TY - GEN
T1 - Performance Improvement and Evaluation of Function for Tracing Diffusion of Classified Information on KVM
AU - Moriyama, Hideaki
AU - Yamauchi, Toshihiro
AU - Sato, Masaya
AU - Taniguchi, Hideo
N1 - Funding Information:
This work was partially supported by JSPS KAKENHI Grant Number 16H02829.
Publisher Copyright:
© 2017 IEEE.
PY - 2018/4/23
Y1 - 2018/4/23
N2 - As a result of the increasing amounts of classified information being managed by personal computers, leakage of this information to external computers has become a serious problem. To prevent such leakage, we previously proposed a function for tracing the diffusion of classified information in a guest operating system (OS) using a virtual machine monitor (VMM). This function allows determination of the classified information location and information leakage detection without modification of the guest OS source code. In addition, it is more difficult for attacks to target this function, because the VMM is isolated from the guest OS. The tracing function hooks a system call in the guest OS from the VMM and judges whether the hooked system call is related to the diffusion of classified information. However, if the tracing function induces processing of large overheads, introduction of this function may degrade performance. In this paper, we analyze the processing performance of the tracing function in detail, identifying processing involving large overheads. Hence, we determine that the recording overheads for files or processes having the potential to diffuse classified information are especially large. To reduce the influence of the tracing function introduction, it is necessary to reduce these overheads. Therefore, we present a policy for efficient management. Further, we propose an improved tracing function and report on its evaluation.
AB - As a result of the increasing amounts of classified information being managed by personal computers, leakage of this information to external computers has become a serious problem. To prevent such leakage, we previously proposed a function for tracing the diffusion of classified information in a guest operating system (OS) using a virtual machine monitor (VMM). This function allows determination of the classified information location and information leakage detection without modification of the guest OS source code. In addition, it is more difficult for attacks to target this function, because the VMM is isolated from the guest OS. The tracing function hooks a system call in the guest OS from the VMM and judges whether the hooked system call is related to the diffusion of classified information. However, if the tracing function induces processing of large overheads, introduction of this function may degrade performance. In this paper, we analyze the processing performance of the tracing function in detail, identifying processing involving large overheads. Hence, we determine that the recording overheads for files or processes having the potential to diffuse classified information are especially large. To reduce the influence of the tracing function introduction, it is necessary to reduce these overheads. Therefore, we present a policy for efficient management. Further, we propose an improved tracing function and report on its evaluation.
KW - VMM
KW - information leak prevention
KW - virtualization
UR - http://www.scopus.com/inward/record.url?scp=85050307254&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85050307254&partnerID=8YFLogxK
U2 - 10.1109/CANDAR.2017.91
DO - 10.1109/CANDAR.2017.91
M3 - Conference contribution
AN - SCOPUS:85050307254
T3 - Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017
SP - 463
EP - 468
BT - Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 5th International Symposium on Computing and Networking, CANDAR 2017
Y2 - 19 November 2017 through 22 November 2017
ER -