Secure audit logs to support computer forensics
ACM Transactions on Information and System Security (TISSEC)
CuPIDS: An exploration of highly focused, co-processor-based information system protection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Filesystem activity following a SSH compromise: an empirical study of file sequences
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Host-Based security sensor integrity in multiprocessing environments
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
| Hi-index | 0.00 |
A basic method in computer security is to perform integrity checks on the file system to detect the installation of malicious programs, or the modification of sensitive files. Integrity tools to date rely on the operating system to function correctly, so once the operating system is compromised even a novice attacker can easily defeat these tools. A novel way to overcome this problem is the use of an independent auditor, which uses an out-of-band verification process that does not depend on the underlying operating system. In this paper we present a definition of independent auditors and a specific implementation of an independent auditor using an embedded system attached to the PCI bus.