Performance Improvement and Evaluation of Function for Tracing Diffusion of Classified Information on KVM

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

As a result of the increasing amounts of classified information being managed by personal computers, leakage of this information to external computers has become a serious problem. To prevent such leakage, we previously proposed a function for tracing the diffusion of classified information in a guest operating system (OS) using a virtual machine monitor (VMM). This function allows determination of the classified information location and information leakage detection without modification of the guest OS source code. In addition, it is more difficult for attacks to target this function, because the VMM is isolated from the guest OS. The tracing function hooks a system call in the guest OS from the VMM and judges whether the hooked system call is related to the diffusion of classified information. However, if the tracing function induces processing of large overheads, introduction of this function may degrade performance. In this paper, we analyze the processing performance of the tracing function in detail, identifying processing involving large overheads. Hence, we determine that the recording overheads for files or processes having the potential to diffuse classified information are especially large. To reduce the influence of the tracing function introduction, it is necessary to reduce these overheads. Therefore, we present a policy for efficient management. Further, we propose an improved tracing function and report on its evaluation.

Original languageEnglish
Title of host publicationProceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages463-468
Number of pages6
Volume2018-January
ISBN (Electronic)9781538620878
DOIs
Publication statusPublished - Apr 23 2018
Event5th International Symposium on Computing and Networking, CANDAR 2017 - Aomori, Japan
Duration: Nov 19 2017Nov 22 2017

Other

Other5th International Symposium on Computing and Networking, CANDAR 2017
CountryJapan
CityAomori
Period11/19/1711/22/17

Keywords

  • information leak prevention
  • virtualization
  • VMM

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Hardware and Architecture

Fingerprint Dive into the research topics of 'Performance Improvement and Evaluation of Function for Tracing Diffusion of Classified Information on KVM'. Together they form a unique fingerprint.

  • Cite this

    Moriyama, H., Yamauchi, T., Sato, M., & Taniguchi, H. (2018). Performance Improvement and Evaluation of Function for Tracing Diffusion of Classified Information on KVM. In Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017 (Vol. 2018-January, pp. 463-468). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CANDAR.2017.91