Yuki Ashino

Virtual Machine Migration Method between Different Hypervisor Implementations and Its Evaluation

Virtualization technologies are an important building block for cloud services. Each service will run on virtual machines (VMs) deployed over different hyper visors in the future. Therefore, a VM migration method between different hyper visor implementations will be required. Existing methods, such as VM image conversion, generate dead copies of VM images during migration. This causes an operating system running on a VM to fail to boot up after migration and to identify virtual devices provided by destination hyper visors because the dead copied image does not contain requisite files for booting up the copied VM environment. To solve these problems, we propose a VM migration method that generates a destination-dependent VM image before migration. The destination dependency is a set of requisite files enabling a guest OS to boot up from the image, and is determined from the device configurations of destination physical machines and virtual ones. The proposed method extracts the dependency from the file structure that enables the guest OS to run on the destination hyper visor. Our evaluation confirms that the proposed method succeeds in VM migration between hyper visors such as VMWare, Virtual Box, and VirtualPC. As for performance efficiency, our method can reduce the size of a transferred VM image to approximately 20% that of a source VM image.

Using Boot Control to Preserve the Integrity of Evidence

This paper describes Dig-Force2, a system that securely logs and stores evidentiary data about the operation of a personal computer. The integrity of the logged data is guaranteed by using chained hysteresis signatures and a trusted platform module (TPM) that prevents unauthorized programs or tampered programs from executing. Experiments indicate that the Dig-Force2 system is both efficient and reliable.

Implementing Boot Control for Windows Vista

A digital forensic logging system must prevent the booting of unauthorized programs and the modification of evidence. Our previous research developed Dig-Force2, a boot control system for Windows XP platforms that employs API hooking and a trusted platform module. However, Dig-Force2 cannot be used for Windows Vista systems because the hooked API cannot monitor booting programs in user accounts. This paper describes an enhanced version of Dig-Force2, which uses a TPM and a white list to provide boot control functionality for Windows Vista systems. In addition, the paper presents the results of security and performance evaluations of the boot control system.

HiGate (High Grade Anti-Tamper Equipment) Prototype and Application to e-Discovery

These days, most data is digitized and processed in various ways by computers. In the past, computer owners were free to process data as desired and to observe the inputted data as well as the interim results. However, the unrestricted processing of data and accessing of interim results even by computer users is associated with an increasing number of adverse events. These adverse events often occur when sensitive data such as personal or confidential business information must be handled by two or more parties, such as in the case of e-Discovery, used in legal proceedings, or epidemiologic studies. To solve this problem, providers encrypt data, and the owner of the computer performs decoding in the memory for encrypted data. The computer owner can be limited to performing only certain processing of data and to observing only the final results. As an implementation that uses existing technology to realize this solution, the processing of data contained in a smart card was considered, but such an implementation would not be practical due to issues related to computer capacity and processing speed. Accordingly, the authors present the concept of PC-based High Grade Anti-Tamper Equipment (HiGATE), which allows data to be handled without revealing the data content to administrators or users. To verify this concept, an e-Discovery application on a prototype was executed and the results are reported here.