Authorship：Lead author   Language：Japanese   Publishing type：Research paper (scientific journal)  

Most conventional digital forensic methods are designed to target hard disk drives, making them ineffective at detecting in-memory malware. In addition, in order to prevent a target system from changing the evidence on hard disk drives, it is necessary to shut down the system or stop its processing, reducing system availability. In this paper, we propose a live forensic method using process duplication to maintain high system availability. The proposed method duplicates the virtual address space of a target process for investigation, and obtains the relevant evidence from the duplicate. By reducing the occurrence of memory copy in the duplication process, it is possible to detect in-memory malware while retaining system availability. We describe the effectiveness of the proposed method, and furthermore, evaluate and report on the delay time when this method is applied to a periodically executing process.

CiNii Article

CiNii Books

researchmap

Authorship：Lead author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG  

Copyright © 2017 The Institute of Electronics, Information and Communication Engineers. Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited using a dangling pointer that refers to a freed memory. In particular, large-scale programs such as browsers often include many dangling pointers, and UAF vulnerabilities are frequently exploited by drive-by download attacks. Various methods to prevent UAF attacks have been proposed. However, only a few methods can effectively prevent UAF attacks during runtime with low overhead. In this paper, we propose HeapRevolver, which is a novel UAF attackpreventionmethod that delays and randomizes the timing of release of freed memory area by using a memory-reuse-prohibited library, which prohibits a freed memory area from being reused for a certain period. The first condition for reuse is that the total size of the freed memory area is beyond the designated size. The threshold for the conditions of reuse of the freed memory area can be randomized by HeapRevolver. Furthermore, we add a second condition for reuse in which the freed memory area is merged with an adjacent freed memory area before release. Furthermore, HeapRevolver can be applied without modifying the target programs. In this paper, we describe the design and implementation of HeapRevolver in Linux and Windows, and report its evaluation results. The results show that HeapRevolver can prevent attacks that exploit existing UAF vulnerabilities. In addition, the overhead is small.

DOI： 10.1587/transinf.2016INP0020

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/journals/ieicet/ieicet100d.html#YamauchiIB17

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)  

DOI： 10.1007/978-981-99-8024-6_12

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (scientific journal)  

DOI： 10.2197/ipsjjip.31.788

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)  

DOI： 10.1145/3630202.3630222

researchmap

Authorship：Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)  

DOI： 10.1109/CANDAR60563.2023.00029

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)  

DOI： 10.1109/CANDARW60564.2023.00052

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)  

DOI： 10.1109/CANDARW60564.2023.00055

researchmap

Authorship：Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)  

DOI： 10.1109/CANDARW60564.2023.00051

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (scientific journal)  

DOI： 10.1587/transinf.2022ICP0013

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (scientific journal)   Publisher：Information Processing Society of Japan  

DOI： 10.2197/ipsjjip.31.578

researchmap

Language：English   Publishing type：Research paper (scientific journal)   Publisher：Institute of Electronics, Information and Communications Engineers (IEICE)  

DOI： 10.1587/transinf.2022ICP0004

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)  

A privilege escalation attack by memory corruption based on kernel vulnerability has been reported as a security threat to operating systems. Kernel address layout randomization (KASLR) randomizes kernel code and data placement on the kernel memory section for attack mitigation. However, a privilege escalation attack will succeed because the kernel data of privilege information is identified during a user process execution in a running kernel. In this paper, we propose a kernel data relocation mechanism (KDRM) that dynamically relocates privilege information in the running kernel to mitigate privilege escalation attacks using memory corruption. The KDRM provides multiple relocation-only pages in the kernel. The KDRM selects one of the relocation-only pages and moves the privilege information to the relocation-only pages when the system call is invoked. This allows the virtual address of the privilege information to change by dynamically relocating for a user process. The evaluation results confirmed that privilege escalation attacks by user processes on Linux could be prevented with KDRM. As a performance evaluation, we showed that the overhead of issuing a system call was up to 149.67%, and the impact on the kernel performance score was 2.50%, indicating that the impact on the running kernel can be negligible.

DOI： 10.1007/978-3-031-39828-5_4

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/nss/nss2023.html#KuzunoY23

Language：English   Publishing type：Research paper (scientific journal)   Publisher：IJNC Editorial Committee  

DOI： 10.15803/ijnc.13.2_273

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)  

The industrial Ethernet PROFINET supports three different data transmission modes: isochronous real-time (IRT), real-time (RT), and non real-time (NRT) transmitting data requiring hard, soft, and no real-time performances, respectively. The data transmission latency in the NRT increased with the amount of data transmission in the IRT, RT, and NRT. Therefore, the quality of data transmission in NRT may degrade as the amount of data transmission in IRT, RT, and NRT increases. In this study, we derived the average data transmission latency in an NRT with data transmission in IRT and RT by applying stochastic processes. This allowed us to maintain the quality of data transmission in the NRT by adjusting the number of devices connected to the network and the number of applications transmitting data in the NRT so that the average latency of data in the NRT does not exceed a certain value.

DOI： 10.1109/ICCCI59363.2023.10210171

Scopus

researchmap

Authorship：Last author,　Corresponding author   Language：Japanese   Publishing type：Research paper (scientific journal)  

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)  

Vulnerable kernel codes are a threat to an operating system kernel. An adversary’s user process can forcefully invoke a vulnerable kernel code to cause privilege escalation or denial of service (DoS). Although service providers or security operators have to determine the effect of kernel vulnerabilities on their environment to decide the kernel updating, the list of vulnerable kernel codes are not provided from the common vulnerabilities and exposures (CVE) report. It is difficult to identify the vulnerable kernel codes from the exploitation result of the kernel which indicates the account information or the kernel suspension. To identify the details of kernel vulnerabilities, this study proposes a vulnerable kernel code tracer (vkTracer), which employs an alternative viewpoint using proof-of-concept (PoC) code to create a profile of kernel vulnerability. vkTracer traces the user process of the PoC code and the running kernel to hook the invocation of the vulnerable kernel codes. Moreover, vkTracer extracts the whole kernel component’s information using the running and static kernel image and debug section. The evaluation results indicated that vkTracer could trace PoC code executions (e.g., privilege escalation and DoS), identify vulnerable kernel codes, and generate kernel vulnerability profiles. Furthermore, the implementation of vkTracer revealed that the identification overhead ranged from 5.2683 s to 5.2728 s on the PoC codes and the acceptable system call latency was 3.7197 μ s.

DOI： 10.1007/978-3-031-25659-2_16

Scopus

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (scientific journal)   Publisher：Information Processing Society of Japan  

DOI： 10.2197/ipsjjip.30.796

researchmap

Publishing type：Research paper (scientific journal)  

DOI： 10.1587/transinf.2022PAF0001

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (scientific journal)   Publisher：Information Processing Society of Japan  

DOI： 10.2197/ipsjjip.30.807

researchmap

Authorship：Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

DOI： 10.1109/CANDARW57323.2022.00069

researchmap

Authorship：Corresponding author   Language：Japanese   Publishing type：Research paper (scientific journal)  

DOI： 10.20729/00220078

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (scientific journal)  

DOI： 10.2197/ipsjjip.30.563

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (scientific journal)  

DOI： 10.2197/ipsjjip.30.601

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)  

The kernel data of an operating system kernel can be modified through memory corruption by exploiting kernel vulnerabilities. Memory corruption allows privilege escalation and defeats security mechanisms. The kernel control flow integrity verifies and guarantees the order of invoking kernel codes. The kernel address space layout randomization randomizes the virtual address layout of the kernel code and data. The additional kernel observer focuses on the unintended privilege modifications to restore the original privileges. However, these existing security mechanisms do not prevent writing to the kernel data. Therefore, kernel data can be overwritten by exploiting kernel vulnerabilities. Additionally, privilege escalation and the defeat of security mechanisms are possible. We propose a kernel data protection mechanism (KDPM), which is a novel security design that restricts the writing of specific kernel data. This mechanism protects privileged information and the security mechanism to overcome the limitations of existing approaches. The KDPM adopts a memory protection key (MPK) to control the write restriction of kernel data. The KDPM with the MPK ensures that the writing of privileged information for user processes is dynamically restricted during the invocation of specific system calls. To prevent the security mechanisms from being defeated, the KDPM dynamically restricts the writing of kernel data related to the mandatory access control during the execution of specific kernel codes. Further, the KDPM is implemented on the latest Linux with an MPK emulator. We also evaluated the possibility of preventing the writing of privileged information. The KDPM showed an acceptable performance cost, measured by the overhead, which was from 2.96% to 9.01% of system call invocations, whereas the performance load on the MPK operations was 22.1 ns to 1347.9 ns.

DOI： 10.1007/978-3-031-15255-9_4

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/iwsec/iwsec2022.html#KuzunoY22

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)  

DOI： 10.1007/978-3-031-15255-9_5

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/iwsec/iwsec2022.html#FujiiKSY22

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)  

DOI： 10.1109/IIAIAAI55812.2022.00028

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/iiaiaai/iiaiaai2022.html#FujiiKKSY22

Authorship：Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)  

DOI： 10.1109/IIAIAAI55812.2022.00031

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/iiaiaai/iiaiaai2022.html#SatoNYT22

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)  

Keycloak is identity and access control open-source software. When used for open banking, where many OAuth 2.0 clients need to be managed and a different OAuth 2.0-based security profile needs to be applied to each type of API, the problem of increasing managerial costs by the Keycloak administrator occurs because Keycloak's security profile logic depends on the client settings, and the logic cannot be changed for each client's request. This paper proposes its solution by separating the security profile logic from the client settings, and by changing the security profile for each client's request based on the content of the request, and actual security profiles Financial-grade API (FAPI) are implemented to Keycloak. The paper calculates managerial costs in both the existing and proposed methods in scenarios managing FAPI, and compares the results. The comparison shows that using the proposed method reduces costs. Our implementations are contributed to Keycloak.

DOI： 10.18420/OID2022_07

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/openidentity/openidentity2022.html#NorimatsuNY22

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)  

DOI： 10.1007/978-3-030-99587-4_40

researchmap

Authorship：Corresponding author   Language：English   Publishing type：Research paper (scientific journal)  

The leakage of computerized classified information can cause serious losses for companies and individuals. In a prior work, we addressed this by providing a function for tracing the diffusion of classified information in a guest operating system (OS). However, that method was vulnerable to attack and was tightly coupled to the OS. Hence, in another previous work, we applied the tracing function using a virtual machine monitor that hooks into system calls that handle classified information, allowing us to understand the diffusion path in a more robust and OS-agnostic fashion. However, as the overhead of the tracing function increases, so does the performance degradation of each system call. Hence, in the current research, the processing performance of the tracing function is further analyzed in depth by identifying the processes that cause the large overhead. We find that the performance overhead generated by outputting the diffusion path log is too burdensome. Therefore, improvements are implemented, and the effectiveness of the upgraded performance is described. Ultimately, the log-output overhead problem is improved.

DOI： 10.22667/JISIS.2022.02.28.026

Scopus

researchmap

Authorship：Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

DOI： 10.1109/CANDARW53999.2021.00066

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/ic-nc/candar2021w.html#OtaniOYMST21

Authorship：Last author,　Corresponding author   Language：Japanese   Publishing type：Research paper (scientific journal)  

One of the methods to attack mobile devices is redirecting a user to unwanted websites. To the best of our knowledge, there is no method to generate a blacklist that focuses on such attacks. Therefore, we propose a method to generate a blacklist for mobile devices by searching malicious websites. To detect new malicious websites, this method collects HTML files from the webspace using a crawler and searches for HTML files highly likely to be malicious using keywords extracted from known malicious websites. In the evaluation, we performed detection experiments with the blacklist generated by the proposed method using the demonstration experiment data. The evaluation results showed that the generated blacklist detects malicious websites used in attacks of redirecting a user to unwanted websites with few false positives. In addition, new malicious websites were discovered using the generated blacklist; furthermore, we describe an analysis of attacks of redirecting a user to unwanted websites.

DOI： 10.20729/00212759

CiNii Article

CiNii Books

J-GLOBAL

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：Springer International Publishing  

An operating system (OS) comprises a mechanism for sharing the kernel address space with each user process. An adversary’s user process compromises the OS kernel through memory corruption, exploiting the kernel vulnerability. It overwrites the kernel code related to security features or the kernel data containing privilege information. Process-local memory and system call isolation divide one kernel address space into multiple kernel address spaces. While user processes create their own kernel address space, these methods leave the kernel code vulnerable. Further, an adversary’s user process can involve malicious code that elevates from user mode to kernel mode. Herein, we propose the kernel page restriction mechanism (KPRM), which is a novel security design that prohibits vulnerable kernel code execution and prevents writing to the kernel data from an adversary’s user process. The KPRM dynamically unmaps the kernel page of vulnerable kernel code and attack target kernel data from the kernel address space. This removes the reference of the unmapped kernel page from the kernel page table at the system call invocation. The KPRM achieves that an adversary’s user process can not employ the reference of unmapped kernel page to exploit the kernel through vulnerable kernel code on the running kernel. We implemented KPRM on the latest Linux kernel and showed that it successfully thwarts actual proof-of-concept kernel vulnerability attacks that may cause kernel memory corruption. In addition, the KPRM performance results indicated limited kernel processing overhead in software benchmarks and a low impact on user applications.

DOI： 10.1007/978-3-030-85987-9_3

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/iwsec/iwsec2021.html#KuzunoY21

Authorship：Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：Springer  

Physical memory capacity has increased owing to large-scale integration. In addition, memory footprints have increased in size, as multiple programs are executed on a single computer. Many operating systems manage physical memory by paging a 4 KB page. Therefore, the number of entries in the virtual address translation table for virtual to physical increases along with the size of the memory footprints. This cause a decrease in the translation lookaside buffer (TLB) hit ratio, resulting in the performance degradation of the application. To address this problem, we propose the implementation of physical memory management with two page sizes: 4 KB and 4 MB. This allows us to expand range of addresses to be translated by a single TLB entry, thereby improving the TLB hit rate. This paper describes the design and implementation of the physical memory management mechanism that manages physical memory using two page sizes on The ENduring operating system for Distributed EnviRonment (OS). Our results showed that when the page size is 4 MB, the processing time of the memory allocation can be reduced by as much as approximately 99.7%, and the processing time for process creation can be reduced by as much as approximately 51%, and the processing time of the memory operation could be reduced by as much as 91.9%.

DOI： 10.1007/978-3-030-84913-9_22

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/nbis/nbis2021.html#KusunokiYT21

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：Springer International Publishing  

In a system audit and verification, it is important to securely collect and preserve evidence of execution environments, execution processes, and program execution results. Evidence-based verification of program processes ensures their authenticity; for example, the processes include no altered/infected program library. This paper proposes a solution for collection of evidence on program libraries based on Virtual Machine Monitor (VMM). The solution can solve semantic gap by obtaining library file path names. This paper also shows a way to obtain hash values of library files from a guest OS. Furthermore, this paper provides examples of evidence on program execution and the overhead of the solution.

DOI： 10.1007/978-3-030-85987-9_4

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/iwsec/iwsec2021.html#NakamuraIKY21

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (scientific journal)   Publisher：Institute of Electrical and Electronics Engineers ({IEEE})  

Operating systems adopt kernel protection methods (e.g., mandatory access control, kernel address space layout randomization, control flow integrity, and kernel page table isolation) as essential countermeasures to reduce the likelihood of kernel vulnerability attacks. However, kernel memory corruption can still occur via the execution of malicious kernel code at the kernel layer. This is because the vulnerable kernel code and the attack target kernel code or kernel data are located in the same kernel address space. To gain complete control of a host, adversaries focus on kernel code invocations, such as function pointers that rely on the starting points of the kernel protection methods. To mitigate such subversion attacks, this paper presents multiple kernel memory (MKM), which employs an alternative design for kernel address space separation. The MKM mechanism focuses on the isolation granularity of the kernel address space during each execution of the kernel code. MKM provides two kernel address spaces, namely, i) the trampoline kernel address space, which acts as the gateway feature between user and kernel modes and ii) the security kernel address space, which utilizes the localization of the kernel protection methods (i.e., kernel observation). Additionally, MKM achieves the encapsulation of the vulnerable kernel code to prevent access to the kernel code invocations of the separated kernel address space. The evaluation results demonstrated that MKM can protect the kernel code and kernel data from a proof-of-concept kernel vulnerability that could lead to kernel memory corruption. In addition, the performance results of MKM indicate that the system call overhead latency ranges from 0.020 μs to 0.5445 μs , while the web application benchmark ranges from 196.27 μs to 6, 685.73 μs for each download access of 100,000 Hypertext Transfer Protocol sessions. MKM attained a 97.65% system benchmark score and a 99.76% kernel compilation time.

DOI： 10.1109/ACCESS.2021.3101452

Web of Science

Scopus

researchmap

Authorship：Lead author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)  

researchmap

Authorship：Corresponding author   Language：Japanese   Publishing type：Research paper (scientific journal)  

In the recent cloud computing environment, many short-lived processes are created, a method of realizing a service by mutual cooperation of these processes has been attracting attention. Therefore, speeding up the process creation is very important. Tender OS, thus, proposes a mechanism for fast process creation and deletion. The proposed mechanism involves the recycling of process resources. However, the proposed mechanism cannot recycle process resources during process creation if the stored process resources are not adequate. Stored process resources may increase monotonically if they are not recycled for process creation, which in turn can cause memory starvation. This paper, therefore, proposes a resource pooling function for addressing the these problems. In addition to the function for resource recycling, the resource pooling function incorporates the resource creation function and the resource reduction function. Furthermore, this paper reports the effectiveness of the resource pooling function in terms of processing time efficiency and memory usage.

CiNii Article

CiNii Books

J-GLOBAL

researchmap

Authorship：Corresponding author   Language：English   Publishing type：Research paper (scientific journal)   Publisher：Advances in Intelligent Systems and Computing  

© 2021, Springer Nature Switzerland AG. The increasing amount of classified information currently being managed by personal computers has resulted in the leakage of such information to external computers, which is a major problem. To prevent such leakage, we previously proposed a function for tracing the diffusion of classified information in a guest operating system (OS) using a virtual machine monitor (VMM). The tracing function hooks a system call in the guest OS from the VMM, and acquiring the information. By analyzing the information on the VMM side, the tracing function makes it possible to notify the user of the diffusion of classified information. However, this function has a problem in that the administrator of the computer platform cannot grasp the transition of the diffusion of classified processes or file information. In this paper, we present the solution to this problem and report on its evaluation.

DOI： 10.1007/978-3-030-57811-4_32

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/nbis/nbis2020.html#MoriyamaYST20

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (scientific journal)   Publisher：Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)  

© Springer Nature Switzerland AG 2020. The number of malware detected has been increasing annually, and 4.12% of malware reported in 2018 attacked Android phones. Therefore, preventing attacks by Android malware is critically important. Several previous studies have investigated the percentage of apps that utilize accessibility services and are distributed from Google Play, that have been reportedly used by Android malware. However, the Social Networking Services (SNSs) that are used to spread malware have distributed apps not only from Google Play but also from other sources. Therefore, apps distributed from within and outside of Google Play must be investigated to capture malware trends. In this study, we collected apps shared on Twitter in 2018, which is a representative SNS, and created a Twitter shared apps dataset. The dataset consists of 32,068 apps downloaded from the websites of URLs collected on Twitter. We clarified the proportion of apps that contained malware and proportion of apps utilizing accessibility services. We found that both, the percentage of malware and percentage of total apps using accessibility services have been increasing. Notably, the percentages of malware and un-suspicious apps using accessibility services were quite similar. Therefore, this problem cannot be solved by automatically blocking all apps that use accessibility services. Hence, specific countermeasures against malware using accessibility services will be increasingly important for online security in the future.

DOI： 10.1007/978-3-030-65299-9_8

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/wisa/wisa2020.html#IchiokaPMNY20

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

© 2020 IEEE. As mobile devices have become more popular, mal-ware and attacks directed at them have significantly increased. One of the methods to attack mobile devices is redirecting a user to unwanted websites by unwanted page transition. One of the countermeasures against such attacks is to generate a blacklist of URLs and hostnames, which can prevent access to malicious websites. To generate a blacklist, first, malicious websites are collected in the web space. Then, URLs and hostnames of the malicious websites are added to the blacklist. However, URLs of the malicious websites are typically changed frequently; thus, it is necessary to keep track of the malicious websites and update the blacklist in a timely manner. In this study, we proposed a method to generate blacklists for mobile devices by searching malicious websites. The method collects many HTML files from the web space using a crawler and searches for HTML files that are highly likely to be malicious using keywords extracted from the known malicious websites to discover the new ones. Thus, new malicious websites can be added to the blacklist in a timely manner. Using the proposed method, we discovered malicious websites that were not detected by Google Safe Browsing. Moreover, the blacklist generated using the method had a high detection rate for certain malicious websites. This paper reports the design process and the results of the evaluation of the new method.

DOI： 10.1109/CANDARW51189.2020.00070

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/ic-nc/candar2020w.html#IshiharaSY20

Authorship：Last author,　Corresponding author   Language：Japanese   Publishing type：Research paper (scientific journal)  

Privilege escalation attacks that exploit operating system vulnerabilities can cause significant damage to the associated systems. We previously proposed an additional kernel observer (AKO), a prevention method that focuses on modifying process privileges by system calls. AKO verifies the modification in process privilege data and monitors the modification in privilege data by storing them in the kernel stack before processing the system call. However, if an attacker identifies the storage location of privilege data in the kernel stack and alters both process privilege data and privilege data in the kernel stack while the system call is being processed, AKO can be bypassed. Hence, in this paper, we propose a new method for preventing privilege escalation attacks in the 64-bit ARM environment as well as AKO for protecting mobile devices and IoT devices. To address the issues of AKO, the new method protects the stored privilege data employing the ARM TrustZone technology. In this paper, the new method's design, implementation, and evaluation results are described. In the evaluation, we performed a privilege escalation attack detection experiment using an exploit code and measured performance of system calls and applications. The evaluation results showed that protection by attack detection was successful and the performance degradation due to this method was limited.

CiNii Article

CiNii Books

researchmap

Authorship：Last author,　Corresponding author   Language：Japanese   Publishing type：Research paper (scientific journal)  

Application of SELinux involves incorporating a general security policy that permits redundant privileges for individual systems. Hence, we previously proposed a method that eliminates redundant policies from the general policy. However, the said method cannot be applied when there is no policy source file or policies include an attribute that is not supported. During eliminating policies period, the log of access permitted by a particular policy is continually produced as an output, and the associated overhead is large. Furthermore, redundant policies in the base module cannot be eliminated. To address these issues, we propose a new method that extends the previously proposed method. The new method involves the processing of files written in SELinux CIL (an intermediate language) for eliminating redundant policies. Additionally, the new method considers attributes and eliminates policies with fine granularity. The overhead is reduced by eliminating the auditallow statement associated with the policy once converted to the policy format from the policy. Furthermore, by replacing the typeattributeset statement, redundant policies can be eliminated without modifying the base module. In this study, the effectiveness of our method is demonstrated through evaluation of policy elimination and through an attack prevention experiment by incorporating the vulnerabilities in Apache Struts2.

CiNii Article

CiNii Books

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：Springer  

© Springer Nature Switzerland AG 2020. Countermeasures against kernel vulnerability attacks on an operating system (OS) are highly important kernel features. Some kernels adopt several kernel protection methods such as mandatory access control, kernel address space layout randomization, control flow integrity, and kernel page table isolation; however, kernel vulnerabilities can still be exploited to execute attack codes and corrupt kernel memory. To accomplish this, adversaries subvert kernel protection methods and invoke these kernel codes to avoid administrator privileges restrictions and gain complete control of the target host. To prevent such subversion, we present Multiple Kernel Memory (MKM), which offers a novel security mechanism using an alternative design for kernel memory separation that was developed to reduce the kernel attack surface and mitigate the effects of illegal data manipulation in the kernel memory. The proposed MKM is capable of isolating kernel memory and dedicates the trampoline page table for a gateway of page table switching and the security page table for kernel protection methods. The MKM encloses the vulnerable kernel code in the kernel page table. The MKM mechanism achieves complete separation of the kernel code execution range of the virtual address space on each page table. It ensures that vulnerable kernel code does not interact with different page tables. Thus, the page table switching of the trampoline and the kernel protection methods of the security page tables are protected from vulnerable kernel code in other page tables. An evaluation of MKM indicates that it protects the kernel code and data on the trampoline and security page tables from an actual kernel vulnerabilities that lead to kernel memory corruption. In addition, the performance results show that the overhead is 0.020 $$\mu $$s to 0.5445 $$\mu $$s, in terms of the system call latency and the application overhead average is 196.27 $$\mu $$s to 6,685.73 $$\mu $$s, for each download access of 100,000 Hypertext Transfer Protocol sessions.

DOI： 10.1007/978-3-030-58208-1_6

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/iwsec/iwsec2020.html#KuzunoY20

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (scientific journal)   Publisher：IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG  

Copyright © 2020 The Institute of Electronics, Information and Communication Engineers. Countermeasures against attacks targeting an operating system are highly effective in preventing security compromises caused by kernel vulnerability. An adversary uses such attacks to overwrite credential information, thereby overcoming security features through arbitrary program execution. CPU features such as Supervisor Mode Access Prevention, Supervisor Mode Execution Prevention and the No eXecute bit facilitate access permission control and data execution in virtual memory. Additionally, Linux reduces actual attacks through kernel vulnerability affects via several protection methods including Kernel Address Space Layout Randomization, Control Flow Integrity, and Kernel Page Table Isolation. Although the combination of these methods can mitigate attacks as kernel vulnerability relies on the interaction between the user and the kernel modes, kernel virtual memory corruption can still occur (e.g., the eBPF vulnerability allows malicious memory overwriting only in the kernel mode). We present the Kernel Memory Observer (KMO), which has a secret observation mechanism to monitor kernel virtual memory. KMO is an alternative design for virtual memory can detect illegal data manipulation/writing in the kernel virtual memory. KMO determines kernel virtual memory corruption, inspects system call arguments, and forcibly unmaps the direct mapping area. An evaluation of KMO reveals that it can detect kernel virtual memory corruption that contains the defeating security feature through actual kernel vulnerabilities. In addition, the results indicate that the system call overhead latency ranges from 0.002 μs to 8.246 μs, and the web application benchmark ranges from 39.70 μs to 390.52 μs for each HTTP access, whereas KMO reduces these overheads by using tag-based Translation Lookaside Buffers.

DOI： 10.1587/transinf.2019ICP0011

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/journals/ieicetd/ieicetd103.html#KuzunoY20

Authorship：Last author,　Corresponding author   Language：Japanese   Publishing type：Research paper (scientific journal)  

JavaScript code used by web-based attacks is usually protected by some anti-analysis techniques such as obfuscation or cloaking in order to hide its intent or avoid detection. Analyzing such code becomes an urgent task to counter cyber attacks. Therefore, we propose an analysis support system for anti-analysis JavaScript code. The proposed system comprehensively monitors browser API operations and outputs API operation logs for helping analyst's understanding the behavior of code. By using Proxy objects to capture API operations, the proposed system successfuly monitors API operations that could not be captured completely by existing methods. In addition, by replacing variable references, it is able to comprementally monitor API operations for non-replaceable APIs. In this paper, we describe the concept of the proposed system and the implementation of analysis method. We also report the result of analyzing anti-analysis JavaScript codes as an evaluation.

CiNii Article

CiNii Books

researchmap

Authorship：Lead author,　Corresponding author   Language：Japanese  

researchmap

Authorship：Lead author   Language：Japanese   Publishing type：Research paper (scientific journal)  

A specialized operating system (OS) can provide some order-made service efficiently. However, development of the specialized OS takes a large amount of cost (e.g., device driver, file management functions). Thus, it is important to reduce the cost. In this paper, we describe a method for introducing the specialized OS and Linux run independently in multicore processors, and the specialized OS uses Linux file I/O functions. This paper describes the design and the implementation of the proposed method for AnT operating system as the specialized OS, and reports the evaluation results of the proposed method.

CiNii Article

CiNii Books

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：Springer  

© Springer Nature Switzerland AG, 2019. Kernel vulnerability attacks may allow attackers to execute arbitrary program code and achieve privilege escalation through credential overwriting, thereby avoiding security features. Major Linux protection methods include Kernel Address Space Layout Randomization, Control Flow Integrity, and Kernel Page Table Isolation. All of these mitigate kernel vulnerability affects and actual attacks. In addition, the No eXecute bit, Supervisor Mode Access Prevention, and Supervisor Mode Execution Prevention are CPU features for managing access permission and data execution in virtual memory. Although combinations of these methods can reduce the attack availability of kernel vulnerability based on the interaction between the user and kernel modes, kernel virtual memory corruption is still possible (e.g., the eBPF vulnerability executes the attack code only in the kernel mode). To monitor kernel virtual memory, we present the Kernel Memory Observer (KMO), which has a secret inspection mechanism and offers an alternative design for virtual memory. It allows the detection of illegal data manipulation/writing in the kernel virtual memory. KMO identifies the kernel virtual memory corruption, monitors system call arguments, and enables unmapping from the direct mapping area. An evaluation of our method indicates that it can detect the actual kernel vulnerabilities leading to kernel virtual memory corruption. In addition, the results show that the overhead is 0.038 $$\upmu $$ s to 2.505 $$\upmu $$ s in terms of system call latency, and the application benchmark is 371.0 $$\upmu $$ s to 1,990.0 $$\upmu $$ s for 100,000 HTTP accesses.

DOI： 10.1007/978-3-030-34339-2_5

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/ispec/ispec2019.html#KuzunoY19

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

© 2019 IEEE. As mobile devices have become more popular, mobile web browsing has surpassed desktop browser use and the number of mobile malware cases has increased. The methods of infiltrating Android devices with malware include malvertising and scams. Android users can access websites via web browsers and Android apps using WebView, which displays web content inside an app without redirecting users to web browsers. However, WebView is vulnerable to cyberattacks and the security mechanisms are not sufficient to prevent all attacks. In this study, to analyze web access threats via WebView, we investigated web access to malicious websites against Android mobile devices. In particular, we focused on fake virus alerts. To monitor web access for threat analysis, we improved the WebView Monitor [1] to capture all web access via Android WebView. In particular, we analyzed the mechanism of displaying a fake virus alert while browsing websites on Android.

DOI： 10.1109/CANDAR.2019.00012

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/ic-nc/candar2019.html#ImamuraOCMLSY19

Authorship：Corresponding author   Language：Japanese   Publishing type：Research paper (scientific journal)  

DOI： 10.14923/transinfj.2018JDP7035

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：Springer  

© 2019, Springer Nature Switzerland AG. WebView is commonly used by applications on the Android OS. Given that WebView is used as a browsing component on applications, they can be attacked via the web. Existing security mechanisms mainly focus on web browsers; hence, securing WebView is an important challenge. We proposed and implemented a method for preventing suspicious web access in Android WebView. Attackers distribute their malicious content including malicious applications, potentially unwanted programs, and coin miners, by inserting contents into a web page. Because loading malicious content involves HTTP communication, our proposed method monitors HTTP communication by WebView and blocks suspicious web accesses. To apply the proposed method to widely used applications, we implemented our method inside WebView. We also evaluated the proposed method with some popular applications and confirmed that the method can block designated web content without impeding the functionality of applications.

DOI： 10.1007/978-3-030-26834-3_14

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/iwsec/iwsec2019.html#SatoIOY19

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (scientific journal)   Publisher：INDERSCIENCE ENTERPRISES LTD  

Security or system management software is essential for keeping systems secure. To deter attacks on essential services, hiding information related to essential services is helpful. This paper describes the design, the implementation, and the evaluation of a method to make files invisible to all services except their corresponding essential services and provides access methods to those files in a virtual machine (VM). In the proposed method, the virtual machine monitor (VMM) monitors the system call, which invoked by an essential process to access essential files, and requests proxy execution to the proxy process on another VM. The VMM returns the result and skips the execution of the original system call on the protection target VM. Thus, access to essential files by the essential service is skipped on the protection target VM, but the essential service can access the file content.

DOI： 10.1504/IJSSC.2019.100007

Web of Science

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Part of collection (book)   Publisher：Springer  

© 2019, Springer Nature Switzerland AG. Security software or logging programs are frequently attacked because they are an obstruction to attackers. Protecting these essential services from attack is crucial to preventing and mitigating damage. Hiding information related to essential services, such as that of the files and processes, can help to deter attacks on these services. This paper proposes a method of hiding file manipulation for essential services. The method makes the files invisible to all services except their corresponding essential services and provides access methods to those files in a virtual machine (VM) environment. In the proposed method, system calls to those files are executed by a proxy process on the other VM. The original system call is not executed in the operating system of the original VM, however, the result of file access is returned to the original process. Thus, the files of essential services are placed on the other VM and other processes on the original VM cannot access to them. Therefore, the proposed method can prevent or deter identification of essential services based on file information monitoring.

DOI： 10.1007/978-3-319-98530-5_76

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/nbis/nbis2018.html#SatoTY18

Authorship：Last author,　Corresponding author   Language：Japanese   Publishing type：Research paper (scientific journal)  

In microkernel operating systems (OSes), some parts of OS functions are implemented as processes, which called OS server. For this reason, OS functions can be distributed by placing OS servers to multiple processors. However, it is difficult to reduce the response time of a processing request from an application program (AP) to an OS server. This is due to invocation of multiple inter server communication for processing requests. In addition, an interface of processing requests from AP to OS servers is blocking in most cases. Hence, a processing request is forced to be done successively even though multiple processing are concurrently executable and related OS servers are independent. In this paper, we propose a batch process request function with blocking interface to request multiple processing to OS servers at one time. We also present evaluation results of basic performance, and distributed processing by the proposed function can reduce the response time for a service consists of multiple processing.

CiNii Article

CiNii Books

researchmap

Authorship：Lead author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

© 2018 IEEE. In recent years, there has been an increase in attacks that exploit operating system vulnerabilities. In particular, if an administrator's privilege is acquired by an attacker through a privilege escalation attack, the attacker can operate the entire system and the system can suffer serious damage. In this paper, an additional kernel observer (AKO) method is proposed. It prevents privilege escalation attacks that exploit operating system vulnerabilities. We focus on the fact that a process privilege can be changed only by specific system calls. AKO monitors privilege information changes during system call processing. If AKO detects a privilege change after system call processing, whereby the invoked system call does not originally change the process privilege, AKO regards the change as a privilege escalation attack and applies countermeasures against it. In this paper, we describe the design and implementation of AKO for Linux x86, 64 bit. Moreover, AKO can be expanded to prevent the falsification of various data in the kernel space. We present an expansion example that prevents the invalidation of Security-Enhanced Linux. Evaluation results show that AKO is effective against privilege escalation attacks, while maintaining low overhead.

DOI： 10.1109/DESEC.2018.8625137

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/desec/desec2018.html#YamauchiAYNH18

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE Computer Society  

© 2018 IEEE. To detect the performance anomaly of a computer, as a structure for continuous performance profiling, decentralization of the performance profiling system using virtual machines has been proposed. Moreover, there have already been evaluation results reported regarding overhead, including data storing, and data sampling stall time. On the other hand, for continuous performance profiling, the continuous processing of performance profiling is needed, including not only data sampling and data storing but also analysis processing. Therefore, first, this paper describes a relationship condition among data sampling time, data storing time, and analysis processing time as the necessary condition for continuous performance profiling on a decentralized performance profiling system. Second, in order to satisfy the relationship condition, we propose a concurrent operation technique as the acceleration method of analysis processing for a decentralized performance profiling system. Finally, this paper presents quantitative evaluations of the proposed method, including the case of a multi-VMM environment.

DOI： 10.1109/CANDARW.2018.00035

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/ic-nc/candar2018w.html#YamamotoNYNT18

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE Computer Society  

© 2018 IEEE. Use-after-free (UAF) vulnerabilities, are abused by exploiting a dangling pointer that refers to a freed memory, location and then executing arbitrary code. Vulnerabilities are caused by bugs in software programs, particularly large scale programs such as browsers. We had previously proposed HeapRevolver, which prohibits freed memory area from being reused for a certain period. HeapRevolver on Windows uses the number of freed memory areas that are prohibited for reuse as a trigger to release the freed memory area. Alternatively, HeapRevolver uses the number of the freed memory areas as a threshold for releasing freed memory. However, when the size of individual freed memory area is large, HeapRevolver on Windows increases the memory overhead. In this paper, we propose an improved HeapRevolver for Windows considering the size and number of the freed memory areas. The improved HeapRevolver prohibits the reuse of a certain number of freed memory areas at a given time by considering the size and number of freed memory areas as thresholds. Evaluation results demonstrate that the improved HeapRevolver can prevent attacks that exploit UAF vulnerabilities. Particularly, when the size of individual freed memory area is small in a program, HeapRevolver is effective in decreasing the attack success rate.

DOI： 10.1109/CANDARW.2018.00080

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/ic-nc/candar2018w.html#BanY18

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE Computer Society  

© 2017 IEEE. As a result of the increasing amounts of classified information being managed by personal computers, leakage of this information to external computers has become a serious problem. To prevent such leakage, we previously proposed a function for tracing the diffusion of classified information in a guest operating system (OS) using a virtual machine monitor (VMM). This function allows determination of the classified information location and information leakage detection without modification of the guest OS source code. In addition, it is more difficult for attacks to target this function, because the VMM is isolated from the guest OS. The tracing function hooks a system call in the guest OS from the VMM and judges whether the hooked system call is related to the diffusion of classified information. However, if the tracing function induces processing of large overheads, introduction of this function may degrade performance. In this paper, we analyze the processing performance of the tracing function in detail, identifying processing involving large overheads. Hence, we determine that the recording overheads for files or processes having the potential to diffuse classified information are especially large. To reduce the influence of the tracing function introduction, it is necessary to reduce these overheads. Therefore, we present a policy for efficient management. Further, we propose an improved tracing function and report on its evaluation.

DOI： 10.1109/CANDAR.2017.91

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/ic-nc/candar2017.html#MoriyamaYST17

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：ACM  

© 2018 Association for Computing Machinery. In addition to conventional web browsers, WebView is used to display web content on Android. WebView is a component that enables the display of web content in mobile applications, and is extensively used. As WebView displays web content without having to redirect the user to web browsers, there is the possibility that unauthorized web access may be performed secretly via Web-View, and information in Android may be stolen or tampered with. Therefore, it is necessary to monitor and analyze web access via WebView, particularly because attacks exploiting WebView have been reported. However, there is no mechanism for monitoring web access viaWebView. In this work, the goals are to monitor web access via WebView and to analyze mobile applications using Web-View. To achieve these goals, we propose a web access monitoring mechanism for Android WebView. In this paper, the design and implementation of a mechanism that does not require any modifications to the Android Framework and Linux kernel are presented for the Chromium Android System WebView app. In addition, this paper presents evaluation results for the proposed mechanism.

DOI： 10.1145/3167918.3167942

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/acsw/acsw2018.html#ImamuraUISY18

Language：English   Publishing type：Research paper (scientific journal)   Publisher：Information Processing Society of Japan  

© 2018 Information Processing Society of Japan. Hybrid application frameworks such as Cordova are more and more popular to create platform-independent applications (apps) because they provide special APIs to access device resources in a platform-agonistic way. By using these APIs, hybrid apps can access device resources through JavaScript. In this paper, we present a novel apprepackaging attack that repackages hybrid apps with malicious code; this code can exploit Cordova’s plugin interface to steal and tamper with device resources. We address this attack and cross-site scripting attacks against hybrid apps. Since these attacks need to use plugins to access device resources, we refer to both of these attacks as Cordova plugin attacks. We further demonstrate a defense against Cordova plugin attacks through the use of a novel runtime access control mechanism that restricts access based on the mobile user’s judgement. Our mechanism is easy to introduce to existing Cordova apps, and allows developers to produce apps that are resistant to Cordova plugin attacks. Moreover, we evaluate the effectiveness and performance of our mechanism.

DOI： 10.2197/ipsjjip.26.396

Scopus

researchmap

Language：Japanese   Publishing type：Research paper (scientific journal)  

DOI： 10.14923/transinfj.2017JDP7061

researchmap

Language：Japanese   Publishing type：Research paper (scientific journal)  

DOI： 10.14923/transinfj.2017SKP0012

J-GLOBAL

researchmap

Authorship：Lead author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG  

Copyright © 2017 The Institute of Electronics, Information and Communication Engineers. An operating system is an essential piece of software that manages hardware and software resources. Thus, attacks on an operating system kernel using kernel rootkits pose a particularly serious threat. Detecting an attack is difficult when the operating system kernel is infected with a kernel rootkit. For this reason, handling an attack will be delayed causing an increase in the amount of damage done to a computer system. In this paper, we propose Kernel Rootkits Guard (KRGuard), which is a new method to detect kernel rootkits that monitors branch records in the kernel space. Since many kernel rootkits make branches that differ from the usual branches in the kernel space, KRGuard can detect these differences by using the hardware features of commodity processors. Our evaluation shows that KRGuard can detect kernel rootkits that involve new branches in the system call handler processing with small overhead.

DOI： 10.1587/transinf.2016INL0003

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/journals/ieicet/ieicet100d.html#YamauchiA17

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

© 2017 IEEE. Hybrid application frameworks such as Cordovaallow mobile application (app) developers to create platformindependent apps. The code is written in JavaScript, with special APIs to access device resources in a platform-agnostic way. In this paper, we present a novel app-repackaging attack that repackages hybrid apps with malicious code, this code can exploit Cordova's plugin interface to tamper with device resources. We further demonstrate a defense against this attack through the use of a novel runtime access control mechanism that restricts access based on the mobile user's judgement. Our mechanism is easy to introduce to existing Cordova apps, and allows developers to produce apps that are resistant to app-repackaging attacks.

DOI： 10.1109/AINA.2017.61

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/aina/aina2017.html#KudoYA17

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG  

© 2016 IEEE. Attacks on an operating system kernel using kernel rootkits pose a particularly serious threat. Detecting an attack is difficult when the operating system kernel is infected with a kernel rootkit. For this reason, handling an attack will be delayed causing an increase in the amount of damage done to a computer system. In this paper, we discuss KRGuard (Kernel Rootkits Guard), which is a new method to detect kernel rootkits that monitors branch records in the kernel space. Since many kernel rootkits make branches that differ from the usual branches in the kernel space, KRGuard can detect these differences by using hardware features of commodity processors. Our evaluation shows that KRGuard can detect kernel rootkits with small overhead.

DOI： 10.1109/ICISSEC.2016.7885860

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/journals/ieicet/ieicet100d.html#YamauchiA17

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

© 2016 IEEE. To prevent attacks on essential software and to mitigate damage, an attack avoiding method that complicates process identification from attackers is proposed. This method complicates the identification of essential services by replacing process information with dummy information. However, this method allows attackers to identify essential processes by detecting changes in process information. To address this problems and provide more complexity to process identification, this paper proposes a memory access monitoring by using a virtual machine monitor. By manipulating the page access permission, a virtual machine monitor detects page access, which includes process information, and replaces it with dummy information. This paper presents the design, implementation, and evaluation of the proposed method.

DOI： 10.1109/CANDAR.2016.89

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/ic-nc/candar2016.html#SatoYT16

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG  

© Copyright 2016 The Institute of Electronics, Information and Communication Engineers. To reduce the server load and communication costs of machine-to-machine (M2M) systems, sensor data are aggregated in M2M gateways. Aggregation logic is typically programmed in the C language and embedded into the firmware. However, developing aggregation programs is difficult for M2M service providers because it requires gatewayspecific knowledge and consideration of resource issues, especially RAM usage. In addition, modification of aggregation logic requires the application of firmware updates, which are risky. We propose a rule-based sensor data aggregation system, called the complex sensor data aggregator (CSDA), for M2M gateways. The functions comprising the data aggregation process are subdivided into the categories of filtering, statistical calculation, and concatenation. The proposed CSDA supports this aggregation process in three steps: the input, periodic data processing, and output steps. The behaviors of these steps are configured by an XML-based rule. The rule is stored in the data area of flash ROM and is updatable through the Internet without the need for a firmware update. In addition, in order to keep within the memory limit specified by the M2M gateway's manufacturer, the number of threads and the size of the working memory are static after startup, and the size of the working memory can be adjusted by configuring the sampling setting of a buffer for sensor data input. The proposed system is evaluated in an M2M gateway experimental environment. Results show that developing CSDA configurations is much easier than using C because the configuration decreases by 10%. In addition, the performance evaluation demonstrates the proposed system's ability to operate on M2M gateways.

DOI： 10.1587/transinf.2016PAP0020

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/journals/ieicet/ieicet99d.html#NakamuraMIKY16

Authorship：Lead author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：SPRINGER INT PUBLISHING AG  

© Springer International Publishing AG 2016. Recently, there has been an increase in use-after-free (UAF) vulnerabilities, which are exploited using a dangling pointer that refers to a freed memory. Various methods to prevent UAF attacks have been proposed. However, only a few methods can effectively prevent UAF attacks during runtime with low overhead. In this paper, we propose HeapRevolver, which is a novel UAF attack-prevention method that delays and randomizes the timing of release of freed memory area by using a memory-reuse-prohibited library, which prohibits a freed memory area from being reused for a certain period. In this paper, we describe the design and implementation of HeapRevolver in Linux and Windows, and report its evaluation results. The results show that HeapRevolver can prevent attacks that exploit existing UAF vulnerabilities. In addition, the overhead is small.

DOI： 10.1007/978-3-319-46298-1_15

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/nss/nss2016.html#YamauchiI16

Language：Japanese   Publishing type：Research paper (scientific journal)  

In order to improve file access performance of the processing that users would like to execute at high priority, it is effective to improve cache hit ratio of I/O buffer. Thus, a directory oriented buffer cache mechanism was proposed. This mechanism divides I/O buffer into two areas, and gives higher caching priority to files in specified directories. However, this mechanism monotonically expands the area used for caching files given higher priority. Therefore, this mechanism declines the performance of the whole computer due to deterioration of cache hit ratio of files not given higher priority. Thus, this paper proposes the dynamic partitioning method based on cache hit ratio. The proposed method divides I/O buffer to maintain high cache hit ratio of files given higher priority and prevent cache hit ratio of the other files from degradation. Additionally, this paper describes the evaluation of effectivity of the proposed method.

CiNii Article

CiNii Books

researchmap

Language：English   Publishing type：Research paper (scientific journal)   Publisher：SPRINGER  

© 2016, Springer Science+Business Media New York. Cases of classified information leakage have become increasingly common. To address this problem, we have proposed a function for tracing the diffusion of classified information within an operating system. However, this function suffers from the following two problems: first, in order to introduce the function, the operating system’s source code must be modified. Second, there is a risk that the function will be disabled when the operating system is attacked. Thus, we have designed a function for tracing the diffusion of classified information in a guest operating system by using a virtual machine monitor. By using a virtual machine monitor, we can introduce the proposed function in various environments without modifying the operating system’s source code. In addition, attacks aimed at the proposed function are made more difficult, because the virtual machine monitor is isolated from the operating system. In this paper, we describe the implementation of the proposed function for file operations and child process creation in the guest operating system with a kernel-based virtual machine. Further, we demonstrate the traceability of diffusing classified information by file operations and child process creation. We also report the logical lines of code required to introduce the proposed function and performance overheads.

DOI： 10.1007/s11227-016-1671-5

Web of Science

Scopus

researchmap

Authorship：Lead author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：ACM  

© 2016 ACM. Over the past few years, nonvolatile memory has actively been researched and developed. Therefore, studying operating system (OS) designs predicated on the main memory in the form of a nonvolatile memory and studying methods to manage persistent data in a virtual memory are crucial to encourage the widespread use of nonvolatile memory in the future. However, the main memory in most computers today is volatile, and replacing highcapacity main memory with nonvolatile memory is extremely cost-prohibitive. This paper proposes an OS structure for nonvolatile main memory. The proposed OS structure consists of three functions to study and develop OSs for nonvolatile main memory computers. First, a structure, which is called plate, is proposed whereby persistent data are managed assuming that nonvolatile main memory is present in a computer. Second, we propose a persistent-data mechanism to make a volatile memory function as nonvolatile main memory, which serves as a basis for the development of OSs for computers with nonvolatile main memory. Third, we propose a continuous operation control using the persistent-data mechanism and plates. This paper describes the design and implementation of the OS structure based on the three functions on The ENduring operating system for Distributed EnviRonment and describes the evaluation results of the proposed functions.

DOI： 10.1145/2851613.2851744

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/sac/sac2016.html#YamauchiYNMIIGT16

Language：English   Publisher：IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG  

DOI： 10.1587/transinf.2015ICF0001

Web of Science

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

© 2015 IEEE. While a considerable amount of research has been devoted to preventing leakage of classified information, little attention has been paid to identifying attackers who steal information. If attackers can be identified, more precise countermeasures can be taken. In this paper, we propose an attacker investigation system that focuses on information leakage. The system traces classified information in a computer and substitutes it with dummy data, which is then sent to the outside. Moreover, a program embedded in the dummy data transmits information back from the attacker's computer to a pre-specified system for investigation. Information about the attacker can be obtained by an attacker executing the program.

DOI： 10.1109/IIAI-AAI.2015.247

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/iiaiaai/iiaiaai2015.html#IkegamiY15

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

© 2015 IEEE. Attacks on computer systems have become more frequent in recent years. Attacks using kernel root kits pose a particularly serious threat. When a computer system is infected with a kernel root kit, attack detection is difficult. Because of this, handling the attack will be delayed causing an increase in the amount of damage done to the computer system. This paper proposes a new method to detect kernel root kits by monitoring the branch records in kernel space using hardware features of commodity processors. Our method utilizes the fact that many kernel root kits make branches that differ from the usual branches. By introducing our method, it is possible to detect kernel root kits immediately and, thereby, reduce damages to a minimum.

DOI： 10.1109/IIAI-AAI.2015.243

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/iiaiaai/iiaiaai2015.html#AkaoY15

Language：Japanese   Publishing type：Research paper (scientific journal)  

researchmap

Language：English   Publishing type：Research paper (scientific journal)   Publisher：Information Processing Society of Japan  

© 2016 Information Processing Society of Japan. The leaking of information has increased in recent years. To address this problem, we previously proposed a function for tracing the diffusion of classified information in a guest OS using a virtual machine monitor (VMM). This function makes it possible to grasp the location of classified information and detect information leakage without modifying the source codes of the guest OS. The diffusion of classified information is caused by a file operation, child process creation, and inter-process communication (IPC). In a previous study, we implemented the proposed function for a file operation and child process creation excluding IPC using a kernel-based virtual machine (KVM). In this paper, we describe the design of the proposed function for IPC on a KVM without modifying the guest OS. The proposed function traces the local and remote IPCs inside the guest OS from the outside so as to trace the information diffusion. Because IPC with an outside computer might cause information leakage, tracing the IPCs enables the detection of such a leakage. We also report the evaluation results including the traceability and performance of the proposed function.

DOI： 10.2197/ipsjjip.24.781

Scopus

researchmap

Publishing type：Research paper (scientific journal)  

DOI： 10.1587/transinf.2015ICF0001

researchmap

Other Link： https://dblp.uni-trier.de/db/journals/ieicet/ieicet99d.html#Yamauchi16

Authorship：Lead author   Language：English   Publishing type：Research paper (scientific journal)   Publisher：IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG  

© Copyright 2015 The Institute of Electronics, Information and Communication Engineers. Microkernel operating systems (OSes) use zero-copy communication to reduce the overhead of copying transfer data, because the communication between OS servers occurs frequently in the case of microkernel OSes. However, when a memory management unit manages the translation lookaside buffer (TLB) using software, TLB misses tend to increase the overhead of interprocess communication (IPC) between OS servers running on a microkernel OS. Thus, improving the control method of a software-managed TLB is important for microkernel OSes. This paper proposes a fast control method of software-managed TLB that manages page attachment in the area used for IPC by using TLB entries, instead of page tables. Consequently, TLB misses can be avoided in the area, and the performance of IPC improves. Thus, taking the SH-4 processor as an example of a processor having a software-managed TLB, this paper describes the design and the implementation of the proposed method for AnT operating system, and reports the evaluation results of the proposed method.

DOI： 10.1587/transinf.2015PAL0003

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/journals/ieicet/ieicet98d.html#YamauchiTT15

Language：Japanese   Publishing type：Research paper (scientific journal)  

CiNii Article

researchmap

Language：English   Publishing type：Research paper (scientific journal)   Publisher：Information Processing Society of Japan  

© 2015 Information Processing Society of Japan. As attacks to computers increase, protective software is developed. However, that software is still open to attacks by adversaries that disable its functionality. If that software is stopped or disabled, the risk of damage to the computer increases. Protections of that software are proposed however existing approaches are insufficient or cannot use those software without modification. To decrease the risk and to address these problems, this paper presents an attack avoidance method that hides process from adversaries who intend to terminate essential services. The proposed method complicates identification based on process information by dynamically replacing the information held by a kernel with dummy information. Replacing process information makes identifying the attack target difficult because adversaries cannot find the attack target by seeking the process information. Implementation of the proposed method with a virtual machine monitor enhances the security of the mechanism itself. Further, by implementing the proposed method with a virtual machine monitor, modification to operating systems is unnecessary.

DOI： 10.2197/ipsjjip.23.673

Scopus

researchmap

Language：Japanese   Publishing type：Research paper (scientific journal)  

In recent years, Android malware has been increasing, and countermeasures against them have become an issue. In particular, the leakage of user information by malware has become an important issue. In order to address this problem, we design and implement a method that uses TaintDroid to prevent the leakage of user information from Android device. This method tracks the diffusion of user information in a device and dynamically controls the action of application program (AP) when the leakage of user information is detected. As a result, this method prevents the leakage of user information from the device. In addition, this method obtains the AP name involved in the leakage of user information and understands the diffusion path of user information when APs communicate user information with each other. Therefore, a user can deal with each AP of leakage factors. Furthermore, this method replaces user information that is leaked from a device with a dummy data. As a result, this method prevents the leakage of user information from the device without interfering the process of AP.

CiNii Article

CiNii Books

researchmap

Language：English   Publishing type：Research paper (scientific journal)   Publisher：Information Processing Society of Japan  

© 2015 Information Processing Society of Japan. Security-Enhanced Linux (SELinux) is a useful countermeasure for resisting security threats to embedded systems, because of its effectiveness against zero-day attacks. Furthermore, it can generally mitigate attacks without the application of security patches. However, the combined resource requirements of the SELinux kernel, userland, and the security policy reduce the performance of resource-constrained embedded systems. SELinux requires tuning, and modified code should be provided to the open-source software (OSS) community to receive value from its ecosystem. In this paper, we propose an embedded SELinux with reduced resource requirements, using code modifications that are acceptable to the OSS community. Resource usage is reduced by employing three techniques. First, the Linux kernel is tuned to reduce CPU overhead and memory usage. Second, unnecessary code is removed from userland libraries and commands. Third, security policy size is reduced with a policy-writing tool. To facilitate acceptance by the OSS community, build flags can be used to bypass modified code, such that it will not affect existing features; moreover, side effects of the modified code are carefully measured. Embedded SELinux is evaluated using an evaluation board targeted for M2M gateway, and benchmark results show that its read/write overhead is almost negligible. SELinux's file space requirements are approximately 200 Kbytes, and memory usage is approximately 500 Kbytes; these account for approximately 1% of the evaluation board's respective flash ROM and RAM capacity . Moreover, the modifications did not result in any adverse side effects. The modified code was submitted to the OSS community along with the evaluation results, and was successfully merged into the community code.

DOI： 10.2197/ipsjjip.23.664

Scopus

researchmap

Authorship：Lead author   Language：Japanese   Publishing type：Research paper (scientific journal)  

Buffer cache is implemented to improve I/O performance with data in disks. As buffer cache management, there are many mechanisms based on access pattern of block. On the other hand, we proposed I/O buffer cache mechanism based on the frequency of file usage (FFU). Our previous proposed mechanism calculates file importance from the information of system-call of the file operation. Then, it controls two level buffer cache based on the file importance. In this paper, we propose a setting method of opportunity of updating file importance on FFU. The proposed method focuses on whether the file state is access intensive or not. This paper also describes a setting method of parameters of the proposed method based on access information of a target system. Finally, this paper reports the evaluation results of the proposed method by using typical access pattern data and real access patterns.

CiNii Article

CiNii Books

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (scientific journal)   Publisher：IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG  

Copyright © 2015 The Institute of Electronics, Information and Communication Engineers. Android applications that using WebView can load and display web pages. Interaction with web pages allows JavaScript code within the web pages to access resources on the Android device by using the Java object, which is registered into WebView. If this WebView feature were exploited by an attacker, JavaScript code could be used to launch attacks, such as stealing from or tampering personal information in the device. To address these threats, we propose an access control on the security-sensitive APIs at the Java object level. The proposed access control uses static analysis to identify these security-sensitive APIs, detects threats at runtime, and notifies the user if threats are detected, thereby preventing attacks from web pages.

DOI： 10.1587/transinf.2014ICL0001

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/journals/ieicet/ieicet98d.html#YuY15

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：SPRINGER-VERLAG BERLIN  

© 2015 IPSJ. To reduce the server load and communication cost of machine-to-machine (M2M) systems, sensor data are aggregated in M2M gateways. The C language is typically used for programming the aggregation logic, and the program is embedded into the firmware. However, developing aggregation programs is difficult for M2M service providers because it requires gateway-specific knowledge, and consideration must be given to CPU and memory resources. In addition, modifying aggregation logic requires firmware updates, which are risky. We propose a rule-based sensor data aggregation system, called the complex sensor data aggregator (CSDA) for M2M gateways. Data aggregation is categorized into filtering, statistical calculation, and concatenation. The proposed CSDA supports this aggregation process in three steps: the input, data processing, and output steps. The behaviors of these steps are configured by an XML based rule. The CSDA also supports update modules, which download and overwrite aggregation rules from the server when the modification of data aggregation logic is required. In this case, firmware updates are not necessary. The proposed system is evaluated in an M2M gateway experimental environment. Results show that developing CSDA configurations is much easier than using C because the configuration amount decreases by 10%. In addition, the performance evaluation demonstrates the proposed system's ability to operate on M2M gateways. CPU usage was less than 10%, even with a heavy load, and memory consumption was 128 Kbytes.

DOI： 10.1109/ICMU.2015.7061051

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/icmu/icmu2015.html#NakamuraMY15

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

© 2014 IEEE. Malware has received much attention in recent years. Antivirus software is widely used as a countermeasure against malware. However, some kinds of malware can evade detection by antivirus software, hence, a new detection method is required. In this paper, we propose a malware detection method that focuses on Anti-Debugging functions. An Anti-Debugging function is a method that prevents malware analysts from analyzing an application program (AP). The function can form part of benign as well as malicious APs. Our method focuses on a behavioral difference between benign and malicious APs and detects malware by comparing the two behavioral patterns. Evaluation results with malware confirmed our method to be capable of successfully detecting malware.

DOI： 10.1109/CANDAR.2014.36

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/ic-nc/candar2014.html#YoshizakiY14

Language：English   Publishing type：Research paper (international conference proceedings)  

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (scientific journal)   Publisher：Information Processing Society of Japan  

© 2014 Information Processing Society of Japan. Ensuring the integrity of logs is essential to reliably detect and counteract attacks because adversaries tamper with logs to hide their activities on a computer. Even though some studies proposed various protections of log files, adversaries can tamper with logs in kernel space with kernel-level malicious software (malware) because file access and inter-process communication are provided by an OS kernel. Virtual machine introspection (VMI) can collect logs from virtual machines (VMs) without interposition of a kernel. It is difficult for malware to hinder that log collection, because a VM and VM monitor (VMM) are strongly separated. However, complexity and unnecessary performance overhead arise because VMI is not specialized for log collection. This paper proposes a secure and fast log transfer method using library replacement for VMs. In the proposed method, a process on a VM requests a log transfer to a VMM using the modified library, which contains a trigger for a log transfer. The VMM collects logs from the VM and isolate them to another VM. The proposed method provides VM-level log isolation and security for the mechanism itself with low performance overhead.

DOI： 10.2197/ipsjjip.22.597

Scopus

researchmap

Authorship：Last author,　Corresponding author   Language：Japanese   Publishing type：Research paper (scientific journal)  

CiNii Article

CiNii Books

researchmap

Language：Japanese   Publishing type：Research paper (scientific journal)  

CiNii Article

CiNii Books

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：Springer Verlag  

Security-critical software is open to attacks by adversaries that disable its functionality. To decrease the risk, we propose an attack avoidance method for complicating process identification. The proposed method complicates identification based on process information by dynamically replacing the information held by a kernel with dummy information. Replacing process information makes identifying the attack target difficult because adversaries cannot find the attack target by seeking the process information. Implementation of the proposed method with a virtual machine monitor enhances the security of the mechanism itself. Further, by implementing the proposed method with a virtual machine monitor, modification to operating systems and application programs are unnecessary. © 2014 Springer International Publishing.

DOI： 10.1007/978-3-319-09843-2_3

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/iwsec/iwsec2014.html#SatoY14

Authorship：Lead author   Language：English   Publishing type：Research paper (scientific journal)  

It is difficult to understand the processing flow of complicated software such as operating systems (OSs). Thus, a mechanism that can collect and analyze behavioral information in order to comprehend the behavior of OS is necessary. Although several collection mechanisms have been developed, their OS structures were not designed to collect OS behavior. In this paper, we describe an OS structure that simplifies comprehension of OS behavior and the implementation of it on Tender OS. We also describe a mechanism for the visualization of OS behavior. Finally, we investigate the cost of introducing our proposed comprehension mechanism and the overhead and efficiency of the proposed mechanism. © 2014 International Information Institute.

Scopus

researchmap

Language：Japanese   Publishing type：Research paper (scientific journal)   Publisher：The Institute of Electronics, Information and Communication Engineers  

CiNii Article

CiNii Books

researchmap

Language：English   Publishing type：Research paper (scientific journal)  

DOI： 10.22667/JISIS.2014.05.31.055

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

Attacks on an operating system kernel using kernel rootkits pose a particularly serious threat. Detecting an attack is difficult when the operating system kernel is infected with a kernel rootkit. For this reason, handling an attack will be delayed causing an increase in the amount of damage done to a computer system. In this paper, we discuss KRGuard (Kernel Rootkits Guard), which is a new method to detect kernel rootkits that monitors branch records in the kernel space. Since many kernel rootkits make branches that differ from the usual branches in the kernel space, KRGuard can detect these differences by using hardware features of commodity processors. Our evaluation shows that KRGuard can detect kernel rootkits with small overhead.

Web of Science

researchmap

Language：Japanese  

CiNii Article

researchmap

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：Springer  

Ensuring the integrity of logs is essential to reliably detect and counteract attacks, because adversaries tamper with logs to hide their activities on a computer. Even though some research studies proposed different ways to protect log files, adversaries can tamper with logs in kernel space with kernel-level malicious software (malware). In an environment where Virtual Machines (VM) are utilized, VM Introspection (VMI) is capable of collecting logs from VMs. However, VMI is not optimized for log protection and unnecessary overhead is incurred, because VMI does not specialize in log collection. To transfer logs out of a VM securely, we propose a secure log transfer method of replacing a library. In our proposed method, a process on a VM requests a log transfer by using the modified library, which contains a trigger for a log transfer. When a VM Monitor (VMM) detects the trigger, it collects logs from the VM and sends them to another VM. The proposed method provides VM-level log isolation and security for the mechanism itself. This paper describes design, implementation, and evaluation of the proposed method. © 2013 Springer-Verlag.

DOI： 10.1007/978-3-642-41383-4_1

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/iwsec/iwsec2013.html#SatoY13

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

Android applications that using WebView can load and display web pages. Furthermore, by using the APIs provided in WebView, Android applications can interact with web pages. The interaction allows JavaScript code within the web pages to access resources on the Android device by using the Java object, which is registered into WebView. If this WebView feature were exploited by an attacker, JavaScript code could be used to launch attacks, such as stealing from or tampering personal information in the device. To address these threats, we propose a method that performs access control on the security-sensitive APIs at the Java object level. The proposed method uses static analysis to identify these security-sensitive APIs, detects threats at runtime, and notifies the user if threats are detected, thereby preventing attacks from web pages. © 2013 IEEE.

DOI： 10.1109/HPCC.and.EUC.2013.229

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/hpcc/hpcc2013.html#YuY13

Authorship：Last author,　Corresponding author   Language：Japanese   Publishing type：Research paper (scientific journal)  

CiNii Article

CiNii Books

researchmap

Authorship：Last author,　Corresponding author   Language：Japanese   Publishing type：Research paper (conference, symposium, etc.)   Publisher：Forum on Information Technology  

CiNii Article

CiNii Books

researchmap

Language：Japanese  

CiNii Article

researchmap

Authorship：Lead author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：SPRINGER  

The secure OS has been the focus of several studies. However, CPU resources, which are important resources for executing a program, are not the object of access control in secure OS. For preventing the abuse of CPU resources, we had earlier proposed a new type of execution resource that controls the maximum CPU usage (Tabata et al. in Int. J. Smart Home 1(2):109-128, 2007). The previously proposed mechanism can control only one process at a time. Because most services involve multiple processes, the mechanism should control all the processes in each service. In this paper, we propose an improved mechanism that helps to achieve a bound on the execution performance of a process group in order to limit unnecessary processor usage. We report the results of an evaluation of our proposed mechanism. © 2011 Springer Science+Business Media, LLC.

DOI： 10.1007/s11227-011-0707-0

Web of Science

Scopus

researchmap

Language：Japanese   Publishing type：Research paper (scientific journal)   Publisher：The Institute of Electronics, Information and Communication Engineers  

CiNii Article

CiNii Books

researchmap

Language：Japanese   Publishing type：Research paper (scientific journal)  

Recently, it is more important to grasp and control the damage of attacks safely, so much research has been done to increase the security of the general-purpose OS by observing the behavior using virtualization technology. In this paper, we propose a mechanism to observe and logging the file access in guest OS from virtual machine monitor using the inter-domain communication by the filter driver. Our mechanism can be applied independently of the implementation of virtual machine monitor. By hooking file accesses in the guest OS, log messages are transferred and stored to the virtual machine monitor, so our approach is effective from the viewpoint of preservation of the log. We show the design and implementation of our mechanism for both Xen and KVM. Furthermore, we report the results of measuring the performance when accessing files as evaluation.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00090264/

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：Springer  

An app in Android can collaborate with other apps and control personal information by using the Intent or user's allowing of permission. However, users cannot detect when they communicate. Therefore, users might not be aware information leakage if app is malware. This paper proposes DroidTrack, a method for tracking the diffusion of personal information and preventing its leakage on an Android device. DroidTrack alerts the user of the possibility of information leakage when an app uses APIs to communicate with outside. These alerts are triggered only if the app has already called APIs to collect personal information. Users are given the option to refuse the execution of the API if it is not appropriate. Further, by illustrating how their personal data is diffused, users can have the necessary information to help them decide whether the API use is appropriate. © 2013 Springer Science+Business Media Dordrecht(Outside the USA).

DOI： 10.1007/978-94-007-6738-6_31

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/mue/mue2013.html#SakamotoONY13

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：Springer  

In recent years, the opportunity to deal with classified information in a computer has increased, so the cases of classified information leakage have also increased. We have developed a function called "diffusion tracing function for classified information" (tracing function), which has the ability to trace the diffusion of classified information in a computer and to manage which resources might contain classified information. The classified information exchanged among the processes in multiple computers should be traced. This paper proposes a method which traces the diffusion for classified information among multiple computers. Evaluation results show the effectiveness of the proposed methods. © 2013 Springer Science+Business Media Dordrecht(Outside the USA).

DOI： 10.1007/978-94-007-6738-6_30

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/mue/mue2013.html#OtsuboUYT13

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

Operating systems (OSes) that is based on microkernel architecture have high adaptability and toughness. In addition, multicore processors have been developed along with the progress of LSI technology. By running a microkernel OS on a multicore processor and distributing the OS server to multiple cores, it is possible to realize load balancing of the OS processing. In this method, transaction processing, which requires a large amount of OS processing, can be provided effectively in a multicore environment. This paper presents evaluations of distributed OS processing performances for various scenarios for AnT operating system that is based on the microkernel architecture in a multicore environment. In these evaluations, we describe the differences in performance by distribution forms when referring the data in a block. Moreover, we use the PostMark and Bonnie benchmark tools to evaluate the effects of load balancing for the distribution forms. © 2013 IEEE.

DOI： 10.1109/NBiS.2013.57

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/nbis/nbis2013.html#SakodaYT13

Language：Japanese   Publishing type：Research paper (scientific journal)  

The number of incidents leaking of classified information has increased. To prevent leakage of information, it is important for users to understand the usage of classified information. To understand the usage of classified information, an method has implemented that monitors operations on the classified information and logs those operations. However, because an analysis of logs is necessary for understanding the usage of classified information, it is difficult to prevent leakage of classified information. We proposed the function to trace the classified information diffusion and detect a leakage of classified information. However, to understand the usage of classified information from the function by users, it is necessary to analyze the log in text format. Therefore, it takes long time to investigate the cause of the leakage of information. This paper proposes a function to visualize diffusion path of classified information. The function enables us to visualize the diffusion path of designated files that contain classified information. In addition, the function can visualize the diffusion paths focusing on the designated period of file operations. This paper also describes the implementation of the proposed function by extending the existing tracing function of classified information.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00083925/

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (scientific journal)   Publisher：NATL ILAN UNIV, JIT  

Logging information about the activities that placed in a computer is essential for understanding its behavior. In Homeland Security, the reliability of the computers used in their activities is of paramount importance. However, attackers can delete logs to hide evidence of their activities. Additionally, various problems may result in logs being lost. These problems decrease the dependability of Homeland Security. To address these problems, we previously proposed a secure logging scheme using a virtual machine monitor (VMM). The scheme collects logs and isolates them from the monitored OS. However, the scheme cannot store them automatically. Thus, logs in memory are lost when the computer is shutdown. Further, if the logs are not stored, it is impossible to detect incidents of tampering by comparing the logs of the monitored OS with those of the logging OS. To address these additional problems, this paper proposes a log-storing module and a tamper detection scheme. The log-storing module automatically stores logs collected by the logging module, and tamper detection is realized by comparing these stored log files with those of the monitored OS. We implemented the log-storing module and realized the tamper detection scheme. Evaluations reveal the effectiveness of the tamper detection scheme.

Web of Science

Scopus

researchmap

Language：Japanese   Publishing type：Research paper (scientific journal)   Publisher：The Institute of Electronics, Information and Communication Engineers  

CiNii Article

CiNii Books

researchmap

Language：Japanese   Publishing type：Research paper (scientific journal)  

researchmap

Language：Japanese   Publishing type：Research paper (scientific journal)  

Logging information is necessary in order to understand a computer's behavior. However, there is a possibility that attackers will delete logs to hide the evidence of their attacking and cheating. Moreover, various problems might cause the loss of logging information. To address these issues, we propose a system to prevent tampering and loss of logging information using a virtual machine monitor (VMM). In this system, logging information generated by the operating system (OS) and application program (AP) working on the target virtual machine (VM) is gathered by the VMM without any modification of the kernel source codes. The security of the logging information is ensured by its isolation from the VM. In addition, the isolation and multiple copying of logs can help in the detection of tampering.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00080698/

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE Computer Society  

Processing that is executed periodically must be completed before the next release time. If such processing is not completed before the next release time, the processing that had been scheduled is not executed. This is complicated by the fact that the execution time from release to the end of periodically executed processing is not constant, due to changing I/O processing time and the influence of timer interrupts. To solve this, we propose a system that records the execution time of the processing, judges whether the processing will be finished before the specified deadline, and can execute appropriate processing that can be completed within the remaining time. In this paper, we describe the design and evaluation of our system. © 2012 IEEE.

DOI： 10.1109/NBiS.2012.79

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/nbis/nbis2012.html#FurukawaYT12

Authorship：Lead author   Language：English   Publishing type：Research paper (scientific journal)  

Security focused OS (Secure OS) is attracting attention as a method for minimizing damage caused by various intrusions. Secure OSs can restrict the damage due to an attack by using Mandatory Access Control (MAC). In some projects, secure OSs for Linux have been developed. In these OSs, different implementation methods have been adopted. However, there is no method for easily evaluating the performance of the secure OS in detail, and the relationship between the implementation method and the performance is not clear. The secure OS in Linux after version 2.6 has often been implemented by Linux Security Modules (LSM). Therefore, we determine the effect of introducing the secure OS on the performance of the OS by using the overhead measurement tool, the LSM Performance Monitor (LSMPMON). This paper reports the evaluation results of three secure OSs on Linux 2.6.36 by LSMPMON. The results show the effect of introducing the secure OS.

Scopus

researchmap

Authorship：Lead author   Language：English   Publishing type：Research paper (international conference proceedings)  

researchmap

Language：Japanese  

CiNii Article

CiNii Books

researchmap

Authorship：Lead author   Language：Japanese   Publishing type：Research paper (scientific journal)  

Using the Bayesian filter is a popular approach to distinguish between spam and legitimate e-mails. Spam senders sometimes modify emails to bypass the Bayesian filter. The tokens included in the e-mail are investigated for improving the accuracy of classification of emails. The results show that tokens found at the first time sometimes degrade the accuracy of the classification. In this paper, we propose an anti-spam method that consider the difference of the property of tokens. The proposed method limits the use of tokens for improvement of Bayesian filter. The evaluations were performed by using some email sets. The results shows that the proposed method can decrease the false negative rate.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00077500/

Language：Japanese   Publishing type：Research paper (scientific journal)  

In some projects, secure OSes for Linux have been developed and different implementations have been adopted. However, there is no report on evaluation of performance of secure OS that after Linux 2.6.19 in detail, and the relationship between the kernel version and the performance is not clear. Therefore, we evaluate change of the performance at the version interval and overhead of three secure OSes (SELinux, TOMOYO Linux, LIDS), by using the overhead measurement tool, the LSM Performance Monitor (LSMPMON) developed for Linux 2.6.30. This paper shows the performance of secure OSes on Linux 2.6.30.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00077491/

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：SPRINGER-VERLAG BERLIN  

Logging information is necessary in order to understand a computer's behavior. However, there is a possibility that attackers will delete logs to hide the evidence of their attacking and cheating. Moreover, various problems might cause the loss of logging information. In homeland security, the plans for counter terrorism are based on data. The reliability of the data is depends on that of data collector. Because the reliability of the data collector is ensured by logs, the protection of it is important problem. To address these issues, we propose a system to prevent tampering and loss of logging information using a virtual machine monitor (VMM). In this system, logging information generated by the operating system (OS) and application program (AP) working on the target virtual machine (VM) is gathered by the VMM without any modification of the OS. The security of the logging information is ensured by its isolation from the VM. In addition, the isolation and multiple copying of logs can help in the detection of tampering. © 2011 IFIP International Federation for Information Processing.

DOI： 10.1007/978-3-642-23300-5_14

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/IEEEares/ares2011.html#SatoY11

Language：English   Publishing type：Research paper (scientific journal)  

researchmap

Language：Japanese   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

In a chip multiprocessor based on the continuation concept, the hardware scheduler controls threads and achieves high performance on thread scheduling. However, the priority of threads is not considered during execution because the hardware thread scheduler schedules threads in a FIFO manner. Therefore, when multiple services execute simultaneously, the execution of each service cannot consider the priority of service. In such a case, software support is needed to control the execution of each service. This paper presents a software scheduler for multiple services that supports the hardware scheduler. In addition, this paper also reports the evaluation of the software scheduler, which targets multiple services. © 2011 AICIT.

Scopus

CiNii Article

CiNii Books

researchmap

Other Link： https://dblp.uni-trier.de/rec/conf/interaction/2011

Authorship：Last author,　Corresponding author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：SPRINGER-VERLAG BERLIN  

Security focused OS (Secure OS) is attracting attention as a method for minimizing damage caused by various intrusions. Secure OSes can restrict the damage due to an attack by using Mandatory Access Control (MAC). In some projects, secure OSes for Linux have been developed. In these OSes, different implementation methods have been adopted. However, there is no method for easily evaluating the performance of the secure OS in detail, and the relationship between the implementation method and the performance is not clear. The secure OS in Linux after version 2.6 has often been implemented by Linux Security Modules (LSM). Therefore, we determine the effect of introducing the secure OS on the performance of the OS, and a characteristic by the difference of the implementation method by using the overhead measurement tool, the LSM Performance Monitor (LSMPMON); the LSMPMON can be used to evaluate three different secure OSes. © 2010 Springer-Verlag.

DOI： 10.1007/978-3-642-17610-4_7

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/fgit/sectech2010.html#YamamotoY10

Language：Japanese   Publishing type：Research paper (scientific journal)   Publisher：The Institute of Electronics, Information and Communication Engineers  

CiNii Article

CiNii Books

researchmap

Language：Japanese   Publishing type：Research paper (scientific journal)   Publisher：The Institute of Electronics, Information and Communication Engineers  

CiNii Article

CiNii Books

researchmap

Language：Japanese   Publishing type：Research paper (scientific journal)  

Buffer cache is implemented to improve I/O performance with data in disks. As buffer cache management, there are many mechanisms, but still many operating systems deploy LRU (Least Recently Used) algorithm. On the other hand, to reflect process contents of application programs to buffer cache, management scheme based on the system calls which application programs requested is better. Then, we propose I/O buffer cache mechanism based on the frequency of system call of the file operation. Our proposed mechanism calculates file importance from information of file operation. In addition in buffer cache blocks are replaced based on this file importance. In this paper, we describe our mechanism improves I/O performance by evaluation of application programs.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00068428/

Authorship：Lead author   Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：SPRINGER-VERLAG BERLIN  

Secure OS has been the focus of several studies. However, CPU resources, which are important resources for executing a program, are not the object of access control. For preventing the abuse of CPU resources, we had earlier proposed a new type of execution resource that controls the maximum CPU usage [5,6] The previously proposed mechanism can control only one process at a time. Because most services involve multiple processes, the mechanism should control all the processes in each service. In this paper, we propose an improved mechanism that helps to achieve a bound on the execution performance of a process group, in order to limit unnecessary processor usage. We report the results of an evaluation of our proposed mechanism. © 2010 Springer-Verlag.

DOI： 10.1007/978-3-642-17610-4_10

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/fgit/sectech2010.html#YamauchiHT10

Language：English   Publishing type：Research paper (scientific journal)   Publisher：Information Processing Society of Japan  

© 2010 Information Processing Society of Japan. Creating security policy for SELinux is difficult because access rules often exceed 10,000 and elements in rules such as permissions and types are understandable only for SELinux experts. The most popular way to facilitate creating security policy is refpolicy which is composed of macros and sample configurations. However, describing and verifying refpolicy based configurations is difficult because complexities of configuration elements still exist, using macros requires expertise and there are more than 100,000 configuration lines. The memory footprint of refpolicy which is around 5MB by default, is also a problem for resource constrained devices. We propose a system called SEEdit which facilitates creating security policy by a higher level language called SPDL and SPDL tools. SPDL reduces the number of permissions by integrated permissions and removes type configurations. SPDL tools generate security policy configurations from access logs and tool user’s knowledge about applications. Experimental results on an embedded system and a PC system show that practical security policies are created by SEEdit, i.e., describing configurations is semi-automated, created security policies are composed of less than 500 lines of configurations, 100 configuration elements, and the memory footprint in the embedded system is less than 500 KB.

DOI： 10.2197/ipsjjip.18.201

Scopus

researchmap

Authorship：Lead author   Language：English   Publishing type：Research paper (scientific journal)  

Interprocess communication (IPC) is often used to exchange data between cooperative processes, and the performance of IPC largely determines the processing time of application programs. Moreover, it is used for most of the kernel calls in a microkernel-based operating system (OS). Therefore, the performance of IPC affects the performance of the OS. In addition, the completion of the message-passing mechanism has to be indicated by executing a receive operation in order to maintain synchronization. Thus, two operations are required in this mechanism to complete the communication. On the other hand, no receive operation is required to indicate the completion of the communication in the case of asynchronous communication; however, in this case, no proof of the data being received is provided to the sender process. In this paper, we propose an instant synchronous interprocess communication (ISIPC) mechanism that can achieve both instantaneous communication and data synchronization. ISIPC has two functions: push function and sack function. We describe the design of the ISIPC mechanism and also its implementation on the Tender operating system. In addition, we present the evaluation results for the ISIPC mechanism.

DOI： 10.4156/jnit.vol1.issue3.9

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/journals/jnit/jnit1.html#YamauchiFT10

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：SPRINGER-VERLAG BERLIN  

In embedded systems, the types of processings to be executed are limited, and many processes are executed periodically. In such systems, we need to reduce the overhead of periodic execution control and the dispersion of the processing time. ART-Linux has been proposed as a conventional real-time operating system that can be used for this purpose in various devices such as robots. In this paper, we discuss the periodic execution control of ART-Linux and clarify several problems. Next, we propose a design for sophisticated periodic execution control in order to solve these problems. Finally, we discuss the realization of periodic execution control, the effect of this control, and the result of the evaluation. © 2010 Springer-Verlag Berlin Heidelberg.

DOI： 10.1007/978-3-642-17569-5_54

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/fgit/fgit2010.html#FurukawaYT10

J-GLOBAL

researchmap

Language：Japanese  

CiNii Article

J-GLOBAL

researchmap

Authorship：Lead author   Language：Japanese   Publishing type：Research paper (scientific journal)  

In personal computer environment, it is important to protect the information leakage. In this paper, a mechanism of protecting information leakage is proposed. This mechanism has two functions. One function is the function of tracing classified information. The other function is the function of controlling the write function. The tracing function is deployed by hook the call of file operations, interprocess communication, and process creation. This paper describes a method that improve the accuracy of tracing classified information and reduce the labor of configuration. This paper shows the proposed mechanism can trace all files and improve the the accuracy of tracing classified information by using the user judgement.

CiNii Article

CiNii Books

researchmap

Language：Japanese  

CiNii Article

CiNii Books

J-GLOBAL

researchmap

Language：Japanese   Publisher：The Institute of Electronics, Information and Communication Engineers  

CiNii Article

CiNii Books

J-GLOBAL

researchmap

Authorship：Lead author   Language：Japanese   Publisher：The Institute of Electronics, Information and Communication Engineers  

CiNii Article

CiNii Books

J-GLOBAL

researchmap

Language：Japanese  

J-GLOBAL

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：USENIX Association  

© LISA 2009. Security policy for SELinux is usually created by customizing a sample policy called refpolicy. However, describing and verifying security policy configurations is difficult because in refpolicy, there are more than 100,000 lines of configurations, thousands of elements such as permissions, macros and labels. The memory footprint of refpolicy which is around 5MB, is also a problem for resource constrained devices. We propose a security policy configuration system SEEdit which facilitates creating security policy by a higher level language called SPDL and SPDL tools. SPDL reduces the number of permissions by integrated permissions and removes label configurations. SPDL tools generate security policy configurations from access logs and tool user's knowledge about applications. Experimental results on an embedded system and a PC system show that practical security policies are created by SEEdit, i.e., describing configurations is semiautomated, created security policies are composed of less than 500 lines of configurations, 100 configuration elements, and the memory footprint in the embedded system is less than 500KB.

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/conf/lisa/2009

Language：Japanese  

CiNii Article

J-GLOBAL

researchmap

Language：Japanese   Publisher：The Institute of Electronics, Information and Communication Engineers  

CiNii Article

CiNii Books

J-GLOBAL

researchmap

Language：Japanese  

In recent years, with the spread of the Internet, the increase in the number of spam has become one of the most serious problems. A recent report reveals that 91% of all e-mail exchanged in 2006 was spam. Using the Bayesian filter is a popular approach to distinguish between spam and legitimate e-mails. It applies the Bayes theory to identify spam. This filter proffers high filtering precision and is capable of detecting spam as per personal preferences. However, the number of image spam, which contains the spam message as an image, has been increasing rapidly. The Bayesian filter is not capable of distinguishing between image spam and legitimate e-mails since it learns from and examines only text data. Therefore, in this study, we propose an anti-image spam technique that uses image information such as file size. This technique can be easily implemented on the existing Bayesian filter. In addition, we report the results of the evaluations of this technique.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00009442/

Language：Japanese   Publisher：The Institute of Electronics, Information and Communication Engineers  

CiNii Article

CiNii Books

J-GLOBAL

researchmap

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE COMPUTER SOC  

In pervasive computing, embedded systems have a possibility to be attacked by crackers, including 0-day attack, as well as enterprise systems. In particular, in a case where a cracker gets a root privilege, damages are significant. To resolve this problem, Security-Enhanced Linux (SELinux) is useful. However, SELinux has a problem that is significant complexity for configuration because of too fine-grained access control. As a method for resolving this problem, SELinux Policy Editor (SEEdit) has been developed; this is a tool that simplifies the SELinux configuration. SEEdit uses the Simplified Policy Description Language (SPDL) as a policy description language. In the SPDL, we define new access permissions that integrate Access Vector Permissions (AVPs) employed in SELinux to provide access permissions in a security policy. Thus, we propose a set of access permissions named Integrated Access Permissions (IAPs), which enables the achievement of a good balance between reducing the workload of the configurations and guaranteeing security in SELinux. In addition, we evaluate our IAPs and show them almost secure. © 2008 IEEE.

DOI： 10.1109/ISA.2008.21

Web of Science

Scopus

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE COMPUTER SOC  

In recent years, with the spread of the Internet, the number of spam e-mail has become one of the most serious problems. A recent report reveals that 91% of all e-mail exchanged in 2006 was spam. Using the Bayesian filter is a popular approach to distinguish between spam and legitimate e-mails. It applies the Bayes theory to identify spam. This filter proffers high filtering precision and is capable of detecting spam as per personal preferences. However, the number of image spam, which contains the spam message as an image, has been increasing rapidly. The Bayesian filter is not capable of distinguishing between image spam and legitimate e-mails since it learns from and examines only text data. Therefore, in this study, we propose an anti-image spam technique that uses image information such as file size. This technique can be easily implemented on the existing Bayesian filter. In addition, we report the results of the evaluations of this technique. © 2008 IEEE.

DOI： 10.1109/ISA.2008.84

Web of Science

Scopus

J-GLOBAL

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE COMPUTER SOC  

Most operating systems manage buffer caches for buffering I/O blocks, because I/O processing is slower than CPU processing. Application programs request I/O processing from files. In order to improve the performance of I/O processing, a buffer cache should be managed with regard to both blocks and files. This paper proposes an I/O buffer cache mechanism based on the frequency of file usage. This mechanism calculates the importance of each file. Then, blocks of important files are stored in a protected space. The blocks stored in the protected space are given priority for caching. We evaluated the proposed mechanism by kernel make processing. The results show that the proposed mechanism improves the processing time by 18 s (5.7%) as compared to the LRU algorithm. © 2008 IEEE.

DOI： 10.1109/ICCIT.2008.107

Web of Science

Scopus

researchmap

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE COMPUTER SOC  

Interprocess communication (IPC) is often applied to cooperative processes and IPC performance largely determine the processing time. Here, we propose an instant synchronous IPC mechanism for preferential processing of high-priority data. In addition, we present that the results of an evaluation using an application program by using an imprecise computational model. © 2008 IEEE.

DOI： 10.1109/ICCIT.2008.106

Web of Science

Scopus

researchmap

Language：English   Publishing type：Research paper (scientific journal)  

With increases in the performance of computers, it has become possible to provide a large number of services on a single computer. However, since the required execution performance can vary from service to service, it is necessary to guarantee execution performance for each service individually. In addition, it is common for a single service to be composed of multiple processes. Consequently, the ability to regulate execution performance for units consisting of multiple processes is desirable. Therefore, in this paper we propose a mechanism for regulating the execution performance of process groups using execution resources that encapsulate the assignable processor units designed for the Tender operating system. Specifically, executions are managed in a tree-structure and we then regulate execution performance by associating processes with these executions. In addition, we show via an implementation and evaluations that the proposed method is able to regulate the execution performance of process groups well and present an evaluation that makes use of a Web server. © 2007 Wiley Periodicals, Inc.

DOI： 10.1002/scj.20403

Scopus

J-GLOBAL

researchmap

J-GLOBAL

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE COMPUTER SOC  

The costs involved in process creation and termination make this procedure expensive. This procedure expensive, thus degrading the performance of program execution. To solve this problem, a fast process creation and termination mechanism is proposed. This mechanism is implemented by recycling process resources. In order to improve the efficiency of recycling, the management of preserved process resources for recycling is an important factor. In this paper, we propose an improved resource management method for recycling process resources and an adaptive control mechanism. In the method, only one process resource with a program image is preserved for each program that occurs with high frequency of program execution. The proposed method can reduce the amount of memory consumption for preserved process resources in a concurrent execution environment. We also describe the implementation of the proposed method on the Tender operating system and report the results of our experiments. © 2007 IEEE.

DOI： 10.1109/IPC.2007.83

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/ipc/ipc2007.html#TabataT07

J-GLOBAL

researchmap

Publishing type：Research paper (scientific journal)  

In a ubiquitous environment, the hardware resources are limited; thus, an appropriate resource management mechanism is required for guaranteeing its processing activity. However, most operating systems (OSs) lack an access control mechanism for CPU resources to guarantee satisfactory processing and to safeguard the system from malicious attacks that affect the CPU resources, resulting in denial of service (DoS). Access control is not intended for CPU resources, which are important for the execution of a program. As a result, OSs cannot control the usage ratio of CPU resources. In this paper, we propose an access control model for CPU resources based on an execution resource. The proposed model can control the usage ratio of CPU resources appropriately for each user and each program domain. This execution resource can be applied to mitigate DoS attacks. In order to evaluate the effectiveness of the proposed method, we describe the results of a basic performance experiment and a DoS simulation experiment employing the Apache web server. From the results, we show that the proposed method can mitigate DoS attacks and does not have bad effects upon the performance of a target service.

Scopus

researchmap

Publishing type：Research paper (international conference proceedings)  

We propose an intrusion detection system. Our system can detect the alteration of data in memory and also can restore altered data. This type of intrusion detection system has been proposed variously so far. But many of them can detect only a part of attacks. And as far as we know, few of them can restore altered data. Our system can detect attacks which can not be detected by existing systems and also can restore altered data. Our system protects data in the kernel area using hash functions. The overhead of accessing the kernel area and using a hash function is high. But our system reduces the frequency of accessing the kernel area and using a hash function in safety.

Scopus

J-GLOBAL

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE COMPUTER SOC  

In a ubiquitous environment, the hardware resources are limited; thus, an appropriate resource management mechanism is required for guaranteeing its processing activity. However, most operating systems (OSs) lack an access control mechanism for CPU resources to guarantee satisfactory processing and to safeguard the system from malicious attacks that affect the CPU resources, resulting in denial of service (DoS). Access control is not intended for general OSs and CPU resources, which are important for the execution of a program. As a result, OSs cannot control the usage ratio of CPU resources. In this paper, we propose an access control model for CPU resources based on an execution resource. The proposed model can control the usage ratio of CPU resources appropriately for each program domain. This execution resource can be applied to mitigate DoS attacks. © 2007 IEEE.

DOI： 10.1109/MUE.2007.111

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/mue/mue2007.html#TabataHYT07

J-GLOBAL

researchmap

DOI： 10.2197/ipsjdc.2.39

J-GLOBAL

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：IEEE  

Attacks against data in memory are one of the most serious threats these days. Although many detection systems have been proposed so far, most of them can detect only part of alteration. Some detection systems use canaries to detect alteration. However, if an execution code has bugs that enable attackers to read data in memory, the system could be bypassed by attackers who can guess canaries. To overcome the problems, we propose a system using alteration of data. Our proposed system detects illegal alteration with verifier for vulnerable data. Verifier is made before vulnerable data could be altered by attackers, and verifier is checked when the program uses the vulnerable data. Part of Verifier is stored in kernel area to prevent attackers from reading data in user memory. Our approach can detect illegal alteration of arbitrary data in user memory. Our proposed system, moreover, does not have the problem systems using canaries have. © 2006 IEEE.

DOI： 10.1109/AINA.2006.94

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/aina/aina2006.html#NaganoTST06

researchmap

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：SPRINGER-VERLAG BERLIN  

In order to prevent the malicious use of the computers exploiting buffer overflow vulnerabilities, a corrective action by not only calling a programmer's attention but expansion of compiler or operating system is likely to be important. On the other hand, the introduction and employment of intrusion detection systems must be easy for people with the restricted knowledge of computers. In this paper, we propose an anomaly detection method by modifying actively some control flows of programs. Our method can efficiently detect anomaly program behavior and give no false positives. © Springer-Verlag Berlin Heidelberg 2006.

DOI： 10.1007/11893004_94

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/kes/kes2006-2.html#TataraTS06

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

Statistical filtering using Bayes theory, called Bayesian filtering, is studied for years, and after Graham published an essay "A plan for spam", many implementations of Bayesian filtering have developed. In multi-lingual email environment, which more than one language is used in incoming email, corpus for statistical filtering is usually separated into ones specified to each language. In this paper, we propose a new method in which a corpus is chosen for each token, and then we show the efficiency of our proposed method by experiments in comparison to traditional methods.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00010556/

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

Embedding personal identifiers as watermarks to software is effective in order to protect copyright of them. Monden et al. proposed program watermarking scheme for embedding arbiter character sequence to target Java class files. But their scheme can be used to embed only the same watermarking to all the programs. Thus, if we apply their scheme to embed users' personal identifiers, the watermark can be specified by comparing two or more users' program. This paper improve the problem by using a class structure transformation.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00010564/

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

In order to prevent attacks exploiting buffer overflow vulnerabilities, there are many researches of checking programs for abnormal behaviors based on history of system calls emitted by them. In this paper, the authors take into account control flow of the programs, and prove an efficiency of a method for modeling history of system calls in a Bayesian Network. We also consider a method for appropriate anomaly detection without false positives.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00010557/

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

SELinux Policy Editor is a configuration tool for SELinux. As a part of its support of configuration, this tool simplifies the configuration of SELinux by integrating configuration items. However, the integration of configuration items may harm the fine-grained access control of SELinux. In this paper, we examine the effects of the simplification on access control policy and report the evaluation of the security about Apache web server.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00010661/

Publishing type：Research paper (international conference proceedings)   Publisher：Springer  

In this paper, we, as well as Eskin, Lee, Stolfo propose a method of prediction model. In their method, the program was characterized with both the order and the kind of system calls. We focus on a non-sequential feature of system calls given from a program. We apply a Bayesian network to predicting the N-th system call from the sequence of system calls of the length N - 1. In addition, we show that a correlation between several kinds of system calls can be expressed by using our method, and can characterize a program behavior. © Springer-Verlag Berlin Heidelberg 2004.

DOI： 10.1007/978-3-540-31815-6_8

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/wisa/wisa2004.html#TataraTS04

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：SPRINGER-VERLAG BERLIN  

For the security technology that has been achieved with software in the computer system and the protection of the intellectual property right of software, software protection technology is necessary. One of those techniques is called obfuscation, which converts program to make analysis difficult while preserving its function. In this paper, we examine the applicability of our program obfuscation scheme to complicate control flow and study the tolerance against program analysis. © IFIP International Federation for Information Processing 2005.

DOI： 10.1007/11596042_94

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/euc/eucw2005.html#ToyofukuTS05

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：SPRINGER-VERLAG BERLIN  

Bayesian filtering is one of the most famous anti-spam measures. However, there is no standard implementation for treatment of Japanese emails by Bayesian filtering. In this paper, we compare several conceivable ways to treat Japanese emails about tokenizing and corpus separation. In addition, we give experimental results and some knowledge obtained by the experiments. © Springer-Verlag Berlin Heidelberg 2004.

DOI： 10.1007/978-3-540-31815-6_12

Web of Science

Scopus

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/wisa/wisa2004.html#IwanagaTS04

DOI： 10.2197/ipsjdc.2.39

researchmap

J-GLOBAL

researchmap

J-GLOBAL

researchmap

J-GLOBAL

researchmap

J-GLOBAL

researchmap

Language：Japanese   Publisher：The Institute of Electronics, Information and Communication Engineers  

CiNii Article

CiNii Books

J-GLOBAL

researchmap

Language：Japanese   Publisher：Information Processing Society of Japan (IPSJ)  

Some anti-spam schemes are based on challenge-response, a principle that a recipient reads only messages from senders who are registered by the recipient. In these schemes, request for setup is sent to senders who are not registered. Since bounce messages are legitimate but MTA cannot reply to request, we should have some exception to receive for them. However, spammers can abuse this exception to send spam to users, disguising their spam with bounce messages. In this paper, we propose an improved scheme, combining challenge-response and Bayesian filtering, then perform some tests on the effect of our scheme to avoid those spam.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00010841/

Language：Japanese   Publisher：Kyushu University  

CiNii Article

CiNii Books

J-GLOBAL

researchmap

Publishing type：Research paper (international conference proceedings)   Publisher：INSTICC Press  

researchmap

Other Link： https://dblp.uni-trier.de/db/conf/icete/icete2004.html#TabataS04

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：INT INST INFORMATICS & SYSTEMICS  

A process is a program in execution. Processes can be executed concurrently in operating Systems (OS) and they may be created and be deleted dynamically. Process creation and termination are required for program execution. They axe an important processing, but the cost of them is expensive. The cost of them affects the execution performance of programs. We proposed a fast process creation and termination mechanism by recycling process elements. The management of preserved process elements is an important problem for recycling. We also proposed an efficient resource management for recycling process elements. The proposed method can reduce the amount of memory consumption of preserved resources. It focused on frequency of program execution, but it is insufficient to reduce the cost.
In this paper, we propose an improved resource management method for recycling process elements. In the method, only one process element with program image is preserved for each program with high frequency in program execution. The method can reduce the amount of memory consumption of preserved process elements. We also describe the implementation of proposal method on Tender operating system and report the contents of experiments and the result of them.

Web of Science

researchmap

researchmap

Language：English   Publishing type：Research paper (international conference proceedings)   Publisher：INT INST INFORMATICS & SYSTEMICS  

Most of Operating Systems (OSs) provide processes with virtual memory. One advantage of this technique is that programs can be larger than physical memory. In addition, this technique abstracts main memory into large address space and frees programmers from the limitation of main memory. Single Virtual Storage (SVS) or Multiple Virtual Storage (MVS) are implemented in current OSs, but SVS and MVS do not coexist in existing OSs. If they coexist in an operating system, users can make use of each advantage. In this paper, we propose Heterogeneous Virtual Storage (HVS). Because SVS and MVS can coexist in HVS, HVS can provide both of the advantages of SVS and MVS to users. We also describe about implementation of HVS on The EN-during operating system for Distributed Environment (Tender). After that, we explain contents of experiments and report that result.

Web of Science

researchmap

J-GLOBAL

researchmap

Authorship：Lead author   Language：Japanese   Publishing type：Research paper (scientific journal)   Publisher：Information Processing Society of Japan (IPSJ)  

Operating system controls a process to execute a program. A process is created for executing a program. Then the process is deleted when the program terminated. Processing of process creation needs creation of virtual address space and a read of program. The load of the processing is heavy. Therefore there are many researches for fast process creation. We proposed fast process creation mechanism by recycling process elements. Fast process creation and fast process deletion are realized by recycling process elements. However, reserved process elements consume memory resources. Therefore efficient resource management is necessary. This paper proposes efficient resource management for recycling process elements.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00018559/

Authorship：Lead author   Language：Japanese   Publishing type：Research paper (scientific journal)   Publisher：The Institute of Electronics, Information and Communication Engineers  

CiNii Article

CiNii Books

J-GLOBAL

researchmap

Authorship：Lead author   Language：Japanese   Publishing type：Research paper (scientific journal)   Publisher：Information Processing Society of Japan (IPSJ)  

An operating system controls many processes to execute programs. The processing of process creation and process termination has a heavy load in an operating system. Therefore there are many techniques that can speed up process creation ; for example, sticky bit and the vfork system call are realized in UNIX. Furthermore, demand paging and copy-on-write are realized. Generally, specific programs are often executed repeatedly. For example, in the "make" command of UNIX, process creation and process termination are repeated, because a compiler is executed many times. We propose the function for restarting a process. The function is effective where specific programs are executed repeatedly, because the function can reduce the overhead of process creation and process termination. This paper describes the structure of a process and the function for restarting a process. This paper also reports the performance of the function.

CiNii Article

CiNii Books

researchmap

Other Link： http://id.nii.ac.jp/1001/00011209/

Publishing type：Research paper (international conference proceedings)  

With the spread of the Internet, services that communicate to other services are increasing. Multimedia applications such as video on demand also ask for network Quality of Service (QoS). Thus, operating systems have to guarantee the allocation of computer resources to services. The computer resources are CPU, disk, network devices and so on. We suppose that the communications have to be controlled well, because services using network are increasing. This paper proposes the communication bandwidth control mechanism by regulating program execution speed. Our proposed mechanism is based on the process schedule method for regulating program execution speed. In the process schedule method, the operating system reserves the amount of CPU time of target processes and guarantees the allocation of CPU time on a sending host. Our proposed mechanism can guarantee a required data rate of target processes by allocating enough CPU time for communications. Because operating systems manage computer resources, they guarantee the allocation of CPU time if the process schedule method is implemented. The allocation of CPU time is not almost affected by non-target processes. This paper introduces the process schedule method and the implementation of it. This paper also shows how to control the communication bandwidth of target processes. Then this paper describes about an evaluation of our proposed mechanism.

Scopus

J-GLOBAL

researchmap

researchmap

Publishing type：Research paper (international conference proceedings)  

Security-Enhanced Linux (SELinux) is a secure operating system. SELinux implements some features in order to perform strong access control. However, the configuration of SELinux access control becomes very complex. Such complexity may cause misconfiguration which can harm the strong access control. SELinux Policy Editor is a configuration tool for SELinux. It is developed in order to reduce the complexity and the risk of misconfiguration. As a part of its support of configuration, this tool simplifies the configuration of SELinux by integrating configuration items for complicated access control policy of SELinux. Although we can originally define and use macros which integrate permissions in SELinux access control policy, the integrated permissions of SELinux Policy Editor and the macros differ fundamentally in whether the use of them is mandatory or discretionary. In this paper, we examine effects of the simplification by SELinux Policy Editor on an example access control policy and evaluate the security of the access control based on the simplified policy about Apache, a web server software.

Scopus

J-GLOBAL

researchmap

researchmap

researchmap

Publishing type：Research paper (international conference proceedings)  

Recently, various schemes against spam are proposed because of rapid increasing of spam. Some schemes are based on sender whitelisting with auto registration, a principle that a recipient reads only messages from senders who are registered by the recipient, and a sender have to perform some procedure to be registered (challenge-response.) In these schemes, some exceptions are required to show error mail to a sender of an original message. However, spammers can abuse this exception to send spam to users. We have proposed improved scheme in [1], combining challenge-response and Bayesian filtering. In this paper, we make tests on our scheme and a scheme using only Bayesian filtering to show efficiency of our scheme.

Scopus

J-GLOBAL

researchmap

Publishing type：Research paper (international conference proceedings)  

Recently, Java has been spread widely. However, Java has a problem that an attacker can reconstruct Java source codes from Java classfiles. Therefore many techniques for protecting Java software have been proposed, but, quantitive security evaluations are not fully given. This paper proposes an obfuscation scheme for Java source codes by destructing the encapsulation. In addition, we propose an evaluation scheme on the number of accesses to the fields and the methods of the other classes. We try to realize tamper-resistant software with the certain quantitive basis of security using our evaluation.

Scopus

J-GLOBAL

researchmap

J-GLOBAL

researchmap

J-GLOBAL

researchmap

researchmap

J-GLOBAL

researchmap

J-GLOBAL

researchmap

J-GLOBAL

researchmap

J-GLOBAL

researchmap

Authorship：Last author,　Corresponding author   Language：Japanese   Publishing type：Research paper, summary (national, other academic conference)  

J-GLOBAL

researchmap

Authorship：Last author,　Corresponding author   Language：Japanese   Publishing type：Research paper, summary (national, other academic conference)  

researchmap

Authorship：Last author,　Corresponding author   Language：Japanese   Publishing type：Research paper, summary (national, other academic conference)  

researchmap

Language：Japanese   Publishing type：Research paper, summary (national, other academic conference)  

researchmap

Language：Japanese   Publishing type：Research paper, summary (national, other academic conference)  

researchmap

Authorship：Last author,　Corresponding author   Language：Japanese   Publishing type：Research paper, summary (national, other academic conference)  

researchmap

Language：Japanese   Publishing type：Research paper, summary (national, other academic conference)  

researchmap

Language：Japanese   Publishing type：Research paper, summary (national, other academic conference)  

researchmap

Authorship：Last author,　Corresponding author   Language：Japanese   Publishing type：Research paper, summary (national, other academic conference)