start-ver=1.4 cd-journal=joma no-vol= cd-vols= no-issue= article-no= start-page=1 end-page= dt-received= dt-revised= dt-accepted= dt-pub-year=2018 dt-pub=2018129 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Web access monitoring mechanism for Android webview en-subtitle= kn-subtitle= en-abstract= kn-abstract=In addition to conventional web browsers, WebView is used to display web content on Android. WebView is a component that enables the display of web content in mobile applications, and is extensively used. As WebView displays web content without having to redirect the user to web browsers, there is the possibility that unauthorized web access may be performed secretly via Web-View, and information in Android may be stolen or tampered with. Therefore, it is necessary to monitor and analyze web access via WebView, particularly because attacks exploiting WebView have been reported. However, there is no mechanism for monitoring web access viaWebView. In this work, the goals are to monitor web access via WebView and to analyze mobile applications using Web-View. To achieve these goals, we propose a web access monitoring mechanism for Android WebView. In this paper, the design and implementation of a mechanism that does not require any modifications to the Android Framework and Linux kernel are presented for the Chromium Android System WebView app. In addition, this paper presents evaluation results for the proposed mechanism. en-copyright= kn-copyright= en-aut-name=ImamuraYuta en-aut-sei=Imamura en-aut-mei=Yuta kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=UekawaHiroyuki en-aut-sei=Uekawa en-aut-mei=Hiroyuki kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=IshiharaYasuhiro en-aut-sei=Ishihara en-aut-mei=Yasuhiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= en-aut-name=SatoMasaya en-aut-sei=Sato en-aut-mei=Masaya kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=4 ORCID= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=5 ORCID= affil-num=1 en-affil=Okayama University, Okayama, Japan kn-affil= affil-num=2 en-affil=Okayama University, Okayama, Japan kn-affil= affil-num=3 en-affil=Okayama University, Okayama, Japan kn-affil= affil-num=4 en-affil=Okayama University, Okayama, Japan kn-affil= affil-num=5 en-affil=Okayama University Okayama, Japan kn-affil= en-keyword=Android kn-keyword=Android en-keyword= WebView kn-keyword= WebView en-keyword=Web access monitoring kn-keyword=Web access monitoring END start-ver=1.4 cd-journal=joma no-vol=20 cd-vols= no-issue= article-no= start-page=833 end-page=847 dt-received= dt-revised= dt-accepted= dt-pub-year=2021 dt-pub=20210119 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Web access monitoring mechanism via Android WebView for threat analysis en-subtitle= kn-subtitle= en-abstract= kn-abstract=Many Android apps employ WebView, a component that enables the display of web content in the apps without redirecting users to web browser apps. However, WebView might also be used for cyberattacks. Moreover, to the best of our knowledge, although some countermeasures based on access control have been reported for attacks exploiting WebView, no mechanism for monitoring web access via WebView has been proposed and no analysis results focusing on web access via WebView are available. In consideration of this limitation, we propose a web access monitoring mechanism for Android WebView to analyze web access via WebView and clarify attacks exploiting WebView. In this paper, we present the design and implementation of this mechanism by modifying Chromium WebView without any modifications to the Android framework or Linux kernel. The evaluation results of the performance achieved on introducing the proposed mechanism are also presented here. Moreover, the result of threat analysis of displaying a fake virus alert while browsing websites on Android is discussed to demonstrate the effectiveness of the proposed mechanism. en-copyright= kn-copyright= en-aut-name=ImamuraYuta en-aut-sei=Imamura en-aut-mei=Yuta kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=OritoRintaro en-aut-sei=Orito en-aut-mei=Rintaro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=UekawaHiroyuki en-aut-sei=Uekawa en-aut-mei=Hiroyuki kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= en-aut-name=ChaikaewKritsana en-aut-sei=Chaikaew en-aut-mei=Kritsana kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=4 ORCID= en-aut-name=LeelaprutePattara en-aut-sei=Leelaprute en-aut-mei=Pattara kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=5 ORCID= en-aut-name=SatoMasaya en-aut-sei=Sato en-aut-mei=Masaya kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=6 ORCID= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=7 ORCID= affil-num=1 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=2 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=3 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=4 en-affil=Faculty of Engineering, Kasetsart University kn-affil= affil-num=5 en-affil=Faculty of Engineering, Kasetsart University kn-affil= affil-num=6 en-affil=Graduate School of Natural Science and Technology kn-affil= affil-num=7 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= en-keyword=Android kn-keyword=Android en-keyword=WebView kn-keyword=WebView en-keyword=Web access monitoring kn-keyword=Web access monitoring en-keyword=Web security kn-keyword=Web security en-keyword=Threat analysis kn-keyword=Threat analysis en-keyword=Fake virus alert kn-keyword=Fake virus alert END start-ver=1.4 cd-journal=joma no-vol=791 cd-vols= no-issue= article-no= start-page=139598 end-page= dt-received= dt-revised= dt-accepted= dt-pub-year=2020 dt-pub=20200618 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=The effect of precipitations (NbC and carbide) in Fe?C?Mn-xNb steels on hydrogen embrittlement characteristics en-subtitle= kn-subtitle= en-abstract= kn-abstract=Hydrogen embrittlement (HE) characteristics in Fe?C?Mn-xNb steels were examined via various analyses, including electron backscatter diffraction analysis, scanning transmission electron microscopy and three-dimensional atom-probe tomography. For the investigation, the steel samples were prepared with varying Nb contents and heat treatment processes. The material properties of steel samples that were subjected to: (i) water quenching and (ii) quenching and tempering at 170 C for 20 min, were determined to be nearly similar, although different degrees of HE were detected. After the tempering process, -carbide precipitated clearly in the matrix, which could act as a trapping site for hydrogen atoms and lead to improved HE resistance. Moreover, with addition of Nb, niobium base precipitates (e.g., NbC) with a diameter of a few nanometers were obtained in the martensite matrix, which could also function as hydrogen trapping sites. There was slight improvement in the HE resistance with NbC. Hydrogen-assisted failure mechanisms under both static and cyclic loading were observed with intergranular brittle cracking for the water quenched sample, even though the brittle and ductile mix failure mode was detected for the sample after the quenching and tempering process. en-copyright= kn-copyright= en-aut-name=OkayasuMitsuhiro en-aut-sei=Okayasu en-aut-mei=Mitsuhiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=SatoMasaya en-aut-sei=Sato en-aut-mei=Masaya kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=IshidaDaiki en-aut-sei=Ishida en-aut-mei=Daiki kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= en-aut-name=SenumaTakehide en-aut-sei=Senuma en-aut-mei=Takehide kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=4 ORCID= affil-num=1 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=2 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=3 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=4 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= en-keyword=Steel kn-keyword=Steel en-keyword=Hydrogen embrittlement; kn-keyword=Hydrogen embrittlement; en-keyword=Trapping site kn-keyword=Trapping site en-keyword=Niobium carbide; kn-keyword=Niobium carbide; en-keyword=-carbide kn-keyword=-carbide END start-ver=1.4 cd-journal=joma no-vol= cd-vols= no-issue= article-no= start-page=20489448 end-page= dt-received= dt-revised= dt-accepted= dt-pub-year=2020 dt-pub=202011 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Method of Generating a Blacklist for Mobile Devices by Searching Malicious Websites en-subtitle= kn-subtitle= en-abstract= kn-abstract=As mobile devices have become more popular, malware and attacks directed at them have significantly increased. One of the methods to attack mobile devices is redirecting a user to unwanted websites by unwanted page transition. One of the countermeasures against such attacks is to generate a blacklist of URLs and hostnames, which can prevent access to malicious websites. To generate a blacklist, first, malicious websites are collected in the web space. Then, URLs and hostnames of the malicious websites are added to the blacklist. However, URLs of the malicious websites are typically changed frequently; thus, it is necessary to keep track of the malicious websites and update the blacklist in a timely manner. In this study, we proposed a method to generate blacklists for mobile devices by searching malicious websites. The method collects many HTML files from the web space using a crawler and searches for HTML files that are highly likely to be malicious using keywords extracted from the known malicious websites to discover the new ones. Thus, new malicious websites can be added to the blacklist in a timely manner. Using the proposed method, we discovered malicious websites that were not detected by Google Safe Browsing. Moreover, the blacklist generated using the method had a high detection rate for certain malicious websites. This paper reports the design process and the results of the evaluation of the new method. en-copyright= kn-copyright= en-aut-name=IshiharaTakashi en-aut-sei=Ishihara en-aut-mei=Takashi kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=SatoMasaya en-aut-sei=Sato en-aut-mei=Masaya kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= affil-num=1 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=2 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=3 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= en-keyword=Malicious Websites kn-keyword=Malicious Websites en-keyword=Blacklist kn-keyword=Blacklist en-keyword=Web-based Attack kn-keyword=Web-based Attack en-keyword=Android kn-keyword=Android END start-ver=1.4 cd-journal=joma no-vol= cd-vols= no-issue= article-no= start-page=635 end-page=641 dt-received= dt-revised= dt-accepted= dt-pub-year=2016 dt-pub=201611 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Memory Access Monitoring and Disguising of Process Information to Avoid Attacks to Essential Services en-subtitle= kn-subtitle= en-abstract= kn-abstract=To prevent attacks on essential software and to mitigate damage, an attack avoiding method that complicates process identification from attackers is proposed. This method complicates the identification of essential services by replacing process information with dummy information. However, this method allows attackers to identify essential processes by detecting changes in process information. To address this problems and provide more complexity to process identification, this paper proposes a memory access monitoring by using a virtual machine monitor. By manipulating the page access permission, a virtual machine monitor detects page access, which includes process information, and replaces it with dummy information. This paper presents the design, implementation, and evaluation of the proposed method. en-copyright= kn-copyright= en-aut-name=SatoMasaya en-aut-sei=Sato en-aut-mei=Masaya kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=TaniguchiHideo en-aut-sei=Taniguchi en-aut-mei=Hideo kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= affil-num=1 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=2 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=3 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= en-keyword=avoidance kn-keyword=avoidance en-keyword=process information kn-keyword=process information en-keyword=virtualization kn-keyword=virtualization END start-ver=1.4 cd-journal=joma no-vol= cd-vols= no-issue= article-no= start-page=338 end-page=349 dt-received= dt-revised= dt-accepted= dt-pub-year=2020 dt-pub=20200820 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Improvement and Evaluation of a Function for Tracing the Diffusion of Classified Information on KVM en-subtitle= kn-subtitle= en-abstract= kn-abstract=The increasing amount of classified information currently being managed by personal computers has resulted in the leakage of such information to external computers, which is a major problem. To prevent such leakage, we previously proposed a function for tracing the diffusion of classified information in a guest operating system (OS) using a virtual machine monitor (VMM). The tracing function hooks a system call in the guest OS from the VMM, and acquiring the information. By analyzing the information on the VMM side, the tracing function makes it possible to notify the user of the diffusion of classified information. However, this function has a problem in that the administrator of the computer platform cannot grasp the transition of the diffusion of classified processes or file information. In this paper, we present the solution to this problem and report on its evaluation. en-copyright= kn-copyright= en-aut-name=MoriyamaHideaki en-aut-sei=Moriyama en-aut-mei=Hideaki kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=SatoMasaya en-aut-sei=Sato en-aut-mei=Masaya kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= en-aut-name=TaniguchiHideo en-aut-sei=Taniguchi en-aut-mei=Hideo kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=4 ORCID= affil-num=1 en-affil=National Institute of Technology, Ariake College kn-affil= affil-num=2 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=3 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=4 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= END start-ver=1.4 cd-journal=joma no-vol=72 cd-vols= no-issue=5 article-no= start-page=1841 end-page=1861 dt-received= dt-revised= dt-accepted= dt-pub-year=2016 dt-pub=2016223 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Evaluation and design of function for tracing diffusion of classified information for file operations with KVM en-subtitle= kn-subtitle= en-abstract= kn-abstract=Cases of classified information leakage have become increasingly common. To address this problem, we have developed a function for tracing the diffusion of classified information within an operating system. However, this function suffers from the following two problems: first, in order to introduce the function, the operating system's source code must be modified. Second, there is a risk that the function will be disabled when the operating system is attacked. Thus, we have designed a function for tracing the diffusion of classified information in a guest operating system by using a virtual machine monitor. By using a virtual machine monitor, we can introduce the proposed function in various environments without modifying the operating system's source code. In addition, attacks aimed at the proposed function are made more difficult, because the virtual machine monitor is isolated from the operating system. In this paper, we describe the implementation of the proposed function for file operations and child process creation in the guest operating system with a kernel-based virtual machine. Further, we demonstrate the traceability of diffusing classified information by file operations and child process creation. We also report the logical lines of code required to introduce the proposed function and performance overheads. en-copyright= kn-copyright= en-aut-name=FujiiShota en-aut-sei=Fujii en-aut-mei=Shota kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=SatoMasaya en-aut-sei=Sato en-aut-mei=Masaya kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= en-aut-name=TaniguchiHideo en-aut-sei=Taniguchi en-aut-mei=Hideo kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=4 ORCID= affil-num=1 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=2 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=3 en-affil= kn-affil= affil-num=4 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= en-keyword=Information Leak Prevention kn-keyword=Information Leak Prevention en-keyword=Virtualization kn-keyword=Virtualization en-keyword=Semantic Gap kn-keyword=Semantic Gap en-keyword=VMM kn-keyword=VMM END start-ver=1.4 cd-journal=joma no-vol=9 cd-vols= no-issue=1 article-no= start-page=1 end-page=10 dt-received= dt-revised= dt-accepted= dt-pub-year=2019 dt-pub=20190528 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Design and implementation of hiding method for file manipulation of essential services by system call proxy using virtual machine monitor en-subtitle= kn-subtitle= en-abstract= kn-abstract= Security or system management software is essential for keeping systems secure. To deter attacks on essential services, hiding information related to essential services is helpful. This paper describes the design, the implementation, and the evaluation of a method to make files invisible to all services except their corresponding essential services and provides access methods to those files in a virtual machine (VM). In the proposed method, the virtual machine monitor (VMM) monitors the system call, which invoked by an essential process to access essential files, and requests proxy execution to the proxy process on another VM. The VMM returns the result and skips the execution of the original system call on the protection target VM. Thus, access to essential files by the essential service is skipped on the protection target VM, but the essential service can access the file content. en-copyright= kn-copyright= en-aut-name=SatoMasaya en-aut-sei=Sato en-aut-mei=Masaya kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=TaniguchiHideo en-aut-sei=Taniguchi en-aut-mei=Hideo kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= affil-num=1 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=2 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=3 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= en-keyword=virtual machine monitor kn-keyword=virtual machine monitor en-keyword=file manipulation kn-keyword=file manipulation en-keyword=system call proxy kn-keyword=system call proxy en-keyword=essential services kn-keyword=essential services END