Using independent auditors as intrusion detection systems

被引:0
作者
Molina, J [1 ]
Arbaugh, W [1 ]
机构
[1] Univ Maryland, Dept Comp Sci, College Pk, MD 20742 USA
来源
INFORMATION AND COMMUNICATIONS SECURITY, PROCEEDINGS | 2002年 / 2513卷
关键词
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
A basic method in computer security is to perform integrity checks on the file system to detect the installation of malicious programs, or the modification of sensitive files. Integrity tools to date rely on the operating system to function correctly, so once the operating system is compromised even a novice attacker can easily defeat these tools. A novel way to overcome this problem is the use of an independent auditor, which uses an out-of-band verification process that does not depend on the underlying operating system. In this paper we present a definition of independent auditors and a specific implementation of an independent auditor using an embedded system attached to the PCI bus.
引用
收藏
页码:291 / 302
页数:12
相关论文
共 14 条
  • [1] Beattie S., 2000, CRYPTOMARK LOCKING S
  • [2] Bond M, 2001, COMPUTER, V34, P67, DOI 10.1109/2.955101
  • [3] *CERT, 2001, IN200101 CERT
  • [4] FISCHER J, 2001, THESIS
  • [5] *INT CORP, 2001, US MAN 21555 NONTR P
  • [6] *INT CORP, 1998, REF MAN STRONGARM EB
  • [7] *INT CORP, 1998, DAT 21285 COR LOG SA
  • [8] KIM GH, TR93071
  • [9] LEHTI R, AIDE ADV INTRUSION D
  • [10] Schneier Bruce., 1999, ACM Transactions on Information and System Security (TISSEC), V2, P159, DOI DOI 10.1145/317087.317089
12