LSM-Based Secure System Monitoring Using Kernel Protection Schemes

Isohara, Takamasa; Takemori, Keisuke; Miyake, Yutaka; Qu, Ning; Perrig, Adrian

doi:10.1109/ares.2010.48

Cited by 5 publications

(8 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Knowledge of the distribution law makes it possible to estimate possible deviations in the value of damage from its mean value. However, in practice, the distribution law of the damage extent is not usually applied [2][3][4]. Contemporary science has not developed clear algorithms for a priori specification of the distribution law of a random variable.…”

Section: Methodsmentioning

confidence: 99%

Mathematical modeling of damage function when attacking file server

Козлов

Скрыпников

Чернышова

et al. 2018

J. Phys.: Conf. Ser.

View full text Add to dashboard Cite

Abstract. The development of information technologies in Russia and the prospects for their further improvement allow us to identify a stable trend of expansion of both functions of the corresponding automated information systems (AIS) and the spheres of their application. At the same time, many threats to information processes in the AIS are expanding, which in turn stimulates the development of adequate means and systems for ensuring the information security of the AS and methods for assessing their protection. It is necessary to assess the ability of the system to continue its normal functioning under the conditions of permanent destructive influences and to resist them, to adapt the functioning algorithms to new conditions and to organize functional restoration or to ensure functioning with a gradual process of degradation, possibly without losing the most significant "critical" information functions. The analysis and evaluation of reliability are needed to be transformed into the analysis and evaluation of survivability. Survivability can be considered as the ability of the information system to store and restore the performance of basic functions in a given volume and for a given time in the case of a change in the system structure and / or algorithms and the conditions of its functioning due to adverse effects. One of the system survivability indicators is the reserve of survivability (S-survivability) that is the critical number of defects reduced by a unit. The authors will consider defect as a unit of measurement of damage to the information system by adverse impact. U is denoted as the critical number of defects, then S = 1-U is the index of S-survivability. The article gives the definition of an analytical formula for the function of damage and risk.

show abstract

Section: Methodsmentioning

confidence: 99%

Mathematical modeling of damage function when attacking file server

Козлов

Скрыпников

Чернышова

et al. 2018

J. Phys.: Conf. Ser.

View full text Add to dashboard Cite

show abstract

“…An original logging method, independent of syslog, has been proposed for audit [8]. This method uses Linux Security Modules (LSM) to gather the logs, and Mandatory Access Control (MAC) to ensure their validity.…”

Section: Original Logging Methodsmentioning

confidence: 99%

“…This is a scientific method or research technology for court actions, which allows us to explain the validity of the electronic records. Many researchers are working in this area of the protection of logging information [2,4,8,10,11].…”

Section: Introductionmentioning

confidence: 99%

VMBLS: Virtual Machine Based Logging Scheme for Prevention of Tampering and Loss

Sato¹,

Yamauchi²

2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Logging information is necessary in order to understand a computer's behavior. However, there is a possibility that attackers will delete logs to hide the evidence of their attacking and cheating. Moreover, various problems might cause the loss of logging information. In homeland security, the plans for counter terrorism are based on data. The reliability of the data is depends on that of data collector. Because the reliability of the data collector is ensured by logs, the protection of it is important problem. To address these issues, we propose a system to prevent tampering and loss of logging information using a virtual machine monitor (VMM). In this system, logging information generated by the operating system (OS) and application program (AP) working on the target virtual machine (VM) is gathered by the VMM without any modification of the OS. The security of the logging information is ensured by its isolation from the VM. In addition, the isolation and multiple copying of logs can help in the detection of tampering.

show abstract

“…LSM is also used in MAC-based malware and rootkit detection solution in [12]. The process information is obtained by using LSM to intercept the system calls which are activated when a process is executed.…”

Section: B Linux Security Modules (Lsm)mentioning

confidence: 99%