Evaluation of Distributed File Integrity Analyzers in the Presence of Tampering
نویسندگان
چکیده
In this paper, the Collaborative Object Notification Framework for Insider Defense using Autonomous Network Transactions (CONFIDANT) is evaluated in the presence of tampering. CONFIDANT’s mitigation capabilities are assessed and compared with conventional file integrity analyzers such as AIDE and tripwire. The potential of distributed techniques to address certain tampering modes such as Pacing, Altering Internal Data, and File Juggling are discussed. To assess capabilities, a variably-weighted tampering mode exposure metric scheme is developed and utilized. Results indicate a range of vulnerabilities for which mitigation techniques such as Encapsulation, Redundancy, Scrambling, and mandatory obsolescence can increase robustness against challenging exposures, including various insider tampering risks.
منابع مشابه
Trusted Detection of Unauthorized Filesystem Modifications to Combat Insider Tampering †
An insider-robust approach to file integrity verification is developed using interacting strata of mobile agents. Previous approaches relied upon monolithic architectures, or more recently, agent frameworks using a centralized control mechanism or common reporting repository. However, any such distinct tamperingpoint introduces vulnerabilities, especially from knowledgeable insiders capable of ...
متن کاملMitigation of Insider Risks using Distributed Agent Detection, Filtering, and Signaling
An insider-robust approach to file integrity verification is developed using interacting strata of mobile agents. Previous approaches relied upon monolithic architectures, or more recently, agent frameworks using a centralized control mechanism or common reporting repository. However, any such distinct tampering-point introduces vulnerabilities, especially from knowledgeable insiders capable of...
متن کاملMobility-Enhanced File Integrity Analyzer For Networked Environments
The ability to monitor computer file systems for unauthorized changes is a powerful administrative tool. Ideally this task could be performed remotely under the direction of the administrator to allow on-demand checking, and use of tailorable reporting and exception policies targeted to adjustable groups of network elements. This paper introduces M-FICA, a Mobile File Integrity and Consistency ...
متن کاملEnsuring Media Integrity on Third-Party Infrastructures
In many heterogeneous networked applications the integrity of multimedia data plays an essential role, but is not directly supported by the application. In this paper, we propose a method which enables an individual user to detect tampering with a multimedia file without changing the software application provided by the third party. Our method is based on a combination of cryptographic signatur...
متن کاملEvaluation of the Effect of Presence of Health Information Technology Expert on Medical Records of Patients Admitted to Fatemeh Zahra Hospital, Sari, Iran
Background: Documenting medical records plays an important role in treatment and prevention. The purpose of this study was to evaluate the impact of the presence of health information technology experts in clinical wards on the documentation of hospital admissions files. Methods: In this descriptive cross-sectional study, 96 inpatient records in 2014 and 96 inpatient records in Fatemeh Zahra H...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- I. J. Network Security
دوره 5 شماره
صفحات -
تاریخ انتشار 2007