Back to Search
Start Over
(Short Paper) Evidence Collection and Preservation System with Virtual Machine Monitoring
- Publication Year :
- 2021
-
Abstract
- In a system audit and verification, it is important to securely collect and preserve evidence of execution environments, execution processes, and program execution results. Evidence-based verification of program processes ensures their authenticity; for example, the processes include no altered/infected program library. This paper proposes a solution for collection of evidence on program libraries based on Virtual Machine Monitor (VMM). The solution can solve semantic gap by obtaining library file path names. This paper also shows a way to obtain hash values of library files from a guest OS. Furthermore, this paper provides examples of evidence on program xecution and the overhead of the solution.
Details
- Database :
- OAIster
- Notes :
- Nakamura, Toru, Ito, Hiroshi, Kiyomoto, Shinsaku, Yamauchi, Toshihiro
- Publication Type :
- Electronic Resource
- Accession number :
- edsoai.on1375192021
- Document Type :
- Electronic Resource