Secure and fast log transfer mechanism for virtual machine

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)

Abstract

Ensuring the integrity of logs is essential to reliably detect and counteract attacks because adversaries tamper with logs to hide their activities on a computer. Even though some studies proposed various protections of log files, adversaries can tamper with logs in kernel space with kernel-level malicious software (malware) because file access and inter-process communication are provided by an OS kernel. Virtual machine introspection (VMI) can collect logs from virtual machines (VMs) without interposition of a kernel. It is difficult for malware to hinder that log collection, because a VM and VM monitor (VMM) are strongly separated. However, complexity and unnecessary performance overhead arise because VMI is not specialized for log collection. This paper proposes a secure and fast log transfer method using library replacement for VMs. In the proposed method, a process on a VM requests a log transfer to a VMM using the modified library, which contains a trigger for a log transfer. The VMM collects logs from the VM and isolate them to another VM. The proposed method provides VM-level log isolation and security for the mechanism itself with low performance overhead.

Original languageEnglish
Pages (from-to)597-608
Number of pages12
JournalJournal of Information Processing
Volume22
Issue number4
DOIs
Publication statusPublished - Oct 1 2014

Keywords

  • Digital forensics
  • Library modification
  • Secure logging
  • Virtual machine

ASJC Scopus subject areas

  • Computer Science(all)

Fingerprint Dive into the research topics of 'Secure and fast log transfer mechanism for virtual machine'. Together they form a unique fingerprint.

Cite this