Memory access monitoring and disguising of process information to Avoid Attacks to essential services

Masaya Sato; Toshihiro Yamauchi; Hideo Taniguchi

doi:10.1109/CANDAR.2016.89

Memory access monitoring and disguising of process information to Avoid Attacks to essential services

Masaya Sato, Toshihiro Yamauchi, Hideo Taniguchi

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

To prevent attacks on essential software and to mitigate damage, an attack avoiding method that complicates process identification from attackers is proposed. This method complicates the identification of essential services by replacing process information with dummy information. However, this method allows attackers to identify essential processes by detecting changes in process information. To address this problems and provide more complexity to process identification, this paper proposes a memory access monitoring by using a virtual machine monitor. By manipulating the page access permission, a virtual machine monitor detects page access, which includes process information, and replaces it with dummy information. This paper presents the design, implementation, and evaluation of the proposed method.

Original language	English
Title of host publication	Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	635-641
Number of pages	7
ISBN (Electronic)	9781509026555
DOIs	https://doi.org/10.1109/CANDAR.2016.89
Publication status	Published - Jan 13 2017
Event	4th International Symposium on Computing and Networking, CANDAR 2016 - Hiroshima, Japan Duration: Nov 22 2016 → Nov 25 2016

Other

Other	4th International Symposium on Computing and Networking, CANDAR 2016
Country	Japan
City	Hiroshima
Period	11/22/16 → 11/25/16

Keywords

Attack avoidance
Process information
Virtualization

ASJC Scopus subject areas

Computer Science Applications
Hardware and Architecture
Signal Processing
Computer Networks and Communications

Access to Document

10.1109/CANDAR.2016.89

Fingerprint Dive into the research topics of 'Memory access monitoring and disguising of process information to Avoid Attacks to essential services'. Together they form a unique fingerprint.

Cite this

Sato, M., Yamauchi, T., & Taniguchi, H. (2017). Memory access monitoring and disguising of process information to Avoid Attacks to essential services. In Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016 (pp. 635-641). [7818684] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CANDAR.2016.89

Memory access monitoring and disguising of process information to Avoid Attacks to essential services. / Sato, Masaya ; Yamauchi, Toshihiro ; Taniguchi, Hideo.

Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016. Institute of Electrical and Electronics Engineers Inc., 2017. p. 635-641 7818684.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Sato, M , Yamauchi, T & Taniguchi, H 2017, Memory access monitoring and disguising of process information to Avoid Attacks to essential services. in Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016., 7818684, Institute of Electrical and Electronics Engineers Inc., pp. 635-641, 4th International Symposium on Computing and Networking, CANDAR 2016, Hiroshima, Japan, 11/22/16. https://doi.org/10.1109/CANDAR.2016.89

@inproceedings{bd23dfb7c2c34a3b84b46cf2d74ceafc,

title = "Memory access monitoring and disguising of process information to Avoid Attacks to essential services",

abstract = "To prevent attacks on essential software and to mitigate damage, an attack avoiding method that complicates process identification from attackers is proposed. This method complicates the identification of essential services by replacing process information with dummy information. However, this method allows attackers to identify essential processes by detecting changes in process information. To address this problems and provide more complexity to process identification, this paper proposes a memory access monitoring by using a virtual machine monitor. By manipulating the page access permission, a virtual machine monitor detects page access, which includes process information, and replaces it with dummy information. This paper presents the design, implementation, and evaluation of the proposed method.",

keywords = "Attack avoidance, Process information, Virtualization",

author = "Masaya Sato and Toshihiro Yamauchi and Hideo Taniguchi",

year = "2017",

month = jan,

day = "13",

doi = "10.1109/CANDAR.2016.89",

language = "English",

pages = "635--641",

booktitle = "Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

note = "4th International Symposium on Computing and Networking, CANDAR 2016 ; Conference date: 22-11-2016 Through 25-11-2016",

}

TY - GEN

T1 - Memory access monitoring and disguising of process information to Avoid Attacks to essential services

AU - Sato, Masaya

AU - Yamauchi, Toshihiro

AU - Taniguchi, Hideo

PY - 2017/1/13

Y1 - 2017/1/13

N2 - To prevent attacks on essential software and to mitigate damage, an attack avoiding method that complicates process identification from attackers is proposed. This method complicates the identification of essential services by replacing process information with dummy information. However, this method allows attackers to identify essential processes by detecting changes in process information. To address this problems and provide more complexity to process identification, this paper proposes a memory access monitoring by using a virtual machine monitor. By manipulating the page access permission, a virtual machine monitor detects page access, which includes process information, and replaces it with dummy information. This paper presents the design, implementation, and evaluation of the proposed method.

AB - To prevent attacks on essential software and to mitigate damage, an attack avoiding method that complicates process identification from attackers is proposed. This method complicates the identification of essential services by replacing process information with dummy information. However, this method allows attackers to identify essential processes by detecting changes in process information. To address this problems and provide more complexity to process identification, this paper proposes a memory access monitoring by using a virtual machine monitor. By manipulating the page access permission, a virtual machine monitor detects page access, which includes process information, and replaces it with dummy information. This paper presents the design, implementation, and evaluation of the proposed method.

KW - Attack avoidance

KW - Process information

KW - Virtualization

UR - http://www.scopus.com/inward/record.url?scp=85015247451&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85015247451&partnerID=8YFLogxK

U2 - 10.1109/CANDAR.2016.89

DO - 10.1109/CANDAR.2016.89

M3 - Conference contribution

AN - SCOPUS:85015247451

SP - 635

EP - 641

BT - Proceedings - 2016 4th International Symposium on Computing and Networking, CANDAR 2016

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 4th International Symposium on Computing and Networking, CANDAR 2016

Y2 - 22 November 2016 through 25 November 2016

ER -