Top

Published in:

2019 | OriginalPaper | Chapter

Hiding File Manipulation of Essential Services by System Call Proxy

Authors : Masaya Sato, Hideo Taniguchi, Toshihiro Yamauchi

Published in: Advances in Network-Based Information Systems

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Security software or logging programs are frequently attacked because they are an obstruction to attackers. Protecting these essential services from attack is crucial to preventing and mitigating damage. Hiding information related to essential services, such as that of the files and processes, can help to deter attacks on these services. This paper proposes a method of hiding file manipulation for essential services. The method makes the files invisible to all services except their corresponding essential services and provides access methods to those files in a virtual machine (VM) environment. In the proposed method, system calls to those files are executed by a proxy process on the other VM. The original system call is not executed in the operating system of the original VM, however, the result of file access is returned to the original process. Thus, the files of essential services are placed on the other VM and other processes on the original VM cannot access to them. Therefore, the proposed method can prevent or deter identification of essential services based on file information monitoring.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter A Meeting Log Structuring System Using Wearable Sensors

next chapter Evaluation of Broadcasting System for Selective Contents Considering Interruption Time

Min, B., Varadharajan, V., Tupakula, U., Hitchens, M.: Antivirus security: naked during updates. Softw. Pract. Exp. 44(10), 1201–1222 (2014)CrossRef

Grégio, A., Afonso, V., Filho, D., Geus, P., Jino, M.: Toward a taxonomy of malware behaviors. Comput. J. 58(10), 2758–2777 (2015)CrossRef

Hsu, F.H., Wu, M.H., Tso, C.K., Hsu, C.H., Chen, C.W.: Antivirus software shield against antivirus terminators. IEEE Trans. Inf. Forensics Secur. 7(5), 1439–1447 (2012)CrossRef

Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Network and Distributed Systems Security Symposium, vol. 3, pp. 191–206 (2003)

Srinivasan, D., Wang, Z., Jiang, X., Xu, D.: Process out-grafting: an efficient “out-of-VM” approach for fine-grained process execution monitoring. In: Proceedings of 18th ACM Conference on Computer and Communications Security, pp. 363–374 (2011)

Sato, M., Yamauchi, T., Taniguchi, H.: Process hiding by virtual machine monitor for attack avoidance. J. Inf. Process. 23(5), 673–682 (2015)

Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: Proceedings of 15th ACM Conference on Computer and Communications Security, pp. 51–62 (2008)

Wang, J., Yu, M., Li, B., Qi, Z., Guan, H.: Hypervisor-based protection of sensitive files in a compromised system. In: Proceedings of 27th Annual ACM Symposium on Applied Computing, pp. 1765–1770 (2012)

Almeshekah, M.H., Spafford, E.H.: Planning and integrating deception into computer security defenses. In: Proceedings of 2014 Workshop on New Security Paradigms Workshop, pp. 127–138 (2014)

10.

Araujo, F., Hamlen, K.W., Biedermann, S., Katzenbeisser, S.: From patches to honey-patches: lightweight attacker misdirection, deception, and disinformation. In: Proceedings of 21st ACM Conference on Computer and Communications Security, pp. 942–953 (2014)

11.

Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. ACM SIGOPS Oper. Syst. Rev. 37(5), 164–177 (2003)CrossRef

Title: Hiding File Manipulation of Essential Services by System Call Proxy
Authors: Masaya Sato
Hideo Taniguchi
Toshihiro Yamauchi
Publisher: Springer International Publishing
Book: Advances in Network-Based Information Systems
Print ISBN: 978-3-319-98529-9

Electronic ISBN: 978-3-319-98530-5

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-319-98530-5_76

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner