Abstract
Resisting malicious Web page tampering is critical to provide robust web services. Existing Web page tamper-resistant solutions either require extra equipments (e.g., storage equipments or content distribution systems), or suffer from significant performance degradation. In this paper, we design and implement a lightweight Web page tamper-resistant system for the Linux system. In our design, we adopt the system call interception, event-trigger mechanism, the attribute of Linux file system, and combine them together to resist tampering attempts to the Web page files. Our solution is very lightweight and does not require any additional storage equipments or content distribution systems. We implement a prototype of our mechanism on Linux with kernel version 2.6, and deploy it in a campus Web server. Experiment results show that our mechanism can effectively protect Web page files from being tampered, incurring only negligible increase in response delay and CPU utilization ratio.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Long, X., Peng, H., Zhang, C., et al.: A fragile watermarking scheme for tamper-proof of Web pages. In: Proc. of IEEE WASE International Conference on Information Engineering 2009, Taiyuan, China, pp. 155–158 (2009)
Jin, C., Xu, H., Zhang, X.: Web pages tamper-proof method using virus-based watermarking. In: Proc. of International Conference on Audio, Language and Image Processing 2008, Shanghai, China, pp. 1012–1015 (2008)
Huo, J., Qu, H., Liu, L.: Design and Implementation of Automatic Defensive Websites Tamper-Resistant System. Journal of Software 7, 2379–2386 (2012)
Fan, J.H., Song, Y.B.: Web page Tamper-resistant Mechanism Based on File-filtering Driver and Event-triggering. Journal of Chongqing Institute of Technology (Natural Science) 12, 65–70 (2009)
He, Q., Zhao, B., Wang, Y., et al.: Web file protection based on the Rsync algorithm and local snapshots. Computer Engineering 39, 190–199 (2013)
Yao, Y.: Research and Design of page tamper system. Computer Security 6, 53–55 (2010)
Zhou, J., He, Q., Yao, L.: A Distributed Website Anti-tamper System Based on Filter Driver and Proxy. In: Jin, D., Lin, S. (eds.) Advances in MSEC Vol. 1. AISC, vol. 128, pp. 415–421. Springer, Heidelberg (2011)
Ian S.: Monitor Linux file system events with inotify, http://www.ibm.com/developerworks/opensource/library/l-inotify/index.html
Stevens, W.R., Rago, S.A.: Advanced Programming in the UNIX Environment, 2nd edn. Pearson (2005) ISBN 978-0321525949
Common Vulnerabilities and Exposures, http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-225
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Mi, A., Wang, W., Zhang, S., Song, H. (2013). Design of Lightweight Web Page Tamper-Resistant Mechanism for Linux. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds) Cyberspace Safety and Security. CSS 2013. Lecture Notes in Computer Science, vol 8300. Springer, Cham. https://doi.org/10.1007/978-3-319-03584-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-03584-0_3
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-03583-3
Online ISBN: 978-3-319-03584-0
eBook Packages: Computer ScienceComputer Science (R0)