Process hiding by virtual machine monitor for attack avoidance

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

As attacks to computers increase, protective software is developed. However, that software is still open to attacks by adversaries that disable its functionality. If that software is stopped or disabled, the risk of damage to the computer increases. Protections of that software are proposed however existing approaches are insufficient or cannot use those software without modification. To decrease the risk and to address these problems, this paper presents an attack avoidance method that hides process from adversaries who intend to terminate essential services. The proposed method complicates identification based on process information by dynamically replacing the information held by a kernel with dummy information. Replacing process information makes identifying the attack target difficult because adversaries cannot find the attack target by seeking the process information. Implementation of the proposed method with a virtual machine monitor enhances the security of the mechanism itself. Further, by implementing the proposed method with a virtual machine monitor, modification to operating systems is unnecessary.

Original languageEnglish
Pages (from-to)673-682
Number of pages10
JournalJournal of Information Processing
Volume23
Issue number5
DOIs
Publication statusPublished - Sep 15 2015

Keywords

  • Attack avoidance
  • Process information
  • Virtual machine

ASJC Scopus subject areas

  • Computer Science(all)

Fingerprint Dive into the research topics of 'Process hiding by virtual machine monitor for attack avoidance'. Together they form a unique fingerprint.

  • Cite this