Virtual disk monitor based on multi-core EFI
APPT'07 Proceedings of the 7th international conference on Advanced parallel processing technologies
Transactions on computational science XI
PIGA-Virt: an advanced distributed MAC protection of virtual systems
Euro-Par'11 Proceedings of the 2011 international conference on Parallel Processing - Volume 2
Hi-index | 0.03 |
File-system integrity tools (FIT) are commonly deployed to assist forensic investigation after security incidents and as host-based intrusion detections (HIDS) tool to detect unauthorized file-system changes. Basically all the current solutions employ the same tactic: the administrator specifies a list of critical files and directories that needs to be monitored, then uses the FIT to create a base-line database that tracks general parameters about these files. The FIT is then re-run periodically, and if it detects the modifies of the filesystem against the information stored in the database, the report on the changed file is generated. However, this strategy is far from perfect: the intrusion detection cannot be done in real-time, which might render the whole scheme useless if the attacker can somehow take over the system with privileged access in the time between. The administrator also has a lot of problems to keep the database updating. Besides, he must do everything he can to protect the database and the FIT itself from compromising by the attacker, which is not an easy task especially if the attacker gains local access.