Skip to main content
SpringerLink
Log in
Book cover

International Conference on Algorithms and Architectures for Parallel Processing

ICA3PP 2013: Algorithms and Architectures for Parallel Processing pp 291–300Cite as

Hardware-Assisted Intrusion Detection by Preserving Reference Information Integrity

  • Conference paper

  • 1578 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 8285))

Abstract

Malware detectors and integrity checkers detect malicious activities by comparing against reference data. To ensure their trustworthy operation, it is crucial to protect the reference data from unauthorized modification. This paper proposes the Soteria Security Card (SSC), an append-only storage. To the best of our knowledge, this work is the first to introduce the concept of an append-only storage and its application to information security. The SSC framework allows only read and append operations, and forbids over-write and erase operations. By exploiting this trait, we can protect the reference data that must be updated constantly. It is demonstrated how SSC facilitates log protection and file integrity checking.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Verison: 2013 data breach investigations report (2013)

    Google Scholar 

  2. Chung, H.: Barefoot SSD controller technical reference manual (2011)

    Google Scholar 

  3. Takada, T., Koike, H.: NIGELOG: protecting logging information by hiding multiple backups in directories. In: Proceedings of Tenth International Workshop on Database and Expert Systems Applications, pp. 874–878 (1999)

    Google Scholar 

  4. Waters, B., Waters, B.R., Balfanz, D., Balfanz, D., Durfee, G., Durfee, G., Smetters, D.K., Smetters, D.K.: Building an encrypted and searchable audit log. In: The 11th Annual Network and Distributed System Security Symposium (2004)

    Google Scholar 

  5. Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. 2(2), 159–176 (1999)

    Article  Google Scholar 

  6. Kawaguchi, N., Ueda, S., Obata, N., Miyaji, R., Kaneko, S., Shigeno, H., Okada, K.: A secure logging scheme for forensic computing. In: Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, pp. 386–393 (2004)

    Google Scholar 

  7. Foundation, A.S.: Apache HTTP server

    Google Scholar 

  8. Butler, J.M.: Benchmarking security information event management (SIEM) (2009)

    Google Scholar 

  9. Group, T.C.: Trusted platform module (TPM) specifications (2011)

    Google Scholar 

  10. Ruhrmair, U., van Dijk, M.: Pufs in security protocols: Attack models and security evaluations. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 286–300 (2013)

    Google Scholar 

  11. Brzuska, C., Fischlin, M., Schröder, H., Katzenbeisser, S.: Physically uncloneable functions in the universal composition framework. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 51–70. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  12. ARM: ARM security technology (2009)

    Google Scholar 

  13. Petroni Jr., N.L., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot - a coprocessor-based kernel runtime integrity monitor. In: Proceedings of the 13th Conference on USENIX Security Symposium, vol. 13 (2004)

    Google Scholar 

  14. Grover, S., Khosravi, H., Kolar, D., Moffat, S., Kounavis, M.: Rkrd: Runtime kernel rootkit detection 48, 224–236 (2009)

    Google Scholar 

  15. Lee, H., Moon, H., Jang, D., Kim, K., Lee, J., Paek, Y., ByungHoon, K.B.: KI-Mon: a hardware-assisted event-triggered monitoring platform for mutable kernel object. In: Proceedings of 22nd USENIX Security Symposium (2013)

    Google Scholar 

  16. Boeck, B., Huemer, D., Tjoa, A.M.: Towards more trustable log files for digital forensics by means of “trusted computing”. In: 24th IEEE International Conference on Advanced Information Networking and Applications, pp. 1020–1027 (2010)

    Google Scholar 

  17. Zhang, X., van Doorn, L., Jaeger, T., Perez, R., Sailer, R.: Secure coprocessor-based intrusion detection. In: Proceedings of the 10th Workshop on ACM SIGOPS European Workshop, EW 2010, pp. 239–242. ACM, New York (2002)

    Google Scholar 

  18. Quynh, N.A., Takefuji, Y.: A novel approach for a file-system integrity monitor tool of xen virtual machine. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, pp. 194–202 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Georgia Institute of Technology, Atlanta, USA

    Junghee Lee & Jongman Kim

  2. University of Cyprus, Nicosia, Cyprus

    Chrysostomos Nicopoulos

  3. Sungkyunkwan University, Suwon, South Korea

    Gi Hwan Oh & Sang-Won Lee

Authors
  1. Junghee Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chrysostomos Nicopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gi Hwan Oh
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sang-Won Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jongman Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Computer Science, Cracow University of Technology, Warszawska 24, 31-155, Cracow, Poland

    Joanna Kołodziej

  2. Dipartimento di Ingegneria, Seconda Universita’ di Napoli, 81031, Aversa, CE, Italy

    Beniamino Di Martino

  3. DIMES and ICAR-CNR, c/o Università della Calabria, 87036, Rende, CS, Italy

    Domenico Talia

  4. College of Computing and Information Sciences, Rochester Institute of Technology, 14623, Rochester, NY, USA

    Kaiqi Xiong

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer International Publishing Switzerland

About this paper

Cite this paper

Lee, J., Nicopoulos, C., Oh, G.H., Lee, SW., Kim, J. (2013). Hardware-Assisted Intrusion Detection by Preserving Reference Information Integrity. In: Kołodziej, J., Di Martino, B., Talia, D., Xiong, K. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2013. Lecture Notes in Computer Science, vol 8285. Springer, Cham. https://doi.org/10.1007/978-3-319-03859-9_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-03859-9_25

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-03858-2

  • Online ISBN: 978-3-319-03859-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation