Implementation and Evaluation of Communication-Hiding Method by System Call Proxy

Essential services, such as security software or logging software, are considered important because of an increase in attacks on computers. These essential services are provided by processes that sometimes involve file manipulation and communication. Moreover, these essential services can be a targe...

Full description

Saved in:
Bibliographic Details
Published inInternational Journal of Networking and Computing Vol. 9; no. 2; pp. 217 - 238
Main Authors Okuda, Yuuki, Sato, Masaya, Taniguchi, Hideo
Format Journal Article
LanguageEnglish
Published IJNC Editorial Committee 2019
Subjects
Online AccessGet full text

Cover

Loading…
More Information
Summary:Essential services, such as security software or logging software, are considered important because of an increase in attacks on computers. These essential services are provided by processes that sometimes involve file manipulation and communication. Moreover, these essential services can be a target of attacks and become disabled, as they can be an obstacle to attackers. Attackers can speculate essential services by monitoring the behavior of the processes. To avoid such attacks on essential services, methods for hiding their behavior are proposed. The methods use a virtual machine (VM) monitor to make it difficult for attackers to identify essential services by hiding process information and file manipulation.However, the communication information remains visible to attackers. To address this problem, this study proposes a method for hiding the communication of essential services by using a system call proxy. We assume that a process providing essential services (essential process) runs on a protection target VM and a proxy process runs on a proxy VM. In the proposed method, the system calls in the communication invoked by the essential process are executed by the proxy process. The system calls invoked by the proxy process are not executed on the protection target VM; therefore, attackers cannot identify the communication of essential services by monitoring their communication. This paper presents the design, implementation, and evaluation of the proposed method.
ISSN:2185-2839
2185-2847
DOI:10.15803/ijnc.9.2_217