Complicating Process Identification by Replacing Process Information for Attack Avoidance

  • Masaya Sato
  • Toshihiro Yamauchi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8639)


Security-critical software is open to attacks by adversaries that disable its functionality. To decrease the risk, we propose an attack avoidance method for complicating process identification. The proposed method complicates identification based on process information by dynamically replacing the information held by a kernel with dummy information. Replacing process information makes identifying the attack target difficult because adversaries cannot find the attack target by seeking the process information. Implementation of the proposed method with a virtual machine monitor enhances the security of the mechanism itself. Further, by implementing the proposed method with a virtual machine monitor, modification to operating systems and application programs are unnecessary.


Attack avoidance process information virtual machine 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
  3. 3.
  4. 4.
    Jiang, X., Wang, X., Xu, D.: Stealthy Malware Detection Through VMM-Based “Out-of-the-Box” Semantic View Reconstruction. In: Proc. 14th ACM Conference on Computer and Communications Security (CCS 2007), pp. 128–138 (2007)Google Scholar
  5. 5.
    Riley, R., Jiang, X., Xu, D.: Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 1–20. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Fu-Hau, H., Min-Hao, W., Chang-Kuo, T., Chi-Hsien, H., Chieh-Wen, C.: Antivirus Software Shield Against Antivirus Terminators. IEEE Transactions on Information Forensics and Security 7(5), 1439–1447 (2012)CrossRefGoogle Scholar
  7. 7.
    Bahram, S., Jiang, X., Wang, Z., Grace, M., Li, J., Srinivasan, D., Rhee, J., Xu, D.: DKSM: Subverting Virtual Machine Introspection for Fun and Profit. In: 29th IEEE Symposium on Reliable Distributed Systems, pp. 82–91 (2010)Google Scholar
  8. 8.
    Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the Art of Virtualization. SIGOPS Opr. Syst. Rev. 37(5), 164–177 (2003)CrossRefGoogle Scholar
  9. 9.
    Dewan, P., Durham, D., Khosravi, H., Long, M., Nagabhushan, G.: A Hypervisor-Based System for Protecting Software Runtime Memory and Persistent Storage. In: Proc. 2008 Spring Simulation Multiconference (SpringSim 2008), pp. 828–835 (2008)Google Scholar
  10. 10.
    McCune, J.M., Yanlin, L., Nung, Q., Zongwei, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB Reduction and Attestation. In: Proc. 2010 IEEE Symposium on Security and Privacy, pp. 143–158 (2010)Google Scholar
  11. 11.
    Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In: Proc. 21st ACM SIGOPS Symposium on Operating System Principles, pp. 335–350 (2007)Google Scholar
  12. 12.
    Srivastava, A., Giffin, J.: Efficient Protection of Kernel Data Structures via Object Partitioning. In: Proc. 28th Annual Computer Security Application Conference (ACSAC 2012), pp. 429–438 (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Masaya Sato
    • 1
  • Toshihiro Yamauchi
    • 1
  1. 1.Graduate School of Natural Science and TechnologyOkayama UniversityOkayamaJapan

Personalised recommendations