The C programming language
The design of the UNIX operating system
The design of the UNIX operating system
C programmer's guide to serial communications
C programmer's guide to serial communications
A fast software one-way hash function
Journal of Cryptology
Practical UNIX security
UNIX system security: a guide for users and system administrators
UNIX system security: a guide for users and system administrators
Contemporary Cryptology: The Science of Information Integrity
Contemporary Cryptology: The Science of Information Integrity
The MD4 Message Digest Algorithm
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
HAVAL - A One-Way Hashing Algorithm with Variable Length of Output
ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
The TAMU security package: an ongoing response to internet intruders in an academic environment
usenix-ss'93 Proceedings of the 4th conference on UNIX security symposium - Volume 4
Simple, state-based approaches to program-based anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Using internal sensors and embedded detectors for intrusion detection
Journal of Computer Security
Using Checksums to Detect Data Corruption
EDBT '00 Proceedings of the 7th International Conference on Extending Database Technology: Advances in Database Technology
Unifying File System Protection
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Enhancing Survivability of Security Services Using Redundanc
DSN '01 Proceedings of the 2001 International Conference on Dependable Systems and Networks (formerly: FTCS)
A checksum-based corruption detection technique
Journal of Computer Security - IFIP 2000
Protecting Java component integrity against Trojan Horse programs
Integrity and internal control in information systems V
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Enhanced Security Models for Operating Systems: A Cryptographic Approach
COMPSAC '04 Proceedings of the 28th Annual International Computer Software and Applications Conference - Volume 01
NVisionIP: netflow visualizations of system state for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Adaptive Cyberdefense for Survival and Intrusion Tolerance
IEEE Internet Computing
ACM Transactions on Computer Systems (TOCS)
FS: An In-Kernel Integrity Checker and Intrusion Detection File System
LISA '04 Proceedings of the 18th USENIX conference on System administration
HyperSpector: virtual distributed monitoring environments for secure intrusion detection
Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments
Hardware-Assisted Circumvention of Self-Hashing Software Tamper Resistance
IEEE Transactions on Dependable and Secure Computing
The taser intrusion recovery system
Proceedings of the twentieth ACM symposium on Operating systems principles
Securing distributed storage: challenges, techniques, and systems
Proceedings of the 2005 ACM workshop on Storage security and survivability
Ensuring data integrity in storage: techniques and applications
Proceedings of the 2005 ACM workshop on Storage security and survivability
Storage-based file system integrity checker
Proceedings of the 2005 ACM workshop on Storage security and survivability
Hydra: a platform for survivable and secure data storage systems
Proceedings of the 2005 ACM workshop on Storage security and survivability
A self-organizing flock of Condors
Journal of Parallel and Distributed Computing
Simulating non-scanning worms on peer-to-peer networks
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
Research on Object-Storage-Based Intrusion Detection
ICPADS '06 Proceedings of the 12th International Conference on Parallel and Distributed Systems - Volume 1
Cryptographic hashing for virus localization
Proceedings of the 4th ACM workshop on Recurring malcode
Manitou: a layer-below approach to fighting malware
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
Automatic Integrity Checks for Remote Web Resources
IEEE Internet Computing
Automatic high-performance reconstruction and recovery
Computer Networks: The International Journal of Computer and Telecommunications Networking
A novel approach for a file-system integrity monitor tool of Xen virtual machine
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Fast user-mode rootkit scanner for the enterprise
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Towards higher disk head utilization: extracting free bandwidth from busy disk drives
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Self-securing storage: protecting data in compromised system
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Storage-based intrusion detection: watching storage activity for suspicious behavior
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Information Security Tech. Report
Self-signed executables: restricting replacement of program binaries by malware
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
Integrity checking in cryptographic file systems with constant trusted storage
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Reconstructing system state for intrusion analysis
ACM SIGOPS Operating Systems Review
Computer forensics in forensis
ACM SIGOPS Operating Systems Review
Detecting in-flight page changes with web tripwires
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
SMM rootkits: a new breed of OS independent malware
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Hypervisor support for identifying covertly executing binaries
SS'08 Proceedings of the 17th conference on Security symposium
A New Windows Driver-Hidden Rootkit Based on Direct Kernel Object Manipulation
ICA3PP '09 Proceedings of the 9th International Conference on Algorithms and Architectures for Parallel Processing
Configuration management and security
IEEE Journal on Selected Areas in Communications - Special issue on network infrastructure configuration
TimeCapsule: secure recording of accesses to a protected datastore
Proceedings of the 1st ACM workshop on Virtual machine security
A distributed framework for passive worm detection and throttling in P2P networks
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
A format-independent architecture for run-time integrity checking of executable code
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Hypervisor-based prevention of persistent rootkits
Proceedings of the 2010 ACM Symposium on Applied Computing
Filesystem activity following a SSH compromise: an empirical study of file sequences
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
A guest-transparent file integrity monitoring method in virtualization environment
Computers & Mathematics with Applications
A Framework for Large-Scale Detection of Web Site Defacements
ACM Transactions on Internet Technology (TOIT)
System configuration as a privilege
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
Trail of bytes: efficient support for forensic analysis
Proceedings of the 17th ACM conference on Computer and communications security
A control point for reducing root abuse of file-system privileges
Proceedings of the 17th ACM conference on Computer and communications security
Storage-Based Intrusion Detection
ACM Transactions on Information and System Security (TISSEC)
Automatic discovery of parasitic malware
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Proceedings of the 2010 workshop on New security paradigms
Intrusion recovery using selective re-execution
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Proceedings of the International Conference & Workshop on Emerging Trends in Technology
Design issues in composition kernels for highly functional embedded systems
Proceedings of the 2011 ACM Symposium on Applied Computing
Secure virtualization for cloud computing
Journal of Network and Computer Applications
An online cross view difference and behavior based kernel rootkit detector
ACM SIGSOFT Software Engineering Notes
Proceedings of the Second Asia-Pacific Workshop on Systems
Self debugging mode for patch-independent nullification of unknown remote process infection
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Indexing information for data forensics
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Addressing malicious code in COTS: a protection framework
ICCBSS'05 Proceedings of the 4th international conference on COTS-Based Software Systems
Architectural support for secure virtualization under a vulnerable hypervisor
Proceedings of the 44th Annual IEEE/ACM International Symposium on Microarchitecture
Dymo: tracking dynamic code identity
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Hypervisor-based protection of sensitive files in a compromised system
Proceedings of the 27th Annual ACM Symposium on Applied Computing
On the role of file system metadata in digital forensics
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Host based attack detection using system calls
Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology
DIONE: a flexible disk monitoring and analysis framework
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
CodeShield: towards personalized application whitelisting
Proceedings of the 28th Annual Computer Security Applications Conference
Managing user requests with the grand unified task system (GUTS)
lisa'12 Proceedings of the 26th international conference on Large Installation System Administration: strategies, tools, and techniques
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Subverting system authentication with context-aware, reactive virtual machine introspection
Proceedings of the 29th Annual Computer Security Applications Conference
Illuminating the security issues surrounding lights-out server management
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
A VMM-based intrusion prevention system in cloud computing environment
The Journal of Supercomputing
| Hi-index | 0.00 |
At the heart of most computer systems is a file system. The file system contains user data, executable programs, configuration and authorization information, and (usually) the base executable version of the operating system itself. The ability to monitor file systems for unauthorized or unexpected changes gives system administrators valuable data for protecting and maintaining their systems. However, in environments of many networked heterogeneous platforms with different policies and software, the task of monitoring changes becomes quite daunting.Tripwire is tool that aids UNIX system administrators and users in monitoring a designated set of files and directories for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or altered files, so corrective actions may be taken in a timely manner. Tripwire may also be used on user or group files or databases to signal changes.This paper describes the design and implementation of the Tripwire tool. It uses interchangeable “signature” (usually, message digest) routines to identify changes in files, and is highly configurable. Tripwire is no-cost software, available on the Internet, and is currently in use on thousands of machines around the world.