VMBLS: Virtual machine based logging scheme for prevention of tampering and loss

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Logging information is necessary in order to understand a computer's behavior. However, there is a possibility that attackers will delete logs to hide the evidence of their attacking and cheating. Moreover, various problems might cause the loss of logging information. In homeland security, the plans for counter terrorism are based on data. The reliability of the data is depends on that of data collector. Because the reliability of the data collector is ensured by logs, the protection of it is important problem. To address these issues, we propose a system to prevent tampering and loss of logging information using a virtual machine monitor (VMM). In this system, logging information generated by the operating system (OS) and application program (AP) working on the target virtual machine (VM) is gathered by the VMM without any modification of the OS. The security of the logging information is ensured by its isolation from the VM. In addition, the isolation and multiple copying of logs can help in the detection of tampering.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages176-190
Number of pages15
Volume6908 LNCS
DOIs
Publication statusPublished - 2011
EventIFIP WG 8.4/8.9 International Cross Domain Conference and Workshop on Availability, Reliability and Security for Business, Enterprise and Health Information Systems, ARES 2011 - Vienna, Austria
Duration: Aug 22 2011Aug 26 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6908 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

OtherIFIP WG 8.4/8.9 International Cross Domain Conference and Workshop on Availability, Reliability and Security for Business, Enterprise and Health Information Systems, ARES 2011
CountryAustria
CityVienna
Period8/22/118/26/11

Fingerprint

Virtual Machine
Computer monitors
Computer operating systems
Operating Systems
Isolation
Monitor
Terrorism
Copying
National security
Homeland Security
Application programs
Computer systems
Virtual machine
Target
Necessary

Keywords

  • digital forensics
  • Log
  • security
  • virtual machine monitor
  • virtualization

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Sato, M., & Yamauchi, T. (2011). VMBLS: Virtual machine based logging scheme for prevention of tampering and loss. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6908 LNCS, pp. 176-190). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6908 LNCS). https://doi.org/10.1007/978-3-642-23300-5_14

VMBLS : Virtual machine based logging scheme for prevention of tampering and loss. / Sato, Masaya; Yamauchi, Toshihiro.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 6908 LNCS 2011. p. 176-190 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6908 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Sato, M & Yamauchi, T 2011, VMBLS: Virtual machine based logging scheme for prevention of tampering and loss. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 6908 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6908 LNCS, pp. 176-190, IFIP WG 8.4/8.9 International Cross Domain Conference and Workshop on Availability, Reliability and Security for Business, Enterprise and Health Information Systems, ARES 2011, Vienna, Austria, 8/22/11. https://doi.org/10.1007/978-3-642-23300-5_14
Sato M, Yamauchi T. VMBLS: Virtual machine based logging scheme for prevention of tampering and loss. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 6908 LNCS. 2011. p. 176-190. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-23300-5_14
Sato, Masaya ; Yamauchi, Toshihiro. / VMBLS : Virtual machine based logging scheme for prevention of tampering and loss. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 6908 LNCS 2011. pp. 176-190 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{34a0f214010c4437b88ce7f124dd9f6d,
title = "VMBLS: Virtual machine based logging scheme for prevention of tampering and loss",
abstract = "Logging information is necessary in order to understand a computer's behavior. However, there is a possibility that attackers will delete logs to hide the evidence of their attacking and cheating. Moreover, various problems might cause the loss of logging information. In homeland security, the plans for counter terrorism are based on data. The reliability of the data is depends on that of data collector. Because the reliability of the data collector is ensured by logs, the protection of it is important problem. To address these issues, we propose a system to prevent tampering and loss of logging information using a virtual machine monitor (VMM). In this system, logging information generated by the operating system (OS) and application program (AP) working on the target virtual machine (VM) is gathered by the VMM without any modification of the OS. The security of the logging information is ensured by its isolation from the VM. In addition, the isolation and multiple copying of logs can help in the detection of tampering.",
keywords = "digital forensics, Log, security, virtual machine monitor, virtualization",
author = "Masaya Sato and Toshihiro Yamauchi",
year = "2011",
doi = "10.1007/978-3-642-23300-5_14",
language = "English",
isbn = "9783642232992",
volume = "6908 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "176--190",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - VMBLS

T2 - Virtual machine based logging scheme for prevention of tampering and loss

AU - Sato, Masaya

AU - Yamauchi, Toshihiro

PY - 2011

Y1 - 2011

N2 - Logging information is necessary in order to understand a computer's behavior. However, there is a possibility that attackers will delete logs to hide the evidence of their attacking and cheating. Moreover, various problems might cause the loss of logging information. In homeland security, the plans for counter terrorism are based on data. The reliability of the data is depends on that of data collector. Because the reliability of the data collector is ensured by logs, the protection of it is important problem. To address these issues, we propose a system to prevent tampering and loss of logging information using a virtual machine monitor (VMM). In this system, logging information generated by the operating system (OS) and application program (AP) working on the target virtual machine (VM) is gathered by the VMM without any modification of the OS. The security of the logging information is ensured by its isolation from the VM. In addition, the isolation and multiple copying of logs can help in the detection of tampering.

AB - Logging information is necessary in order to understand a computer's behavior. However, there is a possibility that attackers will delete logs to hide the evidence of their attacking and cheating. Moreover, various problems might cause the loss of logging information. In homeland security, the plans for counter terrorism are based on data. The reliability of the data is depends on that of data collector. Because the reliability of the data collector is ensured by logs, the protection of it is important problem. To address these issues, we propose a system to prevent tampering and loss of logging information using a virtual machine monitor (VMM). In this system, logging information generated by the operating system (OS) and application program (AP) working on the target virtual machine (VM) is gathered by the VMM without any modification of the OS. The security of the logging information is ensured by its isolation from the VM. In addition, the isolation and multiple copying of logs can help in the detection of tampering.

KW - digital forensics

KW - Log

KW - security

KW - virtual machine monitor

KW - virtualization

UR - http://www.scopus.com/inward/record.url?scp=80052329753&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80052329753&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-23300-5_14

DO - 10.1007/978-3-642-23300-5_14

M3 - Conference contribution

AN - SCOPUS:80052329753

SN - 9783642232992

VL - 6908 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 176

EP - 190

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -