Evaluation and design of function for tracing diffusion of classified information for file operations with KVM

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

Cases of classified information leakage have become increasingly common. To address this problem, we have proposed a function for tracing the diffusion of classified information within an operating system. However, this function suffers from the following two problems: first, in order to introduce the function, the operating system’s source code must be modified. Second, there is a risk that the function will be disabled when the operating system is attacked. Thus, we have designed a function for tracing the diffusion of classified information in a guest operating system by using a virtual machine monitor. By using a virtual machine monitor, we can introduce the proposed function in various environments without modifying the operating system’s source code. In addition, attacks aimed at the proposed function are made more difficult, because the virtual machine monitor is isolated from the operating system. In this paper, we describe the implementation of the proposed function for file operations and child process creation in the guest operating system with a kernel-based virtual machine. Further, we demonstrate the traceability of diffusing classified information by file operations and child process creation. We also report the logical lines of code required to introduce the proposed function and performance overheads.

Original languageEnglish
Pages (from-to)1-21
Number of pages21
JournalJournal of Supercomputing
DOIs
Publication statusAccepted/In press - Feb 23 2016

Keywords

  • Information leak prevention
  • Semantic gap
  • Virtualization
  • VMM

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software
  • Information Systems
  • Theoretical Computer Science

Fingerprint Dive into the research topics of 'Evaluation and design of function for tracing diffusion of classified information for file operations with KVM'. Together they form a unique fingerprint.

  • Cite this