A Real-time Integrity Monitor for Xen Virtual Machine
作者: Nguyen Anh Quynh , Y. Takefuji
DOI: 10.1109/ICNS.2006.13
关键词:
摘要: File-system integrity tools (FIT) are commonly deployed to assist forensic investigation after security incidents and as host-based intrusion detections (HIDS) tool detect unauthorized file-system changes. Basically all the current solutions employ same tactic: administrator specifies a list of critical files directories that needs be monitored, then uses FIT create base-line database tracks general parameters about these files. The is re-run periodically, if it detects modifications against information stored in database, report on changed file generated. However, this strategy far from perfect: detection cannot done real-time, which might render whole scheme useless attacker can somehow take over system with privileged access time between. also has lot problems keep updating. Besides, he must do everything protect itself compromising by attacker, not an easy task especially gains local access. This paper presents novel approach address outstanding FIT. We propose design implementation named XenRIM for Xen virtual machines. monitor fires alarms real-time manner, our does require update like legacy methods. As result, almost effortless deploy maintain. Thanks advantage introduced Xen, polices centralized secure machine resistant tampering. Even better, strictly, able function very stealthily avoid suspect attacker. Our experimental result demonstrates incurs low performance overhead (less than 4%), makes solution attractive practical production systems
elsevier.com
sci-hub.se 参考文章(7)
T. Holz, F. Raynal, Detecting honeypots and other suspicious environments systems man and cybernetics. pp. 29- 36 ,(2005) , 10.1109/IAW.2005.1495930
Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield, Xen and the art of virtualization symposium on operating systems principles. ,vol. 37, pp. 164- 177 ,(2003) , 10.1145/1165389.945462
Gopalan Sivathanu, Charles P. Wright, Erez Zadok, Ensuring data integrity in storage: techniques and applications workshop on storage security and survivability. pp. 26- 36 ,(2005) , 10.1145/1103780.1103784
James Morris, Crispin Cowan, Stephen Smalley, Chris Wright, Greg Kroah-Hartman, Linux Security Modules: General Security Support for the Linux Kernel usenix security symposium. pp. 17- 31 ,(2002)
Gene H. Kim, Eugene H. Spafford, The design and implementation of tripwire: a file system integrity checker computer and communications security. pp. 18- 29 ,(1994) , 10.1145/191177.191183
C. Wright, C. Cowan, J. Morris, S. Smalley, G. Kroah-Hartman, Linux security modules: general security support for the linux kernel Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems]. pp. 213- 226 ,(2003) , 10.1109/FITS.2003.1264934
Gopalan Sivathanu, Erez Zadok, Swapnil Patil, Anand Kashyap, FS: An In-Kernel Integrity Checker and Intrusion Detection File System usenix large installation systems administration conference. pp. 67- 78 ,(2004)