Title :
External Integrity Checking with Invariants
Author :
Shimada, Hiroki ; Nakajima, T.
Author_Institution :
Dept. of Comput. Sci., Waseda Univ., Tokyo, Japan
Abstract :
In order to enhance OS security, most of people use security patches to fix the vulnerabilities of the OS. However, the security patches may also incur vulnerabilities. These vulnerabilities are generated since most OSes has a lot of functionalities and their functionalities are very complex to manage the entire source code manually. Moreover, in order to use the security patch, rebooting the system is required. Some of systems such as enterprise servers and embedded systems cannot accept the rebooting. Therefore, we propose an external integrity checking system to enhance the OS security. The external integrity checking system and a target OS run on a hyper visor simultaneously, therefore, their operations do not affect each other. In addition, the integrity checking system is generated automatically with invariants. Therefore, the possibility of inserting vulnerabilities into the system is as small as possible, and the system can cover a lot of vulnerabilities.
Keywords :
operating systems (computers); security of data; OS security enhancement; external integrity checking system; hyper visor; security patches; source code; Data structures; Embedded systems; Kernel; Linux; Prototypes; Security; Virtual machine monitors; invariant; monitoring service; security;
Conference_Titel :
Embedded and Real-Time Computing Systems and Applications (RTCSA), 2011 IEEE 17th International Conference on
Conference_Location :
Toyama
Print_ISBN :
978-1-4577-1118-3
DOI :
10.1109/RTCSA.2011.52
