{"title":"利用虚拟机监视器实现系统调用代理对基本服务文件操作的隐藏方法的设计与实现","authors":"Masaya Sato, H. Taniguchi, Toshihiro Yamauchi","doi":"10.1504/IJSSC.2019.100007","DOIUrl":null,"url":null,"abstract":"Security or system management software is essential for keeping systems secure. To deter attacks on essential services, hiding information related to essential services is helpful. This paper describes the design, the implementation, and the evaluation of a method to make files invisible to all services except their corresponding essential services and provides access methods to those files in a virtual machine (VM). In the proposed method, the virtual machine monitor (VMM) monitors the system call, which invoked by an essential process to access essential files, and requests proxy execution to the proxy process on another VM. The VMM returns the result and skips the execution of the original system call on the protection target VM. Thus, access to essential files by the essential service is skipped on the protection target VM, but the essential service can access the file content.","PeriodicalId":43931,"journal":{"name":"International Journal of Space-Based and Situated Computing","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2019-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Design and implementation of hiding method for file manipulation of essential services by system call proxy using virtual machine monitor\",\"authors\":\"Masaya Sato, H. Taniguchi, Toshihiro Yamauchi\",\"doi\":\"10.1504/IJSSC.2019.100007\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security or system management software is essential for keeping systems secure. To deter attacks on essential services, hiding information related to essential services is helpful. This paper describes the design, the implementation, and the evaluation of a method to make files invisible to all services except their corresponding essential services and provides access methods to those files in a virtual machine (VM). In the proposed method, the virtual machine monitor (VMM) monitors the system call, which invoked by an essential process to access essential files, and requests proxy execution to the proxy process on another VM. The VMM returns the result and skips the execution of the original system call on the protection target VM. Thus, access to essential files by the essential service is skipped on the protection target VM, but the essential service can access the file content.\",\"PeriodicalId\":43931,\"journal\":{\"name\":\"International Journal of Space-Based and Situated Computing\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-05-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Space-Based and Situated Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1504/IJSSC.2019.100007\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Space-Based and Situated Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/IJSSC.2019.100007","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Design and implementation of hiding method for file manipulation of essential services by system call proxy using virtual machine monitor
Security or system management software is essential for keeping systems secure. To deter attacks on essential services, hiding information related to essential services is helpful. This paper describes the design, the implementation, and the evaluation of a method to make files invisible to all services except their corresponding essential services and provides access methods to those files in a virtual machine (VM). In the proposed method, the virtual machine monitor (VMM) monitors the system call, which invoked by an essential process to access essential files, and requests proxy execution to the proxy process on another VM. The VMM returns the result and skips the execution of the original system call on the protection target VM. Thus, access to essential files by the essential service is skipped on the protection target VM, but the essential service can access the file content.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
