TY - GEN
T1 - (Short Paper) Evidence Collection and Preservation System with Virtual Machine Monitoring
AU - Nakamura, Toru
AU - Ito, Hiroshi
AU - Kiyomoto, Shinsaku
AU - Yamauchi, Toshihiro
N1 - Funding Information:
Acknowledgements. This work was partially supported by JSPS KAKENHI Grant Numbers 19H04109 and 19H05579.
Publisher Copyright:
© 2021, Springer Nature Switzerland AG.
PY - 2021
Y1 - 2021
N2 - In a system audit and verification, it is important to securely collect and preserve evidence of execution environments, execution processes, and program execution results. Evidence-based verification of program processes ensures their authenticity; for example, the processes include no altered/infected program library. This paper proposes a solution for collection of evidence on program libraries based on Virtual Machine Monitor (VMM). The solution can solve semantic gap by obtaining library file path names. This paper also shows a way to obtain hash values of library files from a guest OS. Furthermore, this paper provides examples of evidence on program execution and the overhead of the solution.
AB - In a system audit and verification, it is important to securely collect and preserve evidence of execution environments, execution processes, and program execution results. Evidence-based verification of program processes ensures their authenticity; for example, the processes include no altered/infected program library. This paper proposes a solution for collection of evidence on program libraries based on Virtual Machine Monitor (VMM). The solution can solve semantic gap by obtaining library file path names. This paper also shows a way to obtain hash values of library files from a guest OS. Furthermore, this paper provides examples of evidence on program execution and the overhead of the solution.
KW - Forensics
KW - OS security
KW - Virtual Machine Introspection
UR - http://www.scopus.com/inward/record.url?scp=85115234297&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85115234297&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-85987-9_4
DO - 10.1007/978-3-030-85987-9_4
M3 - Conference contribution
AN - SCOPUS:85115234297
SN - 9783030859862
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 64
EP - 73
BT - Advances in Information and Computer Security - 16th International Workshop on Security, IWSEC 2021, Proceedings
A2 - Nakanishi, Toru
A2 - Nojima, Ryo
PB - Springer Science and Business Media Deutschland GmbH
T2 - 16th International Workshop on Security, IWSEC 2021
Y2 - 8 September 2021 through 10 September 2021
ER -