Hiding File Manipulation of Essential Services by System Call Proxy

Masaya Sato; Hideo Taniguchi; Toshihiro Yamauchi

doi:10.1007/978-3-319-98530-5_76

Hiding File Manipulation of Essential Services by System Call Proxy

Masaya Sato, Hideo Taniguchi, Toshihiro Yamauchi

Research output: Chapter in Book/Report/Conference proceeding › Chapter

1 Citation (Scopus)

Abstract

Security software or logging programs are frequently attacked because they are an obstruction to attackers. Protecting these essential services from attack is crucial to preventing and mitigating damage. Hiding information related to essential services, such as that of the files and processes, can help to deter attacks on these services. This paper proposes a method of hiding file manipulation for essential services. The method makes the files invisible to all services except their corresponding essential services and provides access methods to those files in a virtual machine (VM) environment. In the proposed method, system calls to those files are executed by a proxy process on the other VM. The original system call is not executed in the operating system of the original VM, however, the result of file access is returned to the original process. Thus, the files of essential services are placed on the other VM and other processes on the original VM cannot access to them. Therefore, the proposed method can prevent or deter identification of essential services based on file information monitoring.

Original language	English
Title of host publication	Lecture Notes on Data Engineering and Communications Technologies
Publisher	Springer
Pages	853-863
Number of pages	11
DOIs	https://doi.org/10.1007/978-3-319-98530-5_76
Publication status	Published - 2019

Publication series

Name	Lecture Notes on Data Engineering and Communications Technologies
Volume	22
ISSN (Print)	2367-4512
ISSN (Electronic)	2367-4520

Keywords

File access
Security
Virtual machine

ASJC Scopus subject areas

Media Technology
Electrical and Electronic Engineering
Computer Science Applications
Computer Networks and Communications
Information Systems

Access to Document

10.1007/978-3-319-98530-5_76

Fingerprint Dive into the research topics of 'Hiding File Manipulation of Essential Services by System Call Proxy'. Together they form a unique fingerprint.

Cite this

@inbook{146bd075bb3341e0a4bc500332b8e4dd,

title = "Hiding File Manipulation of Essential Services by System Call Proxy",

abstract = "Security software or logging programs are frequently attacked because they are an obstruction to attackers. Protecting these essential services from attack is crucial to preventing and mitigating damage. Hiding information related to essential services, such as that of the files and processes, can help to deter attacks on these services. This paper proposes a method of hiding file manipulation for essential services. The method makes the files invisible to all services except their corresponding essential services and provides access methods to those files in a virtual machine (VM) environment. In the proposed method, system calls to those files are executed by a proxy process on the other VM. The original system call is not executed in the operating system of the original VM, however, the result of file access is returned to the original process. Thus, the files of essential services are placed on the other VM and other processes on the original VM cannot access to them. Therefore, the proposed method can prevent or deter identification of essential services based on file information monitoring.",

keywords = "File access, Security, Virtual machine",

author = "Masaya Sato and Hideo Taniguchi and Toshihiro Yamauchi",

year = "2019",

doi = "10.1007/978-3-319-98530-5_76",

language = "English",

series = "Lecture Notes on Data Engineering and Communications Technologies",

publisher = "Springer",

pages = "853--863",

booktitle = "Lecture Notes on Data Engineering and Communications Technologies",

}

TY - CHAP

T1 - Hiding File Manipulation of Essential Services by System Call Proxy

AU - Sato, Masaya

AU - Taniguchi, Hideo

AU - Yamauchi, Toshihiro

PY - 2019

Y1 - 2019

N2 - Security software or logging programs are frequently attacked because they are an obstruction to attackers. Protecting these essential services from attack is crucial to preventing and mitigating damage. Hiding information related to essential services, such as that of the files and processes, can help to deter attacks on these services. This paper proposes a method of hiding file manipulation for essential services. The method makes the files invisible to all services except their corresponding essential services and provides access methods to those files in a virtual machine (VM) environment. In the proposed method, system calls to those files are executed by a proxy process on the other VM. The original system call is not executed in the operating system of the original VM, however, the result of file access is returned to the original process. Thus, the files of essential services are placed on the other VM and other processes on the original VM cannot access to them. Therefore, the proposed method can prevent or deter identification of essential services based on file information monitoring.

AB - Security software or logging programs are frequently attacked because they are an obstruction to attackers. Protecting these essential services from attack is crucial to preventing and mitigating damage. Hiding information related to essential services, such as that of the files and processes, can help to deter attacks on these services. This paper proposes a method of hiding file manipulation for essential services. The method makes the files invisible to all services except their corresponding essential services and provides access methods to those files in a virtual machine (VM) environment. In the proposed method, system calls to those files are executed by a proxy process on the other VM. The original system call is not executed in the operating system of the original VM, however, the result of file access is returned to the original process. Thus, the files of essential services are placed on the other VM and other processes on the original VM cannot access to them. Therefore, the proposed method can prevent or deter identification of essential services based on file information monitoring.

KW - File access

KW - Security

KW - Virtual machine

UR - http://www.scopus.com/inward/record.url?scp=85061477112&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85061477112&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-98530-5_76

DO - 10.1007/978-3-319-98530-5_76

M3 - Chapter

AN - SCOPUS:85061477112

T3 - Lecture Notes on Data Engineering and Communications Technologies

SP - 853

EP - 863

BT - Lecture Notes on Data Engineering and Communications Technologies

PB - Springer

ER -