start-ver=1.4 cd-journal=joma no-vol=13 cd-vols= no-issue= article-no= start-page=185111 end-page=185124 dt-received= dt-revised= dt-accepted= dt-pub-year=2025 dt-pub=2025 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Enhancing Protection Against Code Reuse Attacks on IoT Devices by Randomizing Function Addresses en-subtitle= kn-subtitle= en-abstract= kn-abstract=Most Internet of Things (IoT) devices currently in use are vulnerable to code reuse attacks because manufacturers typically deploy the same firmware across all devices. This uniformity enables attackers to craft a single exploit that can compromise multiple devices. To mitigate this risk, we propose a firmware diversification approach that creates multiple executable files with varying software compositions. Our approach introduces two complementary techniques: Function Address Reordering (FAR), which randomizes the order of functions within object files during compilation, and Object Address Reordering (OAR), which permutes the linking order of object files in the final executable. These techniques collectively diversify firmware instances without altering runtime behavior, making executing code reuse attacks significantly more difficult. By deploying firmware with diverse executable files, it is possible to enhance security without altering device behavior. We evaluate the effectiveness and limitations of the proposed methods when integrated into actual IoT firmware, assessing their resilience to code reuse attacks, impact on runtime behavior, and compilation overhead. Experimental results demonstrate that FAR and OAR significantly reduce the success rate of return-oriented programming attacks while incurring minimal performance overhead. This study offers a scalable, hardware-independent defense against code reuse attacks that increases resilience without a significant performance overhead, rendering it practical for widespread adoption in various IoT applications. en-copyright= kn-copyright= en-aut-name=SajiKazuma en-aut-sei=Saji en-aut-mei=Kazuma kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=KobayashiSatoru en-aut-sei=Kobayashi en-aut-mei=Satoru kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= en-aut-name=TaniguchiHideo en-aut-sei=Taniguchi en-aut-mei=Hideo kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=4 ORCID= affil-num=1 en-affil=Graduate School of Environmental, Life, Natural Science and Technology, Okayama University kn-affil= affil-num=2 en-affil=Faculty of Environmental, Life, Natural Science and Technology, Okayama University kn-affil= affil-num=3 en-affil=Faculty of Environmental, Life, Natural Science and Technology, Okayama University kn-affil= affil-num=4 en-affil=Graduate School of Environmental, Life, Natural Science and Technology, Okayama University kn-affil= en-keyword=Code reuse attack kn-keyword=Code reuse attack en-keyword=IoT firmware kn-keyword=IoT firmware en-keyword=software diversity kn-keyword=software diversity en-keyword=function reordering kn-keyword=function reordering en-keyword=LLVM kn-keyword=LLVM END start-ver=1.4 cd-journal=joma no-vol= cd-vols= no-issue= article-no= start-page=267 end-page=273 dt-received= dt-revised= dt-accepted= dt-pub-year=2023 dt-pub=20231127 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Supporting Multiple OS Types on Estimation of System Call Hook Point by Virtual Machine Monitor en-subtitle= kn-subtitle= en-abstract= kn-abstract=Methods to hook system calls issued by a guest operating system (OS) running on a virtual machine using a virtual machine monitor are proposed. The address of the hook point is derived from the guest OSfs source code and established prior to the kernel startup process. Due to changes in system call processing in OS updates and address space layout randomization, the addresses of these hook points cannot always be pre-determined before the kernel startup process. To address this challenge, a method for estimating the system call hook point is proposed in Linux by analyzing the guest OS memory on x86-64 CPUs rather than pre-calculation. Although the method supports Linux, the method can be extended to support other OS types. In this paper, we propose a method to extend the method to support additional OSes. Specifically, we present analysis results and a novel method for estimating hook points on FreeBSD, NetBSD, and OpenBSD. The effectiveness of our proposed method is also demonstrated through evaluation. en-copyright= kn-copyright= en-aut-name=SatoMasaya en-aut-sei=Sato en-aut-mei=Masaya kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=OmoriTaku en-aut-sei=Omori en-aut-mei=Taku kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= en-aut-name=TaniguchiHideo en-aut-sei=Taniguchi en-aut-mei=Hideo kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=4 ORCID= affil-num=1 en-affil=Okayama Prefectural University kn-affil= affil-num=2 en-affil=Okayama Prefectural University kn-affil= affil-num=3 en-affil=Okayama University kn-affil= affil-num=4 en-affil=Okayama University kn-affil= en-keyword=system call kn-keyword=system call en-keyword=virtual machine monitor kn-keyword=virtual machine monitor en-keyword=operating system kn-keyword=operating system END start-ver=1.4 cd-journal=joma no-vol=313 cd-vols= no-issue= article-no= start-page=238 end-page=248 dt-received= dt-revised= dt-accepted= dt-pub-year=2021 dt-pub=20210808 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Physical Memory Management with Two Page Sizes in Tender OS en-subtitle= kn-subtitle= en-abstract= kn-abstract=Physical memory capacity has increased owing to large-scale integration. In addition, memory footprints have increased in size, as multiple programs are executed on a single computer. Many operating systems manage physical memory by paging a 4 KB page. Therefore, the number of entries in the virtual address translation table for virtual to physical increases along with the size of the memory footprints. This cause a decrease in the translation lookaside buffer (TLB) hit ratio, resulting in the performance degradation of the application. To address this problem, we propose the implementation of physical memory management with two page sizes: 4 KB and 4 MB. This allows us to expand range of addresses to be translated by a single TLB entry, thereby improving the TLB hit rate. This paper describes the design and implementation of the physical memory management mechanism that manages physical memory using two page sizes on The ENduring operating system for Distributed EnviRonment (Tender OS). Our results showed that when the page size is 4 MB, the processing time of the memory allocation can be reduced by as much as approximately 99.7%, and the processing time for process creation can be reduced by as much as approximately 51%, and the processing time of the memory operation could be reduced by as much as 91.9%. en-copyright= kn-copyright= en-aut-name=KusunokiKoki en-aut-sei=Kusunoki en-aut-mei=Koki kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=TaniguchiHideo en-aut-sei=Taniguchi en-aut-mei=Hideo kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= affil-num=1 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=2 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=3 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= END start-ver=1.4 cd-journal=joma no-vol= cd-vols= no-issue= article-no= start-page=352 end-page=358 dt-received= dt-revised= dt-accepted= dt-pub-year=2021 dt-pub=202111 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Function for Tracing Diffusion of Classified Information to Support Multiple VMs with KVM en-subtitle= kn-subtitle= en-abstract= kn-abstract=To handle information leaks caused by administrative errors or mishandling, a function for tracing the diffusion of classified information using a virtual machine monitor (VMM) was proposed. However, the proposed function has not been investigated in cases in which virtual machines (VMs) allocated by multiple virtual central processing units (vCPUs) are to be monitored. In addition, cases in which multiple VMs are monitored have not been examined. In this study, we describe the support of multiple VMs for the proposed VMM-based tracing function. We also show how to deal with VMs allocated by multiple vCPUs. Furthermore, we report the evaluation results from assessing the traceability of the improved proposed method and its overhead for classified information when a VM with multiple vCPUs is monitored. en-copyright= kn-copyright= en-aut-name=OtaniKohei en-aut-sei=Otani en-aut-mei=Kohei kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=OkazakiToshiki en-aut-sei=Okazaki en-aut-mei=Toshiki kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= en-aut-name=MoriyamaHideaki en-aut-sei=Moriyama en-aut-mei=Hideaki kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=4 ORCID= en-aut-name=SatoMasaya en-aut-sei=Sato en-aut-mei=Masaya kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=5 ORCID= en-aut-name=TaniguchiHideo en-aut-sei=Taniguchi en-aut-mei=Hideo kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=6 ORCID= affil-num=1 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=2 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=3 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=4 en-affil=Department of Creative Engineering, National Institute of Technology, Ariake College kn-affil= affil-num=5 en-affil=Faculty of Computer Science and Systems Engineering, Okayama Prefectural University kn-affil= affil-num=6 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= en-keyword=Information leak prevention kn-keyword=Information leak prevention en-keyword=Virtualization kn-keyword=Virtualization en-keyword=VMM kn-keyword=VMM END start-ver=1.4 cd-journal=joma no-vol= cd-vols= no-issue= article-no= start-page=635 end-page=641 dt-received= dt-revised= dt-accepted= dt-pub-year=2016 dt-pub=201611 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Memory Access Monitoring and Disguising of Process Information to Avoid Attacks to Essential Services en-subtitle= kn-subtitle= en-abstract= kn-abstract=To prevent attacks on essential software and to mitigate damage, an attack avoiding method that complicates process identification from attackers is proposed. This method complicates the identification of essential services by replacing process information with dummy information. However, this method allows attackers to identify essential processes by detecting changes in process information. To address this problems and provide more complexity to process identification, this paper proposes a memory access monitoring by using a virtual machine monitor. By manipulating the page access permission, a virtual machine monitor detects page access, which includes process information, and replaces it with dummy information. This paper presents the design, implementation, and evaluation of the proposed method. en-copyright= kn-copyright= en-aut-name=SatoMasaya en-aut-sei=Sato en-aut-mei=Masaya kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=TaniguchiHideo en-aut-sei=Taniguchi en-aut-mei=Hideo kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= affil-num=1 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=2 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=3 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= en-keyword=avoidance kn-keyword=avoidance en-keyword=process information kn-keyword=process information en-keyword=virtualization kn-keyword=virtualization END start-ver=1.4 cd-journal=joma no-vol= cd-vols= no-issue= article-no= start-page=1885 end-page=1892 dt-received= dt-revised= dt-accepted= dt-pub-year=2016 dt-pub=201644 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Plate : persistent memory management for nonvolatile main memory en-subtitle= kn-subtitle= en-abstract= kn-abstract=Over the past few years, nonvolatile memory has actively been researched and developed. Therefore, studying operating system (OS) designs predicated on the main memory in the form of a nonvolatile memory and studying methods to manage persistent data in a virtual memory are crucial to encourage the widespread use of nonvolatile memory in the future. However, the main memory in most computers today is volatile, and replacing highcapacity main memory with nonvolatile memory is extremely cost-prohibitive. This paper proposes an OS structure for nonvolatile main memory. The proposed OS structure consists of three functions to study and develop OSs for nonvolatile main memory computers. First, a structure, which is called plate, is proposed whereby persistent data are managed assuming that nonvolatile main memory is present in a computer. Second, we propose a persistent-data mechanism to make a volatile memory function as nonvolatile main memory, which serves as a basis for the development of OSs for computers with nonvolatile main memory. Third, we propose a continuous operation control using the persistent-data mechanism and plates. This paper describes the design and implementation of the OS structure based on the three functions on The ENduring operating system for Distributed EnviRonment and describes the evaluation results of the proposed functions. en-copyright= kn-copyright= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=YamamotoYuta en-aut-sei=Yamamoto en-aut-mei=Yuta kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=NagaiKengo en-aut-sei=Nagai en-aut-mei=Kengo kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= en-aut-name=MatonoTsukasa en-aut-sei=Matono en-aut-mei=Tsukasa kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=4 ORCID= en-aut-name=InamotoShinji en-aut-sei=Inamoto en-aut-mei=Shinji kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=5 ORCID= en-aut-name=IchikawaMasaya en-aut-sei=Ichikawa en-aut-mei=Masaya kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=6 ORCID= en-aut-name=GotoMasataka en-aut-sei=Goto en-aut-mei=Masataka kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=7 ORCID= en-aut-name=TaniguchiHideo en-aut-sei=Taniguchi en-aut-mei=Hideo kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=8 ORCID= affil-num=1 en-affil=Okayama University, Okayama, Japan kn-affil= affil-num=2 en-affil=Okayama University, Okayama, Japan kn-affil= affil-num=3 en-affil=Okayama University, Okayama, Japan kn-affil= affil-num=4 en-affil=Kyushu University, Fukuoka, Japan kn-affil= affil-num=5 en-affil=Kyushu University, Fukuoka, Japan kn-affil= affil-num=6 en-affil=Kyushu University, Fukuoka, Japan kn-affil= affil-num=7 en-affil=Kyushu University, Fukuoka, Japan kn-affil= affil-num=8 en-affil=Okayama University, Okayama, Japan kn-affil= en-keyword=Operating system kn-keyword=Operating system en-keyword=Persistent mechanism kn-keyword=Persistent mechanism en-keyword=Nonvolatile main memory kn-keyword=Nonvolatile main memory en-keyword=Memory management kn-keyword=Memory management END start-ver=1.4 cd-journal=joma no-vol=72 cd-vols= no-issue=5 article-no= start-page=1841 end-page=1861 dt-received= dt-revised= dt-accepted= dt-pub-year=2016 dt-pub=2016223 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Evaluation and design of function for tracing diffusion of classified information for file operations with KVM en-subtitle= kn-subtitle= en-abstract= kn-abstract=Cases of classified information leakage have become increasingly common. To address this problem, we have developed a function for tracing the diffusion of classified information within an operating system. However, this function suffers from the following two problems: first, in order to introduce the function, the operating system's source code must be modified. Second, there is a risk that the function will be disabled when the operating system is attacked. Thus, we have designed a function for tracing the diffusion of classified information in a guest operating system by using a virtual machine monitor. By using a virtual machine monitor, we can introduce the proposed function in various environments without modifying the operating system's source code. In addition, attacks aimed at the proposed function are made more difficult, because the virtual machine monitor is isolated from the operating system. In this paper, we describe the implementation of the proposed function for file operations and child process creation in the guest operating system with a kernel-based virtual machine. Further, we demonstrate the traceability of diffusing classified information by file operations and child process creation. We also report the logical lines of code required to introduce the proposed function and performance overheads. en-copyright= kn-copyright= en-aut-name=FujiiShota en-aut-sei=Fujii en-aut-mei=Shota kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=SatoMasaya en-aut-sei=Sato en-aut-mei=Masaya kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= en-aut-name=TaniguchiHideo en-aut-sei=Taniguchi en-aut-mei=Hideo kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=4 ORCID= affil-num=1 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=2 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=3 en-affil= kn-affil= affil-num=4 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= en-keyword=Information Leak Prevention kn-keyword=Information Leak Prevention en-keyword=Virtualization kn-keyword=Virtualization en-keyword=Semantic Gap kn-keyword=Semantic Gap en-keyword=VMM kn-keyword=VMM END start-ver=1.4 cd-journal=joma no-vol= cd-vols= no-issue= article-no= start-page=338 end-page=349 dt-received= dt-revised= dt-accepted= dt-pub-year=2020 dt-pub=20200820 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Improvement and Evaluation of a Function for Tracing the Diffusion of Classified Information on KVM en-subtitle= kn-subtitle= en-abstract= kn-abstract=The increasing amount of classified information currently being managed by personal computers has resulted in the leakage of such information to external computers, which is a major problem. To prevent such leakage, we previously proposed a function for tracing the diffusion of classified information in a guest operating system (OS) using a virtual machine monitor (VMM). The tracing function hooks a system call in the guest OS from the VMM, and acquiring the information. By analyzing the information on the VMM side, the tracing function makes it possible to notify the user of the diffusion of classified information. However, this function has a problem in that the administrator of the computer platform cannot grasp the transition of the diffusion of classified processes or file information. In this paper, we present the solution to this problem and report on its evaluation. en-copyright= kn-copyright= en-aut-name=MoriyamaHideaki en-aut-sei=Moriyama en-aut-mei=Hideaki kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=SatoMasaya en-aut-sei=Sato en-aut-mei=Masaya kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= en-aut-name=TaniguchiHideo en-aut-sei=Taniguchi en-aut-mei=Hideo kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=4 ORCID= affil-num=1 en-affil=National Institute of Technology, Ariake College kn-affil= affil-num=2 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=3 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=4 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= END start-ver=1.4 cd-journal=joma no-vol=9 cd-vols= no-issue=1 article-no= start-page=1 end-page=10 dt-received= dt-revised= dt-accepted= dt-pub-year=2019 dt-pub=20190528 dt-online= en-article= kn-article= en-subject= kn-subject= en-title= kn-title=Design and implementation of hiding method for file manipulation of essential services by system call proxy using virtual machine monitor en-subtitle= kn-subtitle= en-abstract= kn-abstract= Security or system management software is essential for keeping systems secure. To deter attacks on essential services, hiding information related to essential services is helpful. This paper describes the design, the implementation, and the evaluation of a method to make files invisible to all services except their corresponding essential services and provides access methods to those files in a virtual machine (VM). In the proposed method, the virtual machine monitor (VMM) monitors the system call, which invoked by an essential process to access essential files, and requests proxy execution to the proxy process on another VM. The VMM returns the result and skips the execution of the original system call on the protection target VM. Thus, access to essential files by the essential service is skipped on the protection target VM, but the essential service can access the file content. en-copyright= kn-copyright= en-aut-name=SatoMasaya en-aut-sei=Sato en-aut-mei=Masaya kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=1 ORCID= en-aut-name=TaniguchiHideo en-aut-sei=Taniguchi en-aut-mei=Hideo kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=2 ORCID= en-aut-name=YamauchiToshihiro en-aut-sei=Yamauchi en-aut-mei=Toshihiro kn-aut-name= kn-aut-sei= kn-aut-mei= aut-affil-num=3 ORCID= affil-num=1 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=2 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= affil-num=3 en-affil=Graduate School of Natural Science and Technology, Okayama University kn-affil= en-keyword=virtual machine monitor kn-keyword=virtual machine monitor en-keyword=file manipulation kn-keyword=file manipulation en-keyword=system call proxy kn-keyword=system call proxy en-keyword=essential services kn-keyword=essential services END