Operating system security by integrity checking and recovery using write-protected storage

The paper presents an Integrity Checking and Recovery (ICAR) system which protects file system integrity and automatically restores modified files. The system enables files cryptographic hashes generation and verification, as well as configuration of security constraints. All of the crucial data, including ICAR system binaries, file backups and hashes database are stored in a physically write protected storage to eliminate the threat of unauthorized modification. A buffering mechanism was designed and implemented in the system to increase operation performance. Additionally, the system supplies user tools for cryptographic hash generation and security database management. The system is implemented as a kernel extension, compliant with the Linux Security Model. Experimental evaluation of the system was performed and showed an approximate 10% performance degradation in secured file access compared to regular access.