论文信息 - An Embedded Sensor For Monitoring File Integrity

An Embedded Sensor For Monitoring File Integrity

This paper describes a method of monitoring le integrity (changes in le contents) using a collection of embedded sensors within the kernel. An embedded sensor is a small piece of code designed to monitor a speci c condition and report to a central logging facility. In our case, we have built several such sensors into the 4.4 BSD kernel (OpenBSD V2.7) to monitor for changes in le contents. The sensors look for les which are marked with a speci c system ag in the inode. When the sensors detect a le with this ag, they will report all changes to le contents made through the le system interface. This provides administrators with a valuable audit tool and supplies more reporting granularity than conventional le system integrity checkers (such as Tripwire r ).

James P. Early

[1] Brian W. Kernighan,et al. The C Programming Language , 1978 .

[2] David Safford,et al. The TAMU Security Package: An Ongoing Response to Internet Intruders in an Academic Environment , 1993, USENIX Security Symposium.

[3] Maurice J. Bach. The Design of the UNIX Operating System , 1986 .

[4] Eugene H. Spafford,et al. The design and implementation of tripwire: a file system integrity checker , 1994, CCS '94.

[5] Massimo Cotrozzi,et al. ATP - Anti-Tampering Program , 1993, USENIX Security Symposium.

[6] Eugene H. Spafford,et al. Using embedded sensors for detecting network attacks , 2000 .

[7] Steve R. Kleiman,et al. Vnodes: An Architecture for Multiple File System Types in Sun UNIX , 1986, USENIX Summer.

[8] Charles P. Pfleeger,et al. Security in computing , 1988 .

[9] Diego Zamboni,et al. Doing intrusion detection using embedded sensors| Thesis proposal , 2000 .

[10] Ronald L. Rivest,et al. The MD5 Message-Digest Algorithm , 1992, RFC.

[11] Eugene H. Spafford,et al. The COPS Security Checker System , 1990, USENIX Summer.