nach oben

The Journal of Supercomputing

Erschienen in:

01.05.2016

Evaluation and design of function for tracing diffusion of classified information for file operations with KVM

verfasst von: Shota Fujii, Masaya Sato, Toshihiro Yamauchi, Hideo Taniguchi

Erschienen in: The Journal of Supercomputing | Ausgabe 5/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Cases of classified information leakage have become increasingly common. To address this problem, we have proposed a function for tracing the diffusion of classified information within an operating system. However, this function suffers from the following two problems: first, in order to introduce the function, the operating system’s source code must be modified. Second, there is a risk that the function will be disabled when the operating system is attacked. Thus, we have designed a function for tracing the diffusion of classified information in a guest operating system by using a virtual machine monitor. By using a virtual machine monitor, we can introduce the proposed function in various environments without modifying the operating system’s source code. In addition, attacks aimed at the proposed function are made more difficult, because the virtual machine monitor is isolated from the operating system. In this paper, we describe the implementation of the proposed function for file operations and child process creation in the guest operating system with a kernel-based virtual machine. Further, we demonstrate the traceability of diffusing classified information by file operations and child process creation. We also report the logical lines of code required to introduce the proposed function and performance overheads.

Vorheriger Artikel Distributed RDF store for efficient searching billions of triples based on Hadoop

Nächster Artikel Advanced metering infrastructure design and test bed experiment using intelligent agents: focusing on the PLC network base technology for Smart Grid system

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Japan Network Security Association (2008) Information security incident survey report. http://www.jnsa.org/result/incident/data/2008incident_survey_e_v1.0

Tabata T, Hakomori S, Ohashi K, Uemura S, Yokoyama K, Taniguchi H (2009) Tracing classified information diffusion for protecting information leakage. IPSJ J 50(9):2088–2102 (in Japanese)

Nomura Y, Hakomori S, Ohashi K, Yokoyama K, Taniguchi H (2006) Tracing the diffusion of classified information triggered by file open system call. In: Proceedings of the 4th international conference on computing, communications and control technologies (CCCT 2006), pp 312–317

Otsubo N, Uemura S, Yamauchi T, Taniguchi H (2013) Design and evaluation of a diffusion tracing function for classified information among multiple computers. Lecture notes in electrical engineering (LNEE), vol 240, pp 235–242

Yumerefendi AR, Mickle B, Cox LP (2007) Tightlip: keeping applications from spilling the beans. In: Proceedings of the 4th USENIX conference on networked systems design and implementation (NSDI ’07), pp 159–172

Nadkarni A, Enck W (2013) Preventing accidental data disclosure in modern operating systems. In: Proceedings of the 2013 ACM SIGSAC conference on computer and communications security (CCS’13), pp 1029–1042

Isohara T, Takemori K, Miyake Y, Qu N, Perring A (2010) LSM-based secure system monitoring using kernel protection schemes. In: International conference on availability, reliability, and security, (ARES’10), pp 591–596

Junqing W, Miao Y, Bingyu L, Zhengwei Q, Haibing G (2012) Hypervisor-based protection of sensitive files in a compromised system. In: Proceedings of the 27th annual ACM symposium on applied computing (SAC’12), pp 1765–1770

Zhao X, Borders K, Prakash A (2005) Towards protecting sensitive files in a compromised system. In: Proceedings of the third IEEE international security in storage workshop (SISW’05), pp 21–28

10.

KVM. http://www.linux-kvm.org/page/Main_Page

11.

Fujii S, Yamauchi T, Taniguchi H (2015) Design of a function for tracing the diffusion of classified information for file operations with a KVM. In: The 2015 international symposium on advances in computing, communications, security, and applications for future computing (ACSA 2015)

12.

Chen PM, Noble BD (2001) When virtual is better than real. In: Proceedings of the eighth workshop on hot topics in operating systems, pp 133–138

13.

LocMetrics. http://www.locmetrics.com/

14.

Larry M, Carl S (1996) Lmbench: portable tools for performance analysis. In: Proceedings of the 1996 annual conference on USENIX annual technical conference, pp 279–294

15.

Borders K, Zhao X, Prakash A (2006) Securing Sensitive content in a view-only file system. In: Proceedings of the ACM workshop on digital rights management, pp 27–36

16.

David YZ, Jung J, Song D, Kohno T, Wetherall D (2001) TaintEraser: protecting sensitive data leaks using application-level taint tracking. SIGOPS Oper Syst Rev 45(1):142–154

17.

Enck W, Gilbert P, Chun B, Cox LP, Jung J, McDaniel P, Sheth AN (2010) TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX conference on operating systems design and implementation, pp 1–6

18.

Zavou A, Portokalidis G, Keromytis AD (2011) Taint-exchange: a generic system for cross-process and cross-host taint tracking. In: Proceedings of the 6th international conference on advances in information and computer security (IWSEC’11), pp 113–128

19.

Yang Z, Yang M, Zhang Y, Gu G, Ning P, Wang, XS (2013) AppIntent: analyzing sensitive data transmission in android for privacy leakage detection. In: Proceedings of the 2013 ACM SIGSAC conference on computer and communications security (CSS’13), pp 1043–1054

20.

Sakamoto S, Okuda K, Nakatsuka R, Yamauchi T (2014) DroidTrack: tracking and visualizing information diffusion for preventing information leakage on android. J Internet Serv Inf Secur 4(2):55–69

21.

Gordon MI, Kim D, Perkins J, Gilham L, Nguyen N, Rinard M (2015) Information-flow analysis of android applications in droidsafe. In: Proceedings of 22nd annual network and distributed system security symposium (NDSS 2015)

22.

Sato M, Yamauchi T (2012) VMM-based log-tampering and loss detection scheme. JIT 13(4):655–666

23.

Sato M, Yamauchi T (2014) Secure and fast log transfer mechanism for virtual machine. J Inf Process 22(4):597–608

24.

Takada T, Koike H (1999) NIGELOG: protecting logging information by hiding multiple backups in directories. In: Proceedings of the tenth international workshop on database and expert systems applications, pp 874–878

25.

Joo JW, Park JH, Suk SK, Lee DG (2014) LISS: log data integrity support scheme for reliable log analysis of OSP. J Converg 5(2):1–5

26.

Lau B, Chung S, Song C, Jang Y, Lee W, Boldyreva A (2014) Mimesis aegis: a mimicry privacy shield-a system’s approach to data privacy on public cloud. In: Proceedings of 23rd usenix security symposium (USENIX Security 14), pp 33–48

27.

Lee SH, Lee IM (2013) A secure index management scheme for providing data sharing in cloud storage. J Inf Process Syst 9(2):287–300CrossRef

28.

Lee JD, Sin CH, Park JF (2014) PPS-RTBF: privacy protection system for right to be forgotten. J Converg 5(3):37–40CrossRef

Titel: Evaluation and design of function for tracing diffusion of classified information for file operations with KVM
verfasst von: Shota Fujii
Masaya Sato
Toshihiro Yamauchi
Hideo Taniguchi
Publikationsdatum: 01.05.2016
Verlag: Springer US
Erschienen in: The Journal of Supercomputing / Ausgabe 5/2016
Print ISSN: 0920-8542
Elektronische ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-016-1671-5

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 5/2016

Advanced metering infrastructure design and test bed experiment using intelligent agents: focusing on the PLC network base technology for Smart Grid system

A novel heuristic algorithm for IP block mapping onto mesh-based networks-on-chip

Experimental analysis of operating system jitter caused by page reclaim

J2M: a Java to MapReduce translator for cloud computing

Implications of shallower memory controller transaction queues in scalable memory systems

Erratum to: Cloud service ranking as a multi objective optimization problem