Improvement and Evaluation of a Function for Tracing the Diffusion of Classified Information on KVM

Hideaki Moriyama; Toshihiro Yamauchi; Masaya Sato; Hideo Taniguchi

doi:10.22667/JISIS.2022.02.28.026

Improvement and Evaluation of a Function for Tracing the Diffusion of Classified Information on KVM

Hideaki Moriyama, Toshihiro Yamauchi, Masaya Sato, Hideo Taniguchi

Research output: Contribution to journal › Article › peer-review

Abstract

The leakage of computerized classified information can cause serious losses for companies and individuals. In a prior work, we addressed this by providing a function for tracing the diffusion of classified information in a guest operating system (OS). However, that method was vulnerable to attack and was tightly coupled to the OS. Hence, in another previous work, we applied the tracing function using a virtual machine monitor that hooks into system calls that handle classified information, allowing us to understand the diffusion path in a more robust and OS-agnostic fashion. However, as the overhead of the tracing function increases, so does the performance degradation of each system call. Hence, in the current research, the processing performance of the tracing function is further analyzed in depth by identifying the processes that cause the large overhead. We find that the performance overhead generated by outputting the diffusion path log is too burdensome. Therefore, improvements are implemented, and the effectiveness of the upgraded performance is described. Ultimately, the log-output overhead problem is improved.

Original language	English
Pages (from-to)	26-43
Number of pages	18
Journal	Journal of Internet Services and Information Security
Volume	12
Issue number	1
DOIs	https://doi.org/10.22667/JISIS.2022.02.28.026
Publication status	Published - Feb 2022

Keywords

Information leak prevention
Performance improvement
Virtual machine monitor

ASJC Scopus subject areas

Computer Science (miscellaneous)
Software
Information Systems
Computer Science Applications
Computer Networks and Communications
Electrical and Electronic Engineering

Access to Document

10.22667/JISIS.2022.02.28.026

Cite this

@article{242758262a7f4538a9a8b055ed779a2e,

title = "Improvement and Evaluation of a Function for Tracing the Diffusion of Classified Information on KVM",

abstract = "The leakage of computerized classified information can cause serious losses for companies and individuals. In a prior work, we addressed this by providing a function for tracing the diffusion of classified information in a guest operating system (OS). However, that method was vulnerable to attack and was tightly coupled to the OS. Hence, in another previous work, we applied the tracing function using a virtual machine monitor that hooks into system calls that handle classified information, allowing us to understand the diffusion path in a more robust and OS-agnostic fashion. However, as the overhead of the tracing function increases, so does the performance degradation of each system call. Hence, in the current research, the processing performance of the tracing function is further analyzed in depth by identifying the processes that cause the large overhead. We find that the performance overhead generated by outputting the diffusion path log is too burdensome. Therefore, improvements are implemented, and the effectiveness of the upgraded performance is described. Ultimately, the log-output overhead problem is improved.",

keywords = "Information leak prevention, Performance improvement, Virtual machine monitor",

author = "Hideaki Moriyama and Toshihiro Yamauchi and Masaya Sato and Hideo Taniguchi",

note = "Funding Information: This work was partially supported by JSPS KAKENHI Grant Numbers 19H04109 and 19K20246. Publisher Copyright: {\textcopyright} 2022, Innovative Information Science and Technology Research Group. All rights reserved.",

year = "2022",

month = feb,

doi = "10.22667/JISIS.2022.02.28.026",

language = "English",

volume = "12",

pages = "26--43",

journal = "Journal of Internet Services and Information Security",

issn = "2182-2069",

publisher = "Innovative Information Science and Technology Research Group",

number = "1",

}

TY - JOUR

T1 - Improvement and Evaluation of a Function for Tracing the Diffusion of Classified Information on KVM

AU - Moriyama, Hideaki

AU - Yamauchi, Toshihiro

AU - Sato, Masaya

AU - Taniguchi, Hideo

N1 - Funding Information: This work was partially supported by JSPS KAKENHI Grant Numbers 19H04109 and 19K20246. Publisher Copyright: © 2022, Innovative Information Science and Technology Research Group. All rights reserved.

PY - 2022/2

Y1 - 2022/2

N2 - The leakage of computerized classified information can cause serious losses for companies and individuals. In a prior work, we addressed this by providing a function for tracing the diffusion of classified information in a guest operating system (OS). However, that method was vulnerable to attack and was tightly coupled to the OS. Hence, in another previous work, we applied the tracing function using a virtual machine monitor that hooks into system calls that handle classified information, allowing us to understand the diffusion path in a more robust and OS-agnostic fashion. However, as the overhead of the tracing function increases, so does the performance degradation of each system call. Hence, in the current research, the processing performance of the tracing function is further analyzed in depth by identifying the processes that cause the large overhead. We find that the performance overhead generated by outputting the diffusion path log is too burdensome. Therefore, improvements are implemented, and the effectiveness of the upgraded performance is described. Ultimately, the log-output overhead problem is improved.

AB - The leakage of computerized classified information can cause serious losses for companies and individuals. In a prior work, we addressed this by providing a function for tracing the diffusion of classified information in a guest operating system (OS). However, that method was vulnerable to attack and was tightly coupled to the OS. Hence, in another previous work, we applied the tracing function using a virtual machine monitor that hooks into system calls that handle classified information, allowing us to understand the diffusion path in a more robust and OS-agnostic fashion. However, as the overhead of the tracing function increases, so does the performance degradation of each system call. Hence, in the current research, the processing performance of the tracing function is further analyzed in depth by identifying the processes that cause the large overhead. We find that the performance overhead generated by outputting the diffusion path log is too burdensome. Therefore, improvements are implemented, and the effectiveness of the upgraded performance is described. Ultimately, the log-output overhead problem is improved.

KW - Information leak prevention

KW - Performance improvement

KW - Virtual machine monitor

UR - http://www.scopus.com/inward/record.url?scp=85126739557&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85126739557&partnerID=8YFLogxK

U2 - 10.22667/JISIS.2022.02.28.026

DO - 10.22667/JISIS.2022.02.28.026

M3 - Article

AN - SCOPUS:85126739557

SN - 2182-2069

VL - 12

SP - 26

EP - 43

JO - Journal of Internet Services and Information Security

JF - Journal of Internet Services and Information Security

IS - 1

ER -

Improvement and Evaluation of a Function for Tracing the Diffusion of Classified Information on KVM

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this