NIGELOG: Protecting Logging Information by Hiding Multiple Backups in Directories
DEXA '99 Proceedings of the 10th International Workshop on Database & Expert Systems Applications
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
DigSig: Runtime Authentication of Binaries at Kernel Level
LISA '04 Proceedings of the 18th USENIX conference on System administration
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Proposal of Digital Forensic System Using Security Device and Hysteresis Signature
IIH-MSP '07 Proceedings of the Third International Conference on International Information Hiding and Multimedia Signal Processing (IIH-MSP 2007) - Volume 02
Ether: malware analysis via hardware virtualization extensions
Proceedings of the 15th ACM conference on Computer and communications security
Towards More Trustable Log Files for Digital Forensics by Means of "Trusted Computing
AINA '10 Proceedings of the 2010 24th IEEE International Conference on Advanced Information Networking and Applications
| Hi-index | 0.00 |
Logging information is necessary in order to understand a computer's behavior. However, there is a possibility that attackers will delete logs to hide the evidence of their attacking and cheating. Moreover, various problems might cause the loss of logging information. In homeland security, the plans for counter terrorism are based on data. The reliability of the data is depends on that of data collector. Because the reliability of the data collector is ensured by logs, the protection of it is important problem. To address these issues, we propose a system to prevent tampering and loss of logging information using a virtual machine monitor (VMM). In this system, logging information generated by the operating system (OS) and application program (AP) working on the target virtual machine (VM) is gathered by the VMM without any modification of the OS. The security of the logging information is ensured by its isolation from the VM. In addition, the isolation and multiple copying of logs can help in the detection of tampering.