Skip to Main Content
One of the means to detect intruderpsilas activity is to trace all unauthorized changes in a file system. Programs which fulfill this functionality are called file integrity checkers. This paper concerns modern approach to file system integrity checking. It reviews architecture of popular systems that are widely used in production environment as well as scientific projects, which not only detect intruders but also take actions to stop their activity. The concept and architecture of ICAR system (integrity checking and restoring system), which we are developing, will be presented. The ICAR System not only covers functionality of integrity checkers but also automatically restores files, which were modified by the intruder. ICAR has been designed as kernel module of the operating system and it uses read-only devices to store data. The article can prove useful to the operating systems users, that are interested in securing their data and system configuration.
Date of Conference: 18-21 May 2008