Abstract
A basic method in computer security is to perform integrity checks on the file system to detect the installation of malicious programs, or the modification of sensitive files. Integrity tools to date rely on the operating system to function correctly, so once the operating system is compromised even a novice attacker can easily defeat these tools. A novel way to overcome this problem is the use of an independent auditor, which uses an out-of-band verification process that does not depend on the underlying operating system. In this paper we present a definition of independent auditors and a specific implementation of an independent auditor using an embedded system attached to the PCI bus.
This work funded in part by DARPA grant #F306020120535
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
G. H. Kim and E. H. Spafford: The design and Implementation of TRIPWIRE: A File System integrity checker. Technical Report, TR-93-071.
R. Lehti, P. Virolainen: AIDE (Advanced Intrusion Detection Environment), Web ref: http://www.cs.tut.fi/~rammer/aide.html
S. M Beattie, Andrew P. Black, Cristing Cowan, Calton Pu, Lateef P. Yang: Cryptomark: Locking the Stable door qahead of the Trojan Horse. Technical review, Jul 2000.
L. Van Doorn, G. Ballintijn and W. Arbaugh: Signed Executables for Linux. Technical review, 2000.
“Halflife”: Bypassing Integrity Checking Systems. Phrack, volume 7, Issue 51, September 1997.
CERT(r): em Incident Note IN-2001-01, Widespread Compromises via “ramen“ Toolkit. January 18, 2001
Pedestal software, Integrity Protection Driver (IPD), http://pedestalsoftware.com/intact/ipd/
Mike Bond, Ross Anderson: API-Level Attacks on Embedded Systems. In IEEE Computer Vol. 34, No. 10 pp. 67–75, October 2001.
Bruce Schneier and John Kelsey: Secure Audit Logs to Support Computer Forensics. ACM transactions on Information and System Security, Vol. 2, No 2, May 1999, Pages 159–176.
Intel Corporation: Datasheet, 21285 Core Logicfor the SA-110 Microprocessor. September 1998.
Intel Corporation: Reference Manual, StrongARM EBSA-285 Evaluation Board. October 1998.
M. Tanuan: An Introduction to the Linux operating system Architecture Web Reference http://www.grad.math.uwaterloo.ca/~mctanuan/cs746g/LinuxCA.html
PCI Special Interest Group: PCI Local Bus Specification, Revision 2.2. December 1998.
Intel Corporation: User Manual, 21555 Non-Transparent PCI-to-PCI Bridge. July 2001.
Jim Fischer: CiNIC-Calpoly Intelligent NIC. EE MS Thesis, June 2001.
Xilinx: Virtex-II Pro Platform FPGA Handbook. January 31 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Molina, J., Arbaugh, W. (2002). Using Independent Auditors as Intrusion Detection Systems. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds) Information and Communications Security. ICICS 2002. Lecture Notes in Computer Science, vol 2513. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36159-6_25
Download citation
DOI: https://doi.org/10.1007/3-540-36159-6_25
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00164-5
Online ISBN: 978-3-540-36159-6
eBook Packages: Springer Book Archive