The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Radmind: The Integration of Filesystem Integrity Checking with Filesystem Management
LISA '03 Proceedings of the 17th USENIX conference on System administration
A Versatile and User-Oriented Versioning File System
FAST '04 Proceedings of the 3rd USENIX Conference on File and Storage Technologies
Tracefs: A File System to Trace Them All
FAST '04 Proceedings of the 3rd USENIX Conference on File and Storage Technologies
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
FiST: a language for stackable file systems
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Proceedings of the twentieth ACM symposium on Operating systems principles
Ensuring data integrity in storage: techniques and applications
Proceedings of the 2005 ACM workshop on Storage security and survivability
Verifiable audit trails for a versioning file system
Proceedings of the 2005 ACM workshop on Storage security and survivability
On incremental file system development
ACM Transactions on Storage (TOS)
A novel approach for a file-system integrity monitor tool of Xen virtual machine
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Exploiting type-awareness in a self-recovering disk
Proceedings of the 2007 ACM workshop on Storage security and survivability
GreenFS: making enterprise computers greener by protecting them better
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Hypervisor-based prevention of persistent rootkits
Proceedings of the 2010 ACM Symposium on Applied Computing
Filesystem activity following a SSH compromise: an empirical study of file sequences
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
A guest-transparent file integrity monitoring method in virtualization environment
Computers & Mathematics with Applications
An immunological approach for file recovery over JXTA peer-to-peer framework
International Journal of Network Management
On securing untrusted clouds with cryptography
Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
Towards reliable storage systems
Towards reliable storage systems
Securing operating system services based on smart cards
TrustBus'05 Proceedings of the Second international conference on Trust, Privacy, and Security in Digital Business
Hypervisor-based protection of sensitive files in a compromised system
Proceedings of the 27th Annual ACM Symposium on Applied Computing
GPUstore: harnessing GPU computing for storage systems in the OS kernel
Proceedings of the 5th Annual International Systems and Storage Conference
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
A VMM-based intrusion prevention system in cloud computing environment
The Journal of Supercomputing
Hi-index | 0.01 |
Today, improving the security of computer systems has become an important and difficult problem. Attackers can seriously damage the integrity of systems. Attack detection is complex and time-consuming for system administrators, and it is becoming more so. Current integrity checkers and IDSs operate as user-mode utilities and they primarily perform scheduled checks. Such systems are less effective in detecting attacks that happen between scheduled checks. These user tools can be easily compromised if an attacker breaks into the system with administrator privileges. Moreover, these tools result in significant performance degradation during the checks.Our system, called I3FS, is an on-access integrity checking file system that compares the checksums of files in real-time. It uses cryptographic checksums to detect unauthorized modifications to files and performs necessary actions as configured. I3FS is a stackable file system which can be mounted over any underlying file system (like Ext3 or NFS). I3FS's design improves over the open-source Tripwire system by enhancing the functionality, performance, scalability, and ease of use for administrators. We built a prototype of I3FS in Linux. Our performance evaluation shows an overhead of just 4% for normal user workloads.