One of the means to detect intruder's activity is totrace all unauthorized changes in a file system.Programs which fulfill this functionality are called fileintegrity checkers. This paper concerns modernapproach to file system integrity checking. It reviewsarchitecture of popular systems that are widely used inproduction environment as well as scientific projects,which not only detect intruders but also take actions tostop their activity. The concept and architecture ofICAR System (Integrity Checking And RestoringSystem), which we are developing, will be presented.The ICAR System not only covers functionality ofintegrity checkers but also automatically restores files,which were modified by the intruder. ICAR has beendesigned as kernel module of the operating system andit uses read-only devices to store data. The article canprove useful to the operating systems users, that areinterested in securing their data and systemconfiguration.
Authors
Additional information
- DOI
- Digital Object Identifier link open in new tab 10.1109/inftech.2008.4621669
- Category
- Aktywność konferencyjna
- Type
- publikacja w wydawnictwie zbiorowym recenzowanym (także w materiałach konferencyjnych)
- Language
- angielski
- Publication year
- 2008
