Journal of Information Processing
Online ISSN : 1882-6652
 
Process Hiding by Virtual Machine Monitor for Attack Avoidance
Masaya SatoToshihiro YamauchiHideo Taniguchi
Author information
JOURNALS FREE ACCESS

2015 Volume 23 Issue 5 Pages 673-682

Details
Abstract

As attacks to computers increase, protective software is developed. However, that software is still open to attacks by adversaries that disable its functionality. If that software is stopped or disabled, the risk of damage to the computer increases. Protections of that software are proposed however existing approaches are insufficient or cannot use those software without modification. To decrease the risk and to address these problems, this paper presents an attack avoidance method that hides process from adversaries who intend to terminate essential services. The proposed method complicates identification based on process information by dynamically replacing the information held by a kernel with dummy information. Replacing process information makes identifying the attack target difficult because adversaries cannot find the attack target by seeking the process information. Implementation of the proposed method with a virtual machine monitor enhances the security of the mechanism itself. Further, by implementing the proposed method with a virtual machine monitor, modification to operating systems is unnecessary.

Information related to the author
© 2015 by the Information Processing Society of Japan
Previous article Next article
feedback
Top