCs inside the guest OS from the outside so as to trace the information diffusion. Because IPC with an outside computer might cause information leakage, tracing the IPCs enables the detection of such a leakage. We also report the evaluation results including the traceability and performance of the proposed function.

Original languageEnglish
Pages (from-to)781-792
Number of pages12
JournalJournal of Information Processing
Volume24
Issue number5
DOIs
Publication statusPublished - 2016

Fingerprint

Communication
Virtual machine

Keywords

  • Information leakage prevention
  • Inter-process communication
  • Virtualization

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

@article{f8fdb18013da4f759270acd7bd07e59d,
title = "Design of function for tracing diffusion of classified information for IPC on KVM",
abstract = "The leaking of information has increased in recent years. To address this problem, we previously proposed a function for tracing the diffusion of classified information in a guest OS using a virtual machine monitor (VMM). This function makes it possible to grasp the location of classified information and detect information leakage without modifying the source codes of the guest OS. The diffusion of classified information is caused by a file operation, child process creation, and inter-process communication (IPC). In a previous study, we implemented the proposed function for a file operation and child process creation excluding IPC using a kernel-based virtual machine (KVM). In this paper, we describe the design of the proposed function for IPC on a KVM without modifying the guest OS. The proposed function traces the local and remote IPCs inside the guest OS from the outside so as to trace the information diffusion. Because IPC with an outside computer might cause information leakage, tracing the IPCs enables the detection of such a leakage. We also report the evaluation results including the traceability and performance of the proposed function.",
keywords = "Information leakage prevention, Inter-process communication, Virtualization",
author = "Shota Fujii and Masaya Sato and Toshihiro Yamauchi and Hideo Taniguchi",
year = "2016",
doi = "10.2197/ipsjjip.24.781",
language = "English",
volume = "24",
pages = "781--792",
journal = "Journal of Information Processing",
issn = "0387-5806",
publisher = "Information Processing Society of Japan",
number = "5",

}

TY - JOUR

T1 - Design of function for tracing diffusion of classified information for IPC on KVM

AU - Fujii, Shota

AU - Sato, Masaya

AU - Yamauchi, Toshihiro

AU - Taniguchi, Hideo

PY - 2016

Y1 - 2016

N2 - The leaking of information has increased in recent years. To address this problem, we previously proposed a function for tracing the diffusion of classified information in a guest OS using a virtual machine monitor (VMM). This function makes it possible to grasp the location of classified information and detect information leakage without modifying the source codes of the guest OS. The diffusion of classified information is caused by a file operation, child process creation, and inter-process communication (IPC). In a previous study, we implemented the proposed function for a file operation and child process creation excluding IPC using a kernel-based virtual machine (KVM). In this paper, we describe the design of the proposed function for IPC on a KVM without modifying the guest OS. The proposed function traces the local and remote IPCs inside the guest OS from the outside so as to trace the information diffusion. Because IPC with an outside computer might cause information leakage, tracing the IPCs enables the detection of such a leakage. We also report the evaluation results including the traceability and performance of the proposed function.

AB - The leaking of information has increased in recent years. To address this problem, we previously proposed a function for tracing the diffusion of classified information in a guest OS using a virtual machine monitor (VMM). This function makes it possible to grasp the location of classified information and detect information leakage without modifying the source codes of the guest OS. The diffusion of classified information is caused by a file operation, child process creation, and inter-process communication (IPC). In a previous study, we implemented the proposed function for a file operation and child process creation excluding IPC using a kernel-based virtual machine (KVM). In this paper, we describe the design of the proposed function for IPC on a KVM without modifying the guest OS. The proposed function traces the local and remote IPCs inside the guest OS from the outside so as to trace the information diffusion. Because IPC with an outside computer might cause information leakage, tracing the IPCs enables the detection of such a leakage. We also report the evaluation results including the traceability and performance of the proposed function.

KW - Information leakage prevention

KW - Inter-process communication

KW - Virtualization

UR - http://www.scopus.com/inward/record.url?scp=84987934441&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84987934441&partnerID=8YFLogxK

U2 - 10.2197/ipsjjip.24.781

DO - 10.2197/ipsjjip.24.781

M3 - Article

AN - SCOPUS:84987934441

VL - 24

SP - 781

EP - 792

JO - Journal of Information Processing

JF - Journal of Information Processing

SN - 0387-5806

IS - 5

ER -