Process hiding by virtual machine monitor for attack avoidance

Research output: Contribution to journalArticle

2 Citations (Scopus)

Abstract

As attacks to computers increase, protective software is developed. However, that software is still open to attacks by adversaries that disable its functionality. If that software is stopped or disabled, the risk of damage to the computer increases. Protections of that software are proposed however existing approaches are insufficient or cannot use those software without modification. To decrease the risk and to address these problems, this paper presents an attack avoidance method that hides process from adversaries who intend to terminate essential services. The proposed method complicates identification based on process information by dynamically replacing the information held by a kernel with dummy information. Replacing process information makes identifying the attack target difficult because adversaries cannot find the attack target by seeking the process information. Implementation of the proposed method with a virtual machine monitor enhances the security of the mechanism itself. Further, by implementing the proposed method with a virtual machine monitor, modification to operating systems is unnecessary.

Original languageEnglish
Pages (from-to)673-682
Number of pages10
JournalJournal of Information Processing
Volume23
Issue number5
DOIs
Publication statusPublished - Sep 15 2015

Fingerprint

Computer monitors
Computer operating systems
Virtual machine

Keywords

  • Attack avoidance
  • Process information
  • Virtual machine

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Process hiding by virtual machine monitor for attack avoidance. / Sato, Masaya; Yamauchi, Toshihiro; Taniguchi, Hideo.

In: Journal of Information Processing, Vol. 23, No. 5, 15.09.2015, p. 673-682.

Research output: Contribution to journalArticle

@article{74a94a7a81fb4143a52e31e7f1201ab8,
title = "Process hiding by virtual machine monitor for attack avoidance",
abstract = "As attacks to computers increase, protective software is developed. However, that software is still open to attacks by adversaries that disable its functionality. If that software is stopped or disabled, the risk of damage to the computer increases. Protections of that software are proposed however existing approaches are insufficient or cannot use those software without modification. To decrease the risk and to address these problems, this paper presents an attack avoidance method that hides process from adversaries who intend to terminate essential services. The proposed method complicates identification based on process information by dynamically replacing the information held by a kernel with dummy information. Replacing process information makes identifying the attack target difficult because adversaries cannot find the attack target by seeking the process information. Implementation of the proposed method with a virtual machine monitor enhances the security of the mechanism itself. Further, by implementing the proposed method with a virtual machine monitor, modification to operating systems is unnecessary.",
keywords = "Attack avoidance, Process information, Virtual machine",
author = "Masaya Sato and Toshihiro Yamauchi and Hideo Taniguchi",
year = "2015",
month = "9",
day = "15",
doi = "10.2197/ipsjjip.23.673",
language = "English",
volume = "23",
pages = "673--682",
journal = "Journal of Information Processing",
issn = "0387-5806",
publisher = "Information Processing Society of Japan",
number = "5",

}

TY - JOUR

T1 - Process hiding by virtual machine monitor for attack avoidance

AU - Sato, Masaya

AU - Yamauchi, Toshihiro

AU - Taniguchi, Hideo

PY - 2015/9/15

Y1 - 2015/9/15

N2 - As attacks to computers increase, protective software is developed. However, that software is still open to attacks by adversaries that disable its functionality. If that software is stopped or disabled, the risk of damage to the computer increases. Protections of that software are proposed however existing approaches are insufficient or cannot use those software without modification. To decrease the risk and to address these problems, this paper presents an attack avoidance method that hides process from adversaries who intend to terminate essential services. The proposed method complicates identification based on process information by dynamically replacing the information held by a kernel with dummy information. Replacing process information makes identifying the attack target difficult because adversaries cannot find the attack target by seeking the process information. Implementation of the proposed method with a virtual machine monitor enhances the security of the mechanism itself. Further, by implementing the proposed method with a virtual machine monitor, modification to operating systems is unnecessary.

AB - As attacks to computers increase, protective software is developed. However, that software is still open to attacks by adversaries that disable its functionality. If that software is stopped or disabled, the risk of damage to the computer increases. Protections of that software are proposed however existing approaches are insufficient or cannot use those software without modification. To decrease the risk and to address these problems, this paper presents an attack avoidance method that hides process from adversaries who intend to terminate essential services. The proposed method complicates identification based on process information by dynamically replacing the information held by a kernel with dummy information. Replacing process information makes identifying the attack target difficult because adversaries cannot find the attack target by seeking the process information. Implementation of the proposed method with a virtual machine monitor enhances the security of the mechanism itself. Further, by implementing the proposed method with a virtual machine monitor, modification to operating systems is unnecessary.

KW - Attack avoidance

KW - Process information

KW - Virtual machine

UR - http://www.scopus.com/inward/record.url?scp=84941553503&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84941553503&partnerID=8YFLogxK

U2 - 10.2197/ipsjjip.23.673

DO - 10.2197/ipsjjip.23.673

M3 - Article

AN - SCOPUS:84941553503

VL - 23

SP - 673

EP - 682

JO - Journal of Information Processing

JF - Journal of Information Processing

SN - 0387-5806

IS - 5

ER -