基于hypervisor的敏感数据泄漏检测器

2018 IEEE International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2018-07-01 DOI:10.1109/QRS.2018.00029

Shu-Hao Chang, S. Mallissery, Chih-Hao Hsieh, Yu-Sung Wu

{"title":"基于hypervisor的敏感数据泄漏检测器","authors":"Shu-Hao Chang, S. Mallissery, Chih-Hao Hsieh, Yu-Sung Wu","doi":"10.1109/QRS.2018.00029","DOIUrl":null,"url":null,"abstract":"Sensitive Data Leakage (SDL) is a major issue faced by organizations due to increasing reliance on data-driven decision-making. Existing Data Leakage Prevention (DLP) solutions are being challenged by the adoption of network transport encryption and the presence of privileged-mode malware designed to tamper with the DLP agent programs. We propose a novel DLP system called \"HyperSweep\" that uses Virtual Machine Memory Introspection (VMI) technology to inspect the memory content of a guest system for sensitive information. The approach is robust against both network transport encryption and malware that attack DLP agent programs. The HyperSweep prototype is implemented on top of the KVM hypervisor. Our experiments have confirmed its applicability to real-world applications, including web browsers, office applications, and social networking applications. The experiments also indicate moderate performance overhead from applying HyperSweep.","PeriodicalId":114973,"journal":{"name":"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Hypervisor-Based Sensitive Data Leakage Detector\",\"authors\":\"Shu-Hao Chang, S. Mallissery, Chih-Hao Hsieh, Yu-Sung Wu\",\"doi\":\"10.1109/QRS.2018.00029\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Sensitive Data Leakage (SDL) is a major issue faced by organizations due to increasing reliance on data-driven decision-making. Existing Data Leakage Prevention (DLP) solutions are being challenged by the adoption of network transport encryption and the presence of privileged-mode malware designed to tamper with the DLP agent programs. We propose a novel DLP system called \\\"HyperSweep\\\" that uses Virtual Machine Memory Introspection (VMI) technology to inspect the memory content of a guest system for sensitive information. The approach is robust against both network transport encryption and malware that attack DLP agent programs. The HyperSweep prototype is implemented on top of the KVM hypervisor. Our experiments have confirmed its applicability to real-world applications, including web browsers, office applications, and social networking applications. The experiments also indicate moderate performance overhead from applying HyperSweep.\",\"PeriodicalId\":114973,\"journal\":{\"name\":\"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)\",\"volume\":\"31 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/QRS.2018.00029\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QRS.2018.00029","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

由于越来越依赖数据驱动的决策，敏感数据泄漏(SDL)是组织面临的一个主要问题。现有的数据泄漏预防(DLP)解决方案正受到网络传输加密的采用和设计用于篡改DLP代理程序的特权模式恶意软件的挑战。我们提出了一种新的DLP系统，称为“hyperssweep”，它使用虚拟机内存自省(VMI)技术来检查客户系统的内存内容以获取敏感信息。该方法对网络传输加密和攻击DLP代理程序的恶意软件都具有鲁棒性。HyperSweep原型是在KVM管理程序之上实现的。我们的实验证实了它对现实世界应用程序的适用性，包括web浏览器、办公应用程序和社交网络应用程序。实验还表明，应用hyperssweep会带来适度的性能开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Hypervisor-Based Sensitive Data Leakage Detector

Sensitive Data Leakage (SDL) is a major issue faced by organizations due to increasing reliance on data-driven decision-making. Existing Data Leakage Prevention (DLP) solutions are being challenged by the adoption of network transport encryption and the presence of privileged-mode malware designed to tamper with the DLP agent programs. We propose a novel DLP system called "HyperSweep" that uses Virtual Machine Memory Introspection (VMI) technology to inspect the memory content of a guest system for sensitive information. The approach is robust against both network transport encryption and malware that attack DLP agent programs. The HyperSweep prototype is implemented on top of the KVM hypervisor. Our experiments have confirmed its applicability to real-world applications, including web browsers, office applications, and social networking applications. The experiments also indicate moderate performance overhead from applying HyperSweep.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 IEEE International Conference on Software Quality, Reliability and Security (QRS)

自引率

0.00%

发文量