One of the means to detect intruder's activity is totrace all unauthorized changes in a file system.Programs which fulfill this functionality are called fileintegrity checkers. This paper concerns modernapproach to file system integrity checking. It reviewsarchitecture of popular systems that are widely used inproduction environment as well as scientific projects,which not only detect intruders but also take actions tostop their activity. The concept and architecture ofICAR System (Integrity Checking And RestoringSystem), which we are developing, will be presented.The ICAR System not only covers functionality ofintegrity checkers but also automatically restores files,which were modified by the intruder. ICAR has beendesigned as kernel module of the operating system andit uses read-only devices to store data. The article canprove useful to the operating systems users, that areinterested in securing their data and systemconfiguration.
Autorzy
Informacje dodatkowe
- DOI
- Cyfrowy identyfikator dokumentu elektronicznego link otwiera się w nowej karcie 10.1109/inftech.2008.4621669
- Kategoria
- Aktywność konferencyjna
- Typ
- publikacja w wydawnictwie zbiorowym recenzowanym (także w materiałach konferencyjnych)
- Język
- angielski
- Rok wydania
- 2008
Źródło danych: MOSTWiedzy.pl - publikacja "Modern approaches to file system integrity checking" link otwiera się w nowej karcie
