In-Kernel Integrity Checker and Intrusion Detection File System

Today, improving the security of computer systems has become an important and difficult problem. Attackers can cause serious damage to the integrity of a system. This makes attack detection complex and time-consuming for the system administrators. Current integrity checkers and IDSs are designed to operate as user-mode utilities and perform checks as scheduled. Such systems are ineffective in detecting attacks that happen between scheduled checks. Worse, user-level tools could be more easily compromised, if an attacker breaks into the system with administrator privileges. Our system, called I3FS, is an on-access intrusion detection file system that checks the integrity of the file system in real-time to contain the damage caused by incorrect system state, and immediately notify the administrator. I3FS is a stackable in-kernel file system that works independently of the underlying file system (e.g., Ext3, NFS). I3FS's design improves over the open-source Tripwire system by enhancing the scalability and ease of use for administrators.

Download software.

Conference and Workshop Papers:

#	Title (click for html version)	Formats	Published In	Date	Comments
1	Ensuring Data Integrity in Storage: Techniques and Applications	PS PDF BibTeX	First ACM International Workshop on Storage Security and Survivability (StorageSS 2005) held in conjunction with the 12th ACM CCS.	Nov 2005
2	I3FS: An In-Kernel Integrity Checker and Intrusion Detection File System	PS PDF BibTeX	Usenix Large Installation Systems Administration Conference (LISA 18)	Nov 2004

Current Students:

#	Name (click for home page)	Program	Member Since
1	Gopalan Sivathanu	PhD	Sep 2003

Past Students:

#	Name (click for home page)	Program	Period	Current Location
1	Anand Kashyap	PhD	May 2004 - Nov 2004	Stony Brook U. CS Ph.D. program (Stony Brook, NY)
2	Swapnil V. Patil	MS	May 2004 - Nov 2004	Carnegie-Mellon University CS Ph.D. program (Pittsburgh, PA)

(Last updated: Fri Aug 11 14:10:46 EDT 2006)