TY - CHAP
T1 - Hiding File Manipulation of Essential Services by System Call Proxy
AU - Sato, Masaya
AU - Taniguchi, Hideo
AU - Yamauchi, Toshihiro
PY - 2019
Y1 - 2019
N2 - Security software or logging programs are frequently attacked because they are an obstruction to attackers. Protecting these essential services from attack is crucial to preventing and mitigating damage. Hiding information related to essential services, such as that of the files and processes, can help to deter attacks on these services. This paper proposes a method of hiding file manipulation for essential services. The method makes the files invisible to all services except their corresponding essential services and provides access methods to those files in a virtual machine (VM) environment. In the proposed method, system calls to those files are executed by a proxy process on the other VM. The original system call is not executed in the operating system of the original VM, however, the result of file access is returned to the original process. Thus, the files of essential services are placed on the other VM and other processes on the original VM cannot access to them. Therefore, the proposed method can prevent or deter identification of essential services based on file information monitoring.
AB - Security software or logging programs are frequently attacked because they are an obstruction to attackers. Protecting these essential services from attack is crucial to preventing and mitigating damage. Hiding information related to essential services, such as that of the files and processes, can help to deter attacks on these services. This paper proposes a method of hiding file manipulation for essential services. The method makes the files invisible to all services except their corresponding essential services and provides access methods to those files in a virtual machine (VM) environment. In the proposed method, system calls to those files are executed by a proxy process on the other VM. The original system call is not executed in the operating system of the original VM, however, the result of file access is returned to the original process. Thus, the files of essential services are placed on the other VM and other processes on the original VM cannot access to them. Therefore, the proposed method can prevent or deter identification of essential services based on file information monitoring.
KW - File access
KW - Security
KW - Virtual machine
UR - http://www.scopus.com/inward/record.url?scp=85061477112&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85061477112&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-98530-5_76
DO - 10.1007/978-3-319-98530-5_76
M3 - Chapter
AN - SCOPUS:85061477112
T3 - Lecture Notes on Data Engineering and Communications Technologies
SP - 853
EP - 863
BT - Lecture Notes on Data Engineering and Communications Technologies
PB - Springer
ER -