Secure log transfer by replacing a library in a virtual machine

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Ensuring the integrity of logs is essential to reliably detect and counteract attacks, because adversaries tamper with logs to hide their activities on a computer. Even though some research studies proposed different ways to protect log files, adversaries can tamper with logs in kernel space with kernel-level malicious software (malware). In an environment where Virtual Machines (VM) are utilized, VM Introspection (VMI) is capable of collecting logs from VMs. However, VMI is not optimized for log protection and unnecessary overhead is incurred, because VMI does not specialize in log collection. To transfer logs out of a VM securely, we propose a secure log transfer method of replacing a library. In our proposed method, a process on a VM requests a log transfer by using the modified library, which contains a trigger for a log transfer. When a VM Monitor (VMM) detects the trigger, it collects logs from the VM and sends them to another VM. The proposed method provides VM-level log isolation and security for the mechanism itself. This paper describes design, implementation, and evaluation of the proposed method.

Original languageEnglish
Title of host publicationAdvances in Information and Computer Security - 8th International Workshop on Security, IWSEC 2013, Proceedings
Pages1-18
Number of pages18
DOIs
Publication statusPublished - Dec 1 2013
Event8th International Workshop on Security, IWSEC 2013 - Okinawa, Japan
Duration: Nov 18 2013Nov 20 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8231 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other8th International Workshop on Security, IWSEC 2013
CountryJapan
CityOkinawa
Period11/18/1311/20/13

Keywords

  • Log transfer
  • digital forensics
  • log protection
  • virtual machine

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Secure log transfer by replacing a library in a virtual machine'. Together they form a unique fingerprint.

  • Cite this

    Sato, M., & Yamauchi, T. (2013). Secure log transfer by replacing a library in a virtual machine. In Advances in Information and Computer Security - 8th International Workshop on Security, IWSEC 2013, Proceedings (pp. 1-18). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8231 LNCS). https://doi.org/10.1007/978-3-642-41383-4_1