Abstract
Security software or logging programs are frequently attacked because they are an obstruction to attackers. Protecting these essential services from attack is crucial to preventing and mitigating damage. Hiding information related to essential services, such as that of the files and processes, can help to deter attacks on these services. This paper proposes a method of hiding file manipulation for essential services. The method makes the files invisible to all services except their corresponding essential services and provides access methods to those files in a virtual machine (VM) environment. In the proposed method, system calls to those files are executed by a proxy process on the other VM. The original system call is not executed in the operating system of the original VM, however, the result of file access is returned to the original process. Thus, the files of essential services are placed on the other VM and other processes on the original VM cannot access to them. Therefore, the proposed method can prevent or deter identification of essential services based on file information monitoring.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Min, B., Varadharajan, V., Tupakula, U., Hitchens, M.: Antivirus security: naked during updates. Softw. Pract. Exp. 44(10), 1201–1222 (2014)
Grégio, A., Afonso, V., Filho, D., Geus, P., Jino, M.: Toward a taxonomy of malware behaviors. Comput. J. 58(10), 2758–2777 (2015)
Hsu, F.H., Wu, M.H., Tso, C.K., Hsu, C.H., Chen, C.W.: Antivirus software shield against antivirus terminators. IEEE Trans. Inf. Forensics Secur. 7(5), 1439–1447 (2012)
Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Network and Distributed Systems Security Symposium, vol. 3, pp. 191–206 (2003)
Srinivasan, D., Wang, Z., Jiang, X., Xu, D.: Process out-grafting: an efficient “out-of-VM” approach for fine-grained process execution monitoring. In: Proceedings of 18th ACM Conference on Computer and Communications Security, pp. 363–374 (2011)
Sato, M., Yamauchi, T., Taniguchi, H.: Process hiding by virtual machine monitor for attack avoidance. J. Inf. Process. 23(5), 673–682 (2015)
Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: Proceedings of 15th ACM Conference on Computer and Communications Security, pp. 51–62 (2008)
Wang, J., Yu, M., Li, B., Qi, Z., Guan, H.: Hypervisor-based protection of sensitive files in a compromised system. In: Proceedings of 27th Annual ACM Symposium on Applied Computing, pp. 1765–1770 (2012)
Almeshekah, M.H., Spafford, E.H.: Planning and integrating deception into computer security defenses. In: Proceedings of 2014 Workshop on New Security Paradigms Workshop, pp. 127–138 (2014)
Araujo, F., Hamlen, K.W., Biedermann, S., Katzenbeisser, S.: From patches to honey-patches: lightweight attacker misdirection, deception, and disinformation. In: Proceedings of 21st ACM Conference on Computer and Communications Security, pp. 942–953 (2014)
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. ACM SIGOPS Oper. Syst. Rev. 37(5), 164–177 (2003)
Acknowledgments
This work was partially supported by KAKENHI grant numbers JP18K18051 and JP16H02829.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Sato, M., Taniguchi, H., Yamauchi, T. (2019). Hiding File Manipulation of Essential Services by System Call Proxy. In: Barolli, L., Kryvinska, N., Enokido, T., Takizawa, M. (eds) Advances in Network-Based Information Systems. NBiS 2018. Lecture Notes on Data Engineering and Communications Technologies, vol 22. Springer, Cham. https://doi.org/10.1007/978-3-319-98530-5_76
Download citation
DOI: https://doi.org/10.1007/978-3-319-98530-5_76
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-98529-9
Online ISBN: 978-3-319-98530-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)