Abstract

The leakage of computerized classified information can cause serious losses for companies and individuals. In a prior work, we addressed this by providing a function for tracing the diffusion of classified information in a guest operating system (OS). However, that method was vulnerable to attack and was tightly coupled to the OS. Hence, in another previous work, we applied the tracing function using a virtual machine monitor that hooks into system calls that handle classified information, allowing us to understand the diffusion path in a more robust and OS-agnostic fashion. However, as the overhead of the tracing function increases, so does the performance degradation of each system call. Hence, in the current research, the processing performance of the tracing function is further analyzed in depth by identifying the processes that cause the large overhead. We find that the performance overhead generated by outputting the diffusion path log is too burdensome. Therefore, improvements are implemented, and the effectiveness of the upgraded performance is described. Ultimately, the log-output overhead problem is improved.