Modern approaches to file system integrity checking

Kaczmarek, Jerzy; Wróbel, Michał R.

doi:10.1109/inftech.2008.4621669

Cited by 8 publications

(3 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition to supporting traditional file-level integrity checks, I3FS also supports page-level integrity checking. Kaczmarek et al [6] designed a file system integrity protection scheme based on the LSM framework [7].…”

Section: Related Workmentioning

confidence: 99%

A Hybrid Multi-level Mechanism for Application Integrity Checking

Xian-hua¹,

Ruan²,

Yuan³

2017

dtcse

View full text Add to dashboard Cite

Abstract. The protection of the integrity of the computer system, although not able to deal with all security threats, is still essential to enhance the overall security of the system. Integrity check may be a reasonable way to protect application from tampering with low cost. This paper designs a multi-level check mechanism of application integrity with multiple inspection methods, which can better display the advantages of different inspection methods. Hybrid checking method may be utilized for different file integrity checking demands. The paper also demonstrate the implementation of a high-performance Linux page-level integrity checking method, in reference to the design in NetBSD system. Experiment results show that it may better deal with the application file rollback attacks. And on machine with limited resource, for example, thin client, the overhead of integrity checking can be lower than 10%.

show abstract

Section: Related Workmentioning

confidence: 99%

A Hybrid Multi-level Mechanism for Application Integrity Checking

Xian-hua¹,

Ruan²,

Yuan³

2017

dtcse

View full text Add to dashboard Cite

show abstract

“…Jerzy Kaczmarek et al presented the concept and architecture of the ICAR System (Integrity Checking And Restoring System) [19]. The ICAR System not only covers the functions of integrity checkers but also automatically restores files.…”

Section: Related Workmentioning

confidence: 99%

A method for reliably managing files with RNS in multi Data Grids

Kawai

Hasan

Iwai

et al. 2011

Procedia Computer Science

View full text Add to dashboard Cite

This paper describes a method for reliably managing files distributed in different kinds of Data Grids with RNS (Resource Namespace Service). RNS provides hierarchical namespace management for name-to-resource mapping as a key technology when using Grid resources for different kinds of middleware. We define attribute expressions in XML for the RNS entries and give algorithms to access distributed files stored within different kinds of Data Grids.The volume of digital data and the size of an individual file are increasing due to the introduction of high-resolution images, high-definition audiovisual files, etc. The reliable storage of such large files is becoming problematic with whole file replication as a failure in the integrity of the file is difficult to localise. Our method involves managing large files in Data Grids by splitting them into smaller units in a traceable manner and then managing the smaller units. The RNS catalog service contains EPR (Endpoint Reference) and metadata that describe the original locations as well as the checksum values. The example in this paper shows how our Grid application can retrieve the actual file locations and the checksum values from the RNS service via SAGA (A Simple API for Grid Applications). An application can access the distributed files as though they were files in the local file-system without worrying about the underlying Data Grids.This approach can be used with various Data Grid systems to enhance file reliability.

show abstract

“…We propose a novel system that enables file integrity verification -Integrity Checking and Recovery (ICAR) -implemented as an in-kernel LSMbased module [4]. Our system overcomes the shortcomings of existing solutions taking the following main assumptions:…”

Section: Introductionmentioning

confidence: 99%

Operating system security by integrity checking and recovery using write‐protected storage

Kaczmarek

Wróbel

2014

IET Information Security

Self Cite

View full text Add to dashboard Cite

The paper presents an Integrity Checking and Recovery (ICAR) system which protects file system integrity and automatically restores modified files. The system enables files cryptographic hashes generation and verification, as well as configuration of security constraints. All of the crucial data, including ICAR system binaries, file backups and hashes database are stored in a physically write protected storage to eliminate the threat of unauthorized modification. A buffering mechanism was designed and implemented in the system to increase operation performance. Additionally, the system supplies user tools for cryptographic hash generation and security database management. The system is implemented as a kernel extension, compliant with the Linux Security Model. Experimental evaluation of the system was performed and showed an approximate 10% performance degradation in secured file access compared to regular access.

show abstract

Modern approaches to file system integrity checking

Cited by 8 publications

References 3 publications

A Hybrid Multi-level Mechanism for Application Integrity Checking

A Hybrid Multi-level Mechanism for Application Integrity Checking

A method for reliably managing files with RNS in multi Data Grids

Operating system security by integrity checking and recovery using write‐protected storage

Contact Info

Product

Resources

About