Abstract
Security-critical software is open to attacks by adversaries that disable its functionality. To decrease the risk, we propose an attack avoidance method for complicating process identification. The proposed method complicates identification based on process information by dynamically replacing the information held by a kernel with dummy information. Replacing process information makes identifying the attack target difficult because adversaries cannot find the attack target by seeking the process information. Implementation of the proposed method with a virtual machine monitor enhances the security of the mechanism itself. Further, by implementing the proposed method with a virtual machine monitor, modification to operating systems and application programs are unnecessary.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
F-Secure: Agobot, http://www.f-secure.com/v-descs/agobot.shtml
F-Secure: Tornkit, http://www.f-secure.com/v-descs/torn.shtml
Packetstorm: dica.tgz, http://packetstormsecurity.com/files/26243/dica.tgz.html
Jiang, X., Wang, X., Xu, D.: Stealthy Malware Detection Through VMM-Based “Out-of-the-Box” Semantic View Reconstruction. In: Proc. 14th ACM Conference on Computer and Communications Security (CCS 2007), pp. 128–138 (2007)
Riley, R., Jiang, X., Xu, D.: Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 1–20. Springer, Heidelberg (2008)
Fu-Hau, H., Min-Hao, W., Chang-Kuo, T., Chi-Hsien, H., Chieh-Wen, C.: Antivirus Software Shield Against Antivirus Terminators. IEEE Transactions on Information Forensics and Security 7(5), 1439–1447 (2012)
Bahram, S., Jiang, X., Wang, Z., Grace, M., Li, J., Srinivasan, D., Rhee, J., Xu, D.: DKSM: Subverting Virtual Machine Introspection for Fun and Profit. In: 29th IEEE Symposium on Reliable Distributed Systems, pp. 82–91 (2010)
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the Art of Virtualization. SIGOPS Opr. Syst. Rev. 37(5), 164–177 (2003)
Dewan, P., Durham, D., Khosravi, H., Long, M., Nagabhushan, G.: A Hypervisor-Based System for Protecting Software Runtime Memory and Persistent Storage. In: Proc. 2008 Spring Simulation Multiconference (SpringSim 2008), pp. 828–835 (2008)
McCune, J.M., Yanlin, L., Nung, Q., Zongwei, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB Reduction and Attestation. In: Proc. 2010 IEEE Symposium on Security and Privacy, pp. 143–158 (2010)
Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In: Proc. 21st ACM SIGOPS Symposium on Operating System Principles, pp. 335–350 (2007)
Srivastava, A., Giffin, J.: Efficient Protection of Kernel Data Structures via Object Partitioning. In: Proc. 28th Annual Computer Security Application Conference (ACSAC 2012), pp. 429–438 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Sato, M., Yamauchi, T. (2014). Complicating Process Identification by Replacing Process Information for Attack Avoidance. In: Yoshida, M., Mouri, K. (eds) Advances in Information and Computer Security. IWSEC 2014. Lecture Notes in Computer Science, vol 8639. Springer, Cham. https://doi.org/10.1007/978-3-319-09843-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-09843-2_3
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-09842-5
Online ISBN: 978-3-319-09843-2
eBook Packages: Computer ScienceComputer Science (R0)