Biblio

Recently, there has been significant enthusiasms in exploiting physical (PHY-) layer characteristics for secure wireless communication. However, most existing PHY-layer security paradigms are information theoretical methodologies, which are infeasible to real and practical systems. In this paper, we propose a weighted fractional Fourier transform (WFRFT) pre-coding scheme to enhance the security of wireless transmissions against eavesdropping. By leveraging the concept of WFRFT, the proposed scheme can easily change the characteristics of the underlying radio signals to complement and secure upper-layer cryptographic protocols. We demonstrate a running prototype based on the LTE-framework. First, the compatibility between the WFRFT pre-coding scheme and the conversational LTE architecture is presented. Then, the security mechanism of the WFRFT pre-coding scheme is demonstrated. Experimental results validate the practicability and security performance superiority of the proposed scheme.

Monitoring kernel object modification of virtual machine is widely used by virtual-machine-introspection-based security monitors to protect virtual machines in cloud computing, such as monitoring dentry objects to intercept file operations, etc. However, most of the current virtual machine monitors, such as KVM and Xen, only support page-level monitoring, because the Intel EPT technology can only monitor page privilege. If the out-of-virtual-machine security tools want to monitor some kernel objects, they need to intercept the operation of the whole memory page. Since there are some other objects stored in the monitored pages, the modification of them will also trigger the monitor. Therefore, page-level memory monitor usually introduces overhead to related kernel services of the target virtual machine. In this paper, we propose a low-overhead kernel object monitoring approach to reduce the overhead caused by page-level monitor. The core idea is to migrate the target kernel objects to a protected memory area and then to monitor the corresponding new memory pages. Since the new pages only contain the kernel objects to be monitored, other kernel objects will not trigger our monitor. Therefore, our monitor will not introduce runtime overhead to the related kernel service. The experimental results show that our system can monitor target kernel objects effectively only with very low overhead.