Performance Improvement and Evaluation of Function for Tracing Diffusion of Classified Information on KVM

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

As a result of the increasing amounts of classified information being managed by personal computers, leakage of this information to external computers has become a serious problem. To prevent such leakage, we previously proposed a function for tracing the diffusion of classified information in a guest operating system (OS) using a virtual machine monitor (VMM). This function allows determination of the classified information location and information leakage detection without modification of the guest OS source code. In addition, it is more difficult for attacks to target this function, because the VMM is isolated from the guest OS. The tracing function hooks a system call in the guest OS from the VMM and judges whether the hooked system call is related to the diffusion of classified information. However, if the tracing function induces processing of large overheads, introduction of this function may degrade performance. In this paper, we analyze the processing performance of the tracing function in detail, identifying processing involving large overheads. Hence, we determine that the recording overheads for files or processes having the potential to diffuse classified information are especially large. To reduce the influence of the tracing function introduction, it is necessary to reduce these overheads. Therefore, we present a policy for efficient management. Further, we propose an improved tracing function and report on its evaluation.

Original languageEnglish
Title of host publicationProceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages463-468
Number of pages6
Volume2018-January
ISBN (Electronic)9781538620878
DOIs
Publication statusPublished - Apr 23 2018
Event5th International Symposium on Computing and Networking, CANDAR 2017 - Aomori, Japan
Duration: Nov 19 2017Nov 22 2017

Other

Other5th International Symposium on Computing and Networking, CANDAR 2017
CountryJapan
CityAomori
Period11/19/1711/22/17

Fingerprint

Computer monitors
Computer operating systems
Processing
Hooks
Personal computers
Computer systems
Virtual machine

Keywords

  • information leak prevention
  • virtualization
  • VMM

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Hardware and Architecture

Cite this

Moriyama, H., Yamauchi, T., Sato, M., & Taniguchi, H. (2018). Performance Improvement and Evaluation of Function for Tracing Diffusion of Classified Information on KVM. In Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017 (Vol. 2018-January, pp. 463-468). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CANDAR.2017.91

Performance Improvement and Evaluation of Function for Tracing Diffusion of Classified Information on KVM. / Moriyama, Hideaki; Yamauchi, Toshihiro; Sato, Masaya; Taniguchi, Hideo.

Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017. Vol. 2018-January Institute of Electrical and Electronics Engineers Inc., 2018. p. 463-468.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Moriyama, H, Yamauchi, T, Sato, M & Taniguchi, H 2018, Performance Improvement and Evaluation of Function for Tracing Diffusion of Classified Information on KVM. in Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017. vol. 2018-January, Institute of Electrical and Electronics Engineers Inc., pp. 463-468, 5th International Symposium on Computing and Networking, CANDAR 2017, Aomori, Japan, 11/19/17. https://doi.org/10.1109/CANDAR.2017.91
Moriyama H, Yamauchi T, Sato M, Taniguchi H. Performance Improvement and Evaluation of Function for Tracing Diffusion of Classified Information on KVM. In Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017. Vol. 2018-January. Institute of Electrical and Electronics Engineers Inc. 2018. p. 463-468 https://doi.org/10.1109/CANDAR.2017.91
Moriyama, Hideaki ; Yamauchi, Toshihiro ; Sato, Masaya ; Taniguchi, Hideo. / Performance Improvement and Evaluation of Function for Tracing Diffusion of Classified Information on KVM. Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017. Vol. 2018-January Institute of Electrical and Electronics Engineers Inc., 2018. pp. 463-468
@inproceedings{e135b7d3a8364098a4c389441d0cfc53,
title = "Performance Improvement and Evaluation of Function for Tracing Diffusion of Classified Information on KVM",
abstract = "As a result of the increasing amounts of classified information being managed by personal computers, leakage of this information to external computers has become a serious problem. To prevent such leakage, we previously proposed a function for tracing the diffusion of classified information in a guest operating system (OS) using a virtual machine monitor (VMM). This function allows determination of the classified information location and information leakage detection without modification of the guest OS source code. In addition, it is more difficult for attacks to target this function, because the VMM is isolated from the guest OS. The tracing function hooks a system call in the guest OS from the VMM and judges whether the hooked system call is related to the diffusion of classified information. However, if the tracing function induces processing of large overheads, introduction of this function may degrade performance. In this paper, we analyze the processing performance of the tracing function in detail, identifying processing involving large overheads. Hence, we determine that the recording overheads for files or processes having the potential to diffuse classified information are especially large. To reduce the influence of the tracing function introduction, it is necessary to reduce these overheads. Therefore, we present a policy for efficient management. Further, we propose an improved tracing function and report on its evaluation.",
keywords = "information leak prevention, virtualization, VMM",
author = "Hideaki Moriyama and Toshihiro Yamauchi and Masaya Sato and Hideo Taniguchi",
year = "2018",
month = "4",
day = "23",
doi = "10.1109/CANDAR.2017.91",
language = "English",
volume = "2018-January",
pages = "463--468",
booktitle = "Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Performance Improvement and Evaluation of Function for Tracing Diffusion of Classified Information on KVM

AU - Moriyama, Hideaki

AU - Yamauchi, Toshihiro

AU - Sato, Masaya

AU - Taniguchi, Hideo

PY - 2018/4/23

Y1 - 2018/4/23

N2 - As a result of the increasing amounts of classified information being managed by personal computers, leakage of this information to external computers has become a serious problem. To prevent such leakage, we previously proposed a function for tracing the diffusion of classified information in a guest operating system (OS) using a virtual machine monitor (VMM). This function allows determination of the classified information location and information leakage detection without modification of the guest OS source code. In addition, it is more difficult for attacks to target this function, because the VMM is isolated from the guest OS. The tracing function hooks a system call in the guest OS from the VMM and judges whether the hooked system call is related to the diffusion of classified information. However, if the tracing function induces processing of large overheads, introduction of this function may degrade performance. In this paper, we analyze the processing performance of the tracing function in detail, identifying processing involving large overheads. Hence, we determine that the recording overheads for files or processes having the potential to diffuse classified information are especially large. To reduce the influence of the tracing function introduction, it is necessary to reduce these overheads. Therefore, we present a policy for efficient management. Further, we propose an improved tracing function and report on its evaluation.

AB - As a result of the increasing amounts of classified information being managed by personal computers, leakage of this information to external computers has become a serious problem. To prevent such leakage, we previously proposed a function for tracing the diffusion of classified information in a guest operating system (OS) using a virtual machine monitor (VMM). This function allows determination of the classified information location and information leakage detection without modification of the guest OS source code. In addition, it is more difficult for attacks to target this function, because the VMM is isolated from the guest OS. The tracing function hooks a system call in the guest OS from the VMM and judges whether the hooked system call is related to the diffusion of classified information. However, if the tracing function induces processing of large overheads, introduction of this function may degrade performance. In this paper, we analyze the processing performance of the tracing function in detail, identifying processing involving large overheads. Hence, we determine that the recording overheads for files or processes having the potential to diffuse classified information are especially large. To reduce the influence of the tracing function introduction, it is necessary to reduce these overheads. Therefore, we present a policy for efficient management. Further, we propose an improved tracing function and report on its evaluation.

KW - information leak prevention

KW - virtualization

KW - VMM

UR - http://www.scopus.com/inward/record.url?scp=85050307254&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85050307254&partnerID=8YFLogxK

U2 - 10.1109/CANDAR.2017.91

DO - 10.1109/CANDAR.2017.91

M3 - Conference contribution

AN - SCOPUS:85050307254

VL - 2018-January

SP - 463

EP - 468

BT - Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017

PB - Institute of Electrical and Electronics Engineers Inc.

ER -