IEEEActa Medica Okayama2020Method of Generating a Blacklist for Mobile Devices by Searching Malicious Websites20489448ENTakashiIshiharaGraduate School of Natural Science and Technology, Okayama UniversityMasayaSatoGraduate School of Natural Science and Technology, Okayama UniversityToshihiroYamauchiGraduate School of Natural Science and Technology, Okayama UniversityAs mobile devices have become more popular, malware and attacks directed at them have significantly increased. One of the methods to attack mobile devices is redirecting a user to unwanted websites by unwanted page transition. One of the countermeasures against such attacks is to generate a blacklist of URLs and hostnames, which can prevent access to malicious websites. To generate a blacklist, first, malicious websites are collected in the web space. Then, URLs and hostnames of the malicious websites are added to the blacklist. However, URLs of the malicious websites are typically changed frequently; thus, it is necessary to keep track of the malicious websites and update the blacklist in a timely manner. In this study, we proposed a method to generate blacklists for mobile devices by searching malicious websites. The method collects many HTML files from the web space using a crawler and searches for HTML files that are highly likely to be malicious using keywords extracted from the known malicious websites to discover the new ones. Thus, new malicious websites can be added to the blacklist in a timely manner. Using the proposed method, we discovered malicious websites that were not detected by Google Safe Browsing. Moreover, the blacklist generated using the method had a high detection rate for certain malicious websites. This paper reports the design process and the results of the evaluation of the new method.No potential conflict of interest relevant to this article was reported.ACMActa Medica Okayama2018Web access monitoring mechanism for Android webview1ENYutaImamuraOkayama University, Okayama, JapanHiroyukiUekawaOkayama University, Okayama, JapanYasuhiroIshiharaOkayama University, Okayama, JapanMasayaSatoOkayama University, Okayama, JapanToshihiroYamauchiOkayama University Okayama, JapanIn addition to conventional web browsers, WebView is used to display web content on Android. WebView is a component that enables the display of web content in mobile applications, and is extensively used. As WebView displays web content without having to redirect the user to web browsers, there is the possibility that unauthorized web access may be performed secretly via Web-View, and information in Android may be stolen or tampered with. Therefore, it is necessary to monitor and analyze web access via WebView, particularly because attacks exploiting WebView have been reported. However, there is no mechanism for monitoring web access viaWebView. In this work, the goals are to monitor web access via WebView and to analyze mobile applications using Web-View. To achieve these goals, we propose a web access monitoring mechanism for Android WebView. In this paper, the design and implementation of a mechanism that does not require any modifications to the Android Framework and Linux kernel are presented for the Chromium Android System WebView app. In addition, this paper presents evaluation results for the proposed mechanism.No potential conflict of interest relevant to this article was reported.IEEEActa Medica Okayama2379-18882016Memory Access Monitoring and Disguising of Process Information to Avoid Attacks to Essential Services635641ENMasayaSatoGraduate School of Natural Science and Technology, Okayama UniversityToshihiroYamauchiGraduate School of Natural Science and Technology, Okayama UniversityHideoTaniguchiGraduate School of Natural Science and Technology, Okayama UniversityTo prevent attacks on essential software and to mitigate damage, an attack avoiding method that complicates process identification from attackers is proposed. This method complicates the identification of essential services by replacing process information with dummy information. However, this method allows attackers to identify essential processes by detecting changes in process information. To address this problems and provide more complexity to process identification, this paper proposes a memory access monitoring by using a virtual machine monitor. By manipulating the page access permission, a virtual machine monitor detects page access, which includes process information, and replaces it with dummy information. This paper presents the design, implementation, and evaluation of the proposed method.No potential conflict of interest relevant to this article was reported.Springer Science and Business Media LLCActa Medica Okayama0920-85427252016Evaluation and design of function for tracing diffusion of classified information for file operations with KVM18411861ENShotaFujiiGraduate School of Natural Science and Technology, Okayama UniversityMasayaSatoGraduate School of Natural Science and Technology, Okayama UniversityToshihiroYamauchiHideoTaniguchiGraduate School of Natural Science and Technology, Okayama UniversityCases of classified information leakage have become increasingly common. To address this problem, we have developed a function for tracing the diffusion of classified information within an operating system. However, this function suffers from the following two problems: first, in order to introduce the function, the operating system's source code must be modified. Second, there is a risk that the function will be disabled when the operating system is attacked. Thus, we have designed a function for tracing the diffusion of classified information in a guest operating system by using a virtual machine monitor. By using a virtual machine monitor, we can introduce the proposed function in various environments without modifying the operating system's source code. In addition, attacks aimed at the proposed function are made more difficult, because the virtual machine monitor is isolated from the operating system. In this paper, we describe the implementation of the proposed function for file operations and child process creation in the guest operating system with a kernel-based virtual machine. Further, we demonstrate the traceability of diffusing classified information by file operations and child process creation. We also report the logical lines of code required to introduce the proposed function and performance overheads.No potential conflict of interest relevant to this article was reported.SpringerActa Medica Okayama1615-5262202021Web access monitoring mechanism via Android WebView for threat analysis833847ENYutaImamuraGraduate School of Natural Science and Technology, Okayama UniversityRintaroOritoGraduate School of Natural Science and Technology, Okayama UniversityHiroyukiUekawaGraduate School of Natural Science and Technology, Okayama UniversityKritsanaChaikaewFaculty of Engineering, Kasetsart UniversityPattaraLeelapruteFaculty of Engineering, Kasetsart UniversityMasayaSatoGraduate School of Natural Science and TechnologyToshihiroYamauchiGraduate School of Natural Science and Technology, Okayama UniversityMany Android apps employ WebView, a component that enables the display of web content in the apps without redirecting users to web browser apps. However, WebView might also be used for cyberattacks. Moreover, to the best of our knowledge, although some countermeasures based on access control have been reported for attacks exploiting WebView, no mechanism for monitoring web access via WebView has been proposed and no analysis results focusing on web access via WebView are available. In consideration of this limitation, we propose a web access monitoring mechanism for Android WebView to analyze web access via WebView and clarify attacks exploiting WebView. In this paper, we present the design and implementation of this mechanism by modifying Chromium WebView without any modifications to the Android framework or Linux kernel. The evaluation results of the performance achieved on introducing the proposed mechanism are also presented here. Moreover, the result of threat analysis of displaying a fake virus alert while browsing websites on Android is discussed to demonstrate the effectiveness of the proposed mechanism.No potential conflict of interest relevant to this article was reported.SpringerActa Medica Okayama2020Improvement and Evaluation of a Function for Tracing the Diffusion of Classified Information on KVM338349ENHideakiMoriyamaNational Institute of Technology, Ariake CollegeToshihiroYamauchiGraduate School of Natural Science and Technology, Okayama UniversityMasayaSatoGraduate School of Natural Science and Technology, Okayama UniversityHideoTaniguchiGraduate School of Natural Science and Technology, Okayama UniversityThe increasing amount of classified information currently being managed by personal computers has resulted in the leakage of such information to external computers, which is a major problem. To prevent such leakage, we previously proposed a function for tracing the diffusion of classified information in a guest operating system (OS) using a virtual machine monitor (VMM). The tracing function hooks a system call in the guest OS from the VMM, and acquiring the information. By analyzing the information on the VMM side, the tracing function makes it possible to notify the user of the diffusion of classified information. However, this function has a problem in that the administrator of the computer platform cannot grasp the transition of the diffusion of classified processes or file information. In this paper, we present the solution to this problem and report on its evaluation.No potential conflict of interest relevant to this article was reported.ElsevierActa Medica Okayama0921-50937912020The effect of precipitations (NbC and carbide) in Fe–C–Mn-xNb steels on hydrogen embrittlement characteristics139598ENMitsuhiroOkayasuGraduate School of Natural Science and Technology, Okayama UniversityMasayaSatoGraduate School of Natural Science and Technology, Okayama UniversityDaikiIshidaGraduate School of Natural Science and Technology, Okayama UniversityTakehideSenumaGraduate School of Natural Science and Technology, Okayama UniversityHydrogen embrittlement (HE) characteristics in Fe–C–Mn-xNb steels were examined via various analyses, including electron backscatter diffraction analysis, scanning transmission electron microscopy and three-dimensional atom-probe tomography. For the investigation, the steel samples were prepared with varying Nb contents and heat treatment processes. The material properties of steel samples that were subjected to: (i) water quenching and (ii) quenching and tempering at 170 C for 20 min, were determined to be nearly similar, although different degrees of HE were detected. After the tempering process, -carbide precipitated clearly in the matrix, which could act as a trapping site for hydrogen atoms and lead to improved HE resistance. Moreover, with addition of Nb, niobium base precipitates (e.g., NbC) with a diameter of a few nanometers were obtained in the martensite matrix, which could also function as hydrogen trapping sites. There was slight improvement in the HE resistance with NbC. Hydrogen-assisted failure mechanisms under both static and cyclic loading were observed with intergranular brittle cracking for the water quenched sample, even though the brittle and ductile mix failure mode was detected for the sample after the quenching and tempering process.No potential conflict of interest relevant to this article was reported.Inderscience EnterprisesActa Medica Okayama20444893912019Design and implementation of hiding method for file manipulation of essential services by system call proxy using virtual machine monitor110ENMasayaSatoGraduate School of Natural Science and Technology, Okayama UniversityHideoTaniguchiGraduate School of Natural Science and Technology, Okayama UniversityToshihiroYamauchiGraduate School of Natural Science and Technology, Okayama University Security or system management software is essential for keeping systems secure. To deter attacks on essential services, hiding information related to essential services is helpful. This paper describes the design, the implementation, and the evaluation of a method to make files invisible to all services except their corresponding essential services and provides access methods to those files in a virtual machine (VM). In the proposed method, the virtual machine monitor (VMM) monitors the system call, which invoked by an essential process to access essential files, and requests proxy execution to the proxy process on another VM. The VMM returns the result and skips the execution of the original system call on the protection target VM. Thus, access to essential files by the essential service is skipped on the protection target VM, but the essential service can access the file content.No potential conflict of interest relevant to this article was reported.