Abstract
Security software, which is one of the essential services, is considered to be important due to an increase in attacks on computers. The essential services are provided by processes which sometimes involve file manipulation and communication. Also, the essential services can be a target of attacks and be disabled because they can be an obstacle to attackers. Attackers can speculate essential services by monitoring the behavior of the processes. To avoid such attacks on essential services, methods for hiding their behavior are proposed. The methods use a virtual machine (VM) monitor for making it difficult for attackers to identify essential services by hiding process information and file manipulation. However, communication information remains visible to attackers. To address this problem, this study proposes a method for hiding the communication of essential services by using a system call proxy. We assume that a process providing essential services (essential process) runs on a protection target VM and a proxy process runs on a proxy VM. In the proposed method, system calls in the communication invoked by the essential process are executed by the proxy process. The system calls invoked by the proxy process are not executed on the protection target VM; therefore, attackers cannot identify the communication of essential services by monitoring their communication. This paper presents the design, implementation, and evaluation of the proposed method.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.