TY - GEN
T1 - Hardware-assisted intrusion detection by preserving reference information integrity
AU - Lee, Junghee
AU - Nicopoulos, Chrysostomos
AU - Oh, Gi Hwan
AU - Lee, Sang Won
AU - Kim, Jongman
PY - 2013
Y1 - 2013
N2 - Malware detectors and integrity checkers detect malicious activities by comparing against reference data. To ensure their trustworthy operation, it is crucial to protect the reference data from unauthorized modification. This paper proposes the Soteria Security Card (SSC), an append-only storage. To the best of our knowledge, this work is the first to introduce the concept of an append-only storage and its application to information security. The SSC framework allows only read and append operations, and forbids over-write and erase operations. By exploiting this trait, we can protect the reference data that must be updated constantly. It is demonstrated how SSC facilitates log protection and file integrity checking.
AB - Malware detectors and integrity checkers detect malicious activities by comparing against reference data. To ensure their trustworthy operation, it is crucial to protect the reference data from unauthorized modification. This paper proposes the Soteria Security Card (SSC), an append-only storage. To the best of our knowledge, this work is the first to introduce the concept of an append-only storage and its application to information security. The SSC framework allows only read and append operations, and forbids over-write and erase operations. By exploiting this trait, we can protect the reference data that must be updated constantly. It is demonstrated how SSC facilitates log protection and file integrity checking.
KW - Hardware
KW - Log
KW - Protection
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=84892841674&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-03859-9_25
DO - 10.1007/978-3-319-03859-9_25
M3 - Conference contribution
AN - SCOPUS:84892841674
SN - 9783319038582
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 291
EP - 300
BT - Algorithms and Architectures for Parallel Processing - 13th International Conference, ICA3PP 2013, Proceedings
T2 - 13th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2013
Y2 - 18 December 2013 through 20 December 2013
ER -