Hardware-assisted intrusion detection by preserving reference information integrity

Junghee Lee; Chrysostomos Nicopoulos; Gi Hwan Oh; Sang Won Lee; Jongman Kim

doi:10.1007/978-3-319-03859-9_25

Hardware-assisted intrusion detection by preserving reference information integrity

Junghee Lee, Chrysostomos Nicopoulos, Gi Hwan Oh, Sang Won Lee, Jongman Kim

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Malware detectors and integrity checkers detect malicious activities by comparing against reference data. To ensure their trustworthy operation, it is crucial to protect the reference data from unauthorized modification. This paper proposes the Soteria Security Card (SSC), an append-only storage. To the best of our knowledge, this work is the first to introduce the concept of an append-only storage and its application to information security. The SSC framework allows only read and append operations, and forbids over-write and erase operations. By exploiting this trait, we can protect the reference data that must be updated constantly. It is demonstrated how SSC facilitates log protection and file integrity checking.

Original language	English
Title of host publication	Algorithms and Architectures for Parallel Processing - 13th International Conference, ICA3PP 2013, Proceedings
Pages	291-300
Number of pages	10
Edition	PART 1
DOIs	https://doi.org/10.1007/978-3-319-03859-9_25
Publication status	Published - 2013
Externally published	Yes
Event	13th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2013 - Vietri sul Mare, Italy Duration: 2013 Dec 18 → 2013 Dec 20

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Number	PART 1
Volume	8285 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	13th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2013
Country/Territory	Italy
City	Vietri sul Mare
Period	13/12/18 → 13/12/20

Keywords

Hardware
Log
Protection
Security

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-319-03859-9_25

Cite this

Lee, J., Nicopoulos, C., Oh, G. H., Lee, S. W., & Kim, J. (2013). Hardware-assisted intrusion detection by preserving reference information integrity. In Algorithms and Architectures for Parallel Processing - 13th International Conference, ICA3PP 2013, Proceedings (PART 1 ed., pp. 291-300). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8285 LNCS, No. PART 1). https://doi.org/10.1007/978-3-319-03859-9_25

Hardware-assisted intrusion detection by preserving reference information integrity. / Lee, Junghee; Nicopoulos, Chrysostomos; Oh, Gi Hwan et al.
Algorithms and Architectures for Parallel Processing - 13th International Conference, ICA3PP 2013, Proceedings. PART 1. ed. 2013. p. 291-300 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8285 LNCS, No. PART 1).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lee, J, Nicopoulos, C, Oh, GH, Lee, SW & Kim, J 2013, Hardware-assisted intrusion detection by preserving reference information integrity. in Algorithms and Architectures for Parallel Processing - 13th International Conference, ICA3PP 2013, Proceedings. PART 1 edn, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), no. PART 1, vol. 8285 LNCS, pp. 291-300, 13th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2013, Vietri sul Mare, Italy, 13/12/18. https://doi.org/10.1007/978-3-319-03859-9_25

Lee J, Nicopoulos C, Oh GH, Lee SW, Kim J. Hardware-assisted intrusion detection by preserving reference information integrity. In Algorithms and Architectures for Parallel Processing - 13th International Conference, ICA3PP 2013, Proceedings. PART 1 ed. 2013. p. 291-300. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 1). doi: 10.1007/978-3-319-03859-9_25

Lee, Junghee ; Nicopoulos, Chrysostomos ; Oh, Gi Hwan et al. / Hardware-assisted intrusion detection by preserving reference information integrity. Algorithms and Architectures for Parallel Processing - 13th International Conference, ICA3PP 2013, Proceedings. PART 1. ed. 2013. pp. 291-300 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 1).

@inproceedings{eaabea230533415f80c1d79f90099506,

title = "Hardware-assisted intrusion detection by preserving reference information integrity",

abstract = "Malware detectors and integrity checkers detect malicious activities by comparing against reference data. To ensure their trustworthy operation, it is crucial to protect the reference data from unauthorized modification. This paper proposes the Soteria Security Card (SSC), an append-only storage. To the best of our knowledge, this work is the first to introduce the concept of an append-only storage and its application to information security. The SSC framework allows only read and append operations, and forbids over-write and erase operations. By exploiting this trait, we can protect the reference data that must be updated constantly. It is demonstrated how SSC facilitates log protection and file integrity checking.",

keywords = "Hardware, Log, Protection, Security",

author = "Junghee Lee and Chrysostomos Nicopoulos and Oh, {Gi Hwan} and Lee, {Sang Won} and Jongman Kim",

year = "2013",

doi = "10.1007/978-3-319-03859-9_25",

language = "English",

isbn = "9783319038582",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

number = "PART 1",

pages = "291--300",

booktitle = "Algorithms and Architectures for Parallel Processing - 13th International Conference, ICA3PP 2013, Proceedings",

edition = "PART 1",

note = "13th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2013 ; Conference date: 18-12-2013 Through 20-12-2013",

}

TY - GEN

T1 - Hardware-assisted intrusion detection by preserving reference information integrity

AU - Lee, Junghee

AU - Nicopoulos, Chrysostomos

AU - Oh, Gi Hwan

AU - Lee, Sang Won

AU - Kim, Jongman

PY - 2013

Y1 - 2013

N2 - Malware detectors and integrity checkers detect malicious activities by comparing against reference data. To ensure their trustworthy operation, it is crucial to protect the reference data from unauthorized modification. This paper proposes the Soteria Security Card (SSC), an append-only storage. To the best of our knowledge, this work is the first to introduce the concept of an append-only storage and its application to information security. The SSC framework allows only read and append operations, and forbids over-write and erase operations. By exploiting this trait, we can protect the reference data that must be updated constantly. It is demonstrated how SSC facilitates log protection and file integrity checking.

AB - Malware detectors and integrity checkers detect malicious activities by comparing against reference data. To ensure their trustworthy operation, it is crucial to protect the reference data from unauthorized modification. This paper proposes the Soteria Security Card (SSC), an append-only storage. To the best of our knowledge, this work is the first to introduce the concept of an append-only storage and its application to information security. The SSC framework allows only read and append operations, and forbids over-write and erase operations. By exploiting this trait, we can protect the reference data that must be updated constantly. It is demonstrated how SSC facilitates log protection and file integrity checking.

KW - Hardware

KW - Log

KW - Protection

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=84892841674&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-03859-9_25

DO - 10.1007/978-3-319-03859-9_25

M3 - Conference contribution

AN - SCOPUS:84892841674

SN - 9783319038582

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 291

EP - 300

BT - Algorithms and Architectures for Parallel Processing - 13th International Conference, ICA3PP 2013, Proceedings

T2 - 13th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2013

Y2 - 18 December 2013 through 20 December 2013

ER -

Hardware-assisted intrusion detection by preserving reference information integrity

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this