IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Scale and performance in a distributed file system
ACM Transactions on Computer Systems (TOCS)
The design and implementation of a log-structured file system
ACM Transactions on Computer Systems (TOCS)
The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Unified login with pluggable authentication modules (PAM)
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Information warfare and security
Information warfare and security
Secure audit logs to support computer forensics
ACM Transactions on Information and System Security (TISSEC)
Hacking Exposed Windows 2000: Network Security Secrets and Solutions
Hacking Exposed Windows 2000: Network Security Secrets and Solutions
Intrusion Confinement by Isolation in Information Systems
Proceedings of the IFIP WG 11.3 Thirteenth International Conference on Database Security: Research Advances in Database and Information Systems Security
Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Better Security via Smarter Devices
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
When Virtual Is Better Than Real
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Security for a high performance commodity storage subsystem
Security for a high performance commodity storage subsystem
Semantically-Smart Disk Systems
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Passive NFS Tracing of Email and Research Workloads
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Secure coprocessor-based intrusion detection
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Self-securing storage: protecting data in compromised system
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Proactive recovery in a Byzantine-fault-tolerant system
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Flexible and safe resolution of file conflicts
TCON'95 Proceedings of the USENIX 1995 Technical Conference Proceedings
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Journaling versus soft updates: asynchronous meta-data protection in file systems
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
NVisionIP: netflow visualizations of system state for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Securing distributed storage: challenges, techniques, and systems
Proceedings of the 2005 ACM workshop on Storage security and survivability
Storage-based file system integrity checker
Proceedings of the 2005 ACM workshop on Storage security and survivability
Toward a threat model for storage systems
Proceedings of the 2005 ACM workshop on Storage security and survivability
Research on Object-Storage-Based Intrusion Detection
ICPADS '06 Proceedings of the 12th International Conference on Parallel and Distributed Systems - Volume 1
Automatic Integrity Checks for Remote Web Resources
IEEE Internet Computing
Facilitating the development of soft devices
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction
Proceedings of the 14th ACM conference on Computer and communications security
Self-signed executables: restricting replacement of program binaries by malware
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
Anomaly detection and diagnosis in grid environments
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
SWEEPER: an efficient disaster recovery point identification mechanism
FAST'08 Proceedings of the 6th USENIX Conference on File and Storage Technologies
Proceedings of the 15th ACM conference on Computer and communications security
Selective versioning in a secure disk system
SS'08 Proceedings of the 17th conference on Security symposium
Storage-Based Intrusion Detection Using Artificial Immune Technique
ISICA '09 Proceedings of the 4th International Symposium on Advances in Computation and Intelligence
ACM Transactions on Information and System Security (TISSEC)
A guest-transparent file integrity monitoring method in virtualization environment
Computers & Mathematics with Applications
Recovery of flash memories for reliable mobile storages
Mobile Information Systems
A Framework for Large-Scale Detection of Web Site Defacements
ACM Transactions on Internet Technology (TOIT)
System configuration as a privilege
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
A control point for reducing root abuse of file-system privileges
Proceedings of the 17th ACM conference on Computer and communications security
Protecting portable storage with host validation
Proceedings of the 17th ACM conference on Computer and communications security
Storage-Based Intrusion Detection
ACM Transactions on Information and System Security (TISSEC)
Kells: a protection framework for portable data
Proceedings of the 26th Annual Computer Security Applications Conference
Detecting malware signatures in a thin hypervisor
Proceedings of the 27th Annual ACM Symposium on Applied Computing
DIONE: a flexible disk monitoring and analysis framework
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
A VMM-based intrusion prevention system in cloud computing environment
The Journal of Supercomputing
| Hi-index | 0.00 |
Storage-based intrusion detection allows storage systems to watch for data modifications characteristic of system intrusions. This enables storage systems to spot several common intruder actions, such as adding backdoors, inserting Trojan horses, and tampering with audit logs. Further, an intrusion detection system (IDS) embedded in a storage device continues to operate even after client systems are compromised. This paper describes a number of specific warning signs visible at the storage interface. Examination of 18 real intrusion tools reveals that most (15) can be detected based on their changes to stored files. We describe and evaluate a prototype storage IDS, embedded in an NFS server, to demonstrate both feasibility and efficiency of storage-based intrusion detection. In particular, both the performance overhead and memory required (152KB for 4730 rules) are minimal.