(Short Paper) Evidence Collection and Preservation System with Virtual Machine Monitoring

Toru Nakamura, Hiroshi Ito, Shinsaku Kiyomoto, Toshihiro Yamauchi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In a system audit and verification, it is important to securely collect and preserve evidence of execution environments, execution processes, and program execution results. Evidence-based verification of program processes ensures their authenticity; for example, the processes include no altered/infected program library. This paper proposes a solution for collection of evidence on program libraries based on Virtual Machine Monitor (VMM). The solution can solve semantic gap by obtaining library file path names. This paper also shows a way to obtain hash values of library files from a guest OS. Furthermore, this paper provides examples of evidence on program execution and the overhead of the solution.

Original languageEnglish
Title of host publicationAdvances in Information and Computer Security - 16th International Workshop on Security, IWSEC 2021, Proceedings
EditorsToru Nakanishi, Ryo Nojima
PublisherSpringer Science and Business Media Deutschland GmbH
Pages64-73
Number of pages10
ISBN (Print)9783030859862
DOIs
Publication statusPublished - 2021
Event16th International Workshop on Security, IWSEC 2021 - Virtual, Online
Duration: Sep 8 2021Sep 10 2021

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12835 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference16th International Workshop on Security, IWSEC 2021
CityVirtual, Online
Period9/8/219/10/21

Keywords

  • Forensics
  • OS security
  • Virtual Machine Introspection

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint

Dive into the research topics of '(Short Paper) Evidence Collection and Preservation System with Virtual Machine Monitoring'. Together they form a unique fingerprint.

Cite this