In-Kernel Integrity Checker and Intrusion Detection File System

Today, improving the security of computer systems has become an important and difficult problem. Attackers can cause serious damage to the integrity of a system. This makes attack detection complex and time-consuming for the system administrators. Current integrity checkers and IDSs are designed to operate as user-mode utilities and perform checks as scheduled. Such systems are ineffective in detecting attacks that happen between scheduled checks. Worse, user-level tools could be more easily compromised, if an attacker breaks into the system with administrator privileges. Our system, called I3FS, is an on-access intrusion detection file system that checks the integrity of the file system in real-time to contain the damage caused by incorrect system state, and immediately notify the administrator. I3FS is a stackable in-kernel file system that works independently of the underlying file system (e.g., Ext3, NFS). I3FS's design improves over the open-source Tripwire system by enhancing the scalability and ease of use for administrators.

Download software.

Conference and Workshop Papers:

# Title (click for html version) Formats Published In Date Comments
1 Ensuring Data Integrity in Storage: Techniques and Applications PS PDF BibTeX First ACM International Workshop on Storage Security and Survivability (StorageSS 2005) held in conjunction with the 12th ACM CCS. Nov 2005  
2 I3FS: An In-Kernel Integrity Checker and Intrusion Detection File System PS PDF BibTeX Usenix Large Installation Systems Administration Conference (LISA 18) Nov 2004  

Past Students:

# Name (click for home page) Program Period Current Location
1 Gopalan Sivathanu PhD Sep 2003 - May 2008 Software Engineer, Systems Infrastructure group, Google (Mountain View, CA)
2 Swapnil V. Patil MS May 2004 - Nov 2004 Carnegie-Mellon University CS Ph.D. program (Pittsburgh, PA)
3 Anand Kashyap temp-PhD May 2004 - Nov 2004 Stony Brook U. CS Ph.D. program (Stony Brook, NY)