Evaluation and design of function for tracing diffusion of classified information for file operations with KVM

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

Cases of classified information leakage have become increasingly common. To address this problem, we have proposed a function for tracing the diffusion of classified information within an operating system. However, this function suffers from the following two problems: first, in order to introduce the function, the operating system’s source code must be modified. Second, there is a risk that the function will be disabled when the operating system is attacked. Thus, we have designed a function for tracing the diffusion of classified information in a guest operating system by using a virtual machine monitor. By using a virtual machine monitor, we can introduce the proposed function in various environments without modifying the operating system’s source code. In addition, attacks aimed at the proposed function are made more difficult, because the virtual machine monitor is isolated from the operating system. In this paper, we describe the implementation of the proposed function for file operations and child process creation in the guest operating system with a kernel-based virtual machine. Further, we demonstrate the traceability of diffusing classified information by file operations and child process creation. We also report the logical lines of code required to introduce the proposed function and performance overheads.

Original languageEnglish
Pages (from-to)1-21
Number of pages21
JournalJournal of Supercomputing
DOIs
Publication statusAccepted/In press - Feb 23 2016

Fingerprint

Tracing
Operating Systems
Evaluation
Virtual Machine
Computer operating systems
Computer monitors
Monitor
Design
Traceability
Leakage
Attack
kernel
Virtual machine
Line
Demonstrate

Keywords

  • Information leak prevention
  • Semantic gap
  • Virtualization
  • VMM

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software
  • Information Systems
  • Theoretical Computer Science

Cite this

@article{aa9b27fb582647099c506e364ce0b1a4,
title = "Evaluation and design of function for tracing diffusion of classified information for file operations with KVM",
abstract = "Cases of classified information leakage have become increasingly common. To address this problem, we have proposed a function for tracing the diffusion of classified information within an operating system. However, this function suffers from the following two problems: first, in order to introduce the function, the operating system’s source code must be modified. Second, there is a risk that the function will be disabled when the operating system is attacked. Thus, we have designed a function for tracing the diffusion of classified information in a guest operating system by using a virtual machine monitor. By using a virtual machine monitor, we can introduce the proposed function in various environments without modifying the operating system’s source code. In addition, attacks aimed at the proposed function are made more difficult, because the virtual machine monitor is isolated from the operating system. In this paper, we describe the implementation of the proposed function for file operations and child process creation in the guest operating system with a kernel-based virtual machine. Further, we demonstrate the traceability of diffusing classified information by file operations and child process creation. We also report the logical lines of code required to introduce the proposed function and performance overheads.",
keywords = "Information leak prevention, Semantic gap, Virtualization, VMM",
author = "Shota Fujii and Masaya Sato and Toshihiro Yamauchi and Hideo Taniguchi",
year = "2016",
month = "2",
day = "23",
doi = "10.1007/s11227-016-1671-5",
language = "English",
pages = "1--21",
journal = "Journal of Supercomputing",
issn = "0920-8542",
publisher = "Springer Netherlands",

}

TY - JOUR

T1 - Evaluation and design of function for tracing diffusion of classified information for file operations with KVM

AU - Fujii, Shota

AU - Sato, Masaya

AU - Yamauchi, Toshihiro

AU - Taniguchi, Hideo

PY - 2016/2/23

Y1 - 2016/2/23

N2 - Cases of classified information leakage have become increasingly common. To address this problem, we have proposed a function for tracing the diffusion of classified information within an operating system. However, this function suffers from the following two problems: first, in order to introduce the function, the operating system’s source code must be modified. Second, there is a risk that the function will be disabled when the operating system is attacked. Thus, we have designed a function for tracing the diffusion of classified information in a guest operating system by using a virtual machine monitor. By using a virtual machine monitor, we can introduce the proposed function in various environments without modifying the operating system’s source code. In addition, attacks aimed at the proposed function are made more difficult, because the virtual machine monitor is isolated from the operating system. In this paper, we describe the implementation of the proposed function for file operations and child process creation in the guest operating system with a kernel-based virtual machine. Further, we demonstrate the traceability of diffusing classified information by file operations and child process creation. We also report the logical lines of code required to introduce the proposed function and performance overheads.

AB - Cases of classified information leakage have become increasingly common. To address this problem, we have proposed a function for tracing the diffusion of classified information within an operating system. However, this function suffers from the following two problems: first, in order to introduce the function, the operating system’s source code must be modified. Second, there is a risk that the function will be disabled when the operating system is attacked. Thus, we have designed a function for tracing the diffusion of classified information in a guest operating system by using a virtual machine monitor. By using a virtual machine monitor, we can introduce the proposed function in various environments without modifying the operating system’s source code. In addition, attacks aimed at the proposed function are made more difficult, because the virtual machine monitor is isolated from the operating system. In this paper, we describe the implementation of the proposed function for file operations and child process creation in the guest operating system with a kernel-based virtual machine. Further, we demonstrate the traceability of diffusing classified information by file operations and child process creation. We also report the logical lines of code required to introduce the proposed function and performance overheads.

KW - Information leak prevention

KW - Semantic gap

KW - Virtualization

KW - VMM

UR - http://www.scopus.com/inward/record.url?scp=84959178114&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84959178114&partnerID=8YFLogxK

U2 - 10.1007/s11227-016-1671-5

DO - 10.1007/s11227-016-1671-5

M3 - Article

SP - 1

EP - 21

JO - Journal of Supercomputing

JF - Journal of Supercomputing

SN - 0920-8542

ER -