Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Barbará, Daniel | Goel, Rajni; * | Jajodia, Sushil
Affiliations: Center for Secure Information Systems, George Mason University, Fairfax, VA 22030-4444, USA. E-mail: dbarbara@gmu.edu, rgoel@gmu.edu, jajodia@gmu.edu
Correspondence: [*] Corresponding author.
Note: [1] This work has been supported by Air Force Research Laboratory/Rome under grant F30602-98-C-0264. A preliminary version of this paper appeared under the title “Protecting file systems against corruption using checksums”, in: Data and Applications Security: Developments and Directions, B. Thuraisingham, R. van de Riet, K.R. Dittrich and J. Tari, eds, Kluwer Academic Publishers, Boston, 2001, pp. 113–124.
Abstract: We consider the problem of malicious attacks that lead to corruption of files in a file system. A typical method to detect such corruption is to compute signatures of all the files and store these signatures in a secure place. A malicious modification of a file can be detected by verifying the signature. This method, however, leaves the system vulnerable to an attacker who has access to some of the files and the signatures (but not the signing transformation) and who replaces some of the files by their old versions and the corresponding signatures by the signatures of the old versions. In this paper, we present a technique called Check2 that also relies on signatures for detecting corruption of files. The novel feature of our approach is that we compute additional levels of signatures to guarantee that any change of a file and the corresponding signature will require an attacker to perform a very lengthy chain of precise changes to successfully complete the corruption in an undetected manner. If an attacker fails to complete all the required changes, Check2 can be used to pinpoint which files have been corrupted. Two alternative ways of implementing Check2 are offered, the first using a deterministic way of combining signatures and the second using a randomized scheme. Our results show that the overhead added to the system is minimal.
DOI: 10.3233/JCS-2003-11303
Journal: Journal of Computer Security, vol. 11, no. 3, pp. 315-329, 2003
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl