NOPFIT: File System Integrity Tool for Virtual Machine Using Multi-byte NOP Injection

Kim, Jung-Han; Kim, Inhyuk; Eom, Young Ik

doi:10.1109/iccsa.2010.79

Cited by 6 publications

(8 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…al. suggest a multi-byte NOP injection with a FIT is to provide an increased performance threshold for file integrity monitoring [11]. The authors argue that traditional FIT infrastructures installed must first have security polices predefined with a lower performance threshold due to the amount of time it takes to intercept system-calls.…”

Section: Virtual Machines Fim 1) Multi-byte No-operation (Nop) Injmentioning

confidence: 98%

“…Also, a Kernel object parser is used to determine when there has been any stack-pointer changes within the current kernel, and is also used to monitor activity. Finally two different FIT implementations (NOPFIT and INT3FIT) were compared and results indicated that the NOPFIT took approximately 900 ms less than the INT3FIT utilization [11].…”

Section: Virtual Machines Fim 1) Multi-byte No-operation (Nop) Injmentioning

confidence: 99%

“…This is a debugger which stores a breakpoint into a temporary area [11]. The code is then monitored using the gcc compiler for NOP instruction.…”

Section: Virtual Machines Fim 1) Multi-byte No-operation (Nop) Injmentioning

confidence: 99%

“…The code is then monitored using the gcc compiler for NOP instruction. The lguest process thread is used to obtain information about the breakpoints, apply security policies, and gather NOPFIT processes [11]. Also, a Kernel object parser is used to determine when there has been any stack-pointer changes within the current kernel, and is also used to monitor activity.…”

Section: Virtual Machines Fim 1) Multi-byte No-operation (Nop) Injmentioning

confidence: 99%

See 3 more Smart Citations

Comparison of File Integrity Monitoring (FIM) techniques for small business networks

Wilbert

Chen

2014

Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT)

View full text Add to dashboard Cite

File Integrity Monitoring (FIM) can provide the ability to track changes which have been made to an operating system or software as a result of malicious behavior. For small business environments, the need for these tools is present; however, because of the difficulty of managing such software many businesses may ignore using them. This paper will discuss how a small business should create criteria for comparing file integrity monitoring tools in order to locate the most effective product for their environment.

show abstract

Section: Virtual Machines Fim 1) Multi-byte No-operation (Nop) Injmentioning

confidence: 98%

Section: Virtual Machines Fim 1) Multi-byte No-operation (Nop) Injmentioning

confidence: 99%

“…This is a debugger which stores a breakpoint into a temporary area [11]. The code is then monitored using the gcc compiler for NOP instruction.…”

Section: Virtual Machines Fim 1) Multi-byte No-operation (Nop) Injmentioning

confidence: 99%

Section: Virtual Machines Fim 1) Multi-byte No-operation (Nop) Injmentioning

confidence: 99%

See 2 more Smart Citations

Comparison of File Integrity Monitoring (FIM) techniques for small business networks

Wilbert

Chen

2014

Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT)

View full text Add to dashboard Cite

show abstract

“…For that reason, file system integrity must be continuously ensured, especially in the context of multitenant cloud services. Several file system integrity tools are already developed and allow administrators to automatically detect system changes and malicious file modifications [28]. However, the concept of file system integrity validation has to be adjusted for virtualized cloud environments.…”

Section: Intrusion Anomaly and Behavior Of Malware Detectionmentioning

confidence: 99%

What is Really Going On at Your Cloud Service Provider? Creating Trustworthy Certifications by Continuous Auditing

Lins

Thiebes

Schneider

et al. 2015

2015 48th Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Cloud service certifications attempt to assure a high level of security and compliance. However, considering that cloud services are part of an everchanging environment, multi-year validity periods may put in doubt the reliability of such certifications. We argue that continuous auditing of selected certification criteria is required to assure continuously reliable and secure cloud services and thereby increase the trustworthiness of certifications. Continuous auditing of cloud services is still in its infancy, thus, we performed a systematic literature review to identify automated auditing methods that are applicable in the context of cloud computing. Our study yields a set of automated methods for continuous auditing in six clusters. We discuss the identified methods in terms of their applicability to address major concerns about cloud computing and how the methods can aid to continuously audit cloud environments. We thereby provide paths for future research to implement continuous auditing in cloud service contexts.

show abstract

File integrity monitoring tools: Issues, challenges, and solutions

Peddoju

Upadhyay

Lagos

2020

Concurrency and Computation

View full text Add to dashboard Cite

Ensuring integrity of sensitive files in file systems is imperative to computer systems. The vast majority of attacks work through unapproved or unauthorized access to sensitive files to take secret data like secret keys, passwords, credit card numbers, and so on. After that, attackers generally conceal their traces by subverting critical files like system logs. File system integrity monitoring is a well-known way to deal with ensuring integrity of sensitive and critical files. The file system is at the heart of any computing system as it stores the data and executable programs. Malicious users or malwares might change the content of a sensitive data file or insert malicious payload in an executable. Hence, monitoring the integrity of the files in the file system is of utmost importance. Significant research work has been done on file integrity monitoring tools. This article presents the currently available tools for file integrity monitoring and their underlying approaches. K E Y W O R D S file integrity monitoring, malware, security, tools, virtualization 1 INTRODUCTION Every modern operating system is backed by a nonvolatile storage system which stores kernel and program executables and other data files including program logs, configurations, and user defined data. Integrity of these files is important for the seamless operation of a system or business. A malicious attacker can modify the content of a file to perform various malicious activities. For example, corrupting a database configuration could result in failure of a database server. Injecting malicious code in an executable could cause erratic behavior during execution. This kind of malicious activities has already been reported by many users. 1 Furthermore, current rapid progression of ransomwares 2 is compromising integrity of sensitive data in large scale. Many business owners, including large private/public organizations, have paid thousands of dollars as ransom. 3 A secured software solution can be useful for early detection of irregular file modification. File Integrity Monitoring (FIM) is an internal control or procedure that performs and demonstrates integrity of files related to the operating system and application software. It compares and verifies the current state and baseline of files. This examination technique regularly includes computing a known cryptographic checksum of the file's original baseline and contrasting that with the present condition of the file. There should be a check on other attributes such as file size, version, modified by, creation date, modified date, IO operations, and cache operations of file to maintain or observe integrity of file. Apart from this, we should also check credentials, privileges and security settings, hash values, and configuration values. Traditionally, file integrity tools (FITs) are used to detect unauthorized file operations in a system. FITs are some software that can monitor file access in a system and trigger appropriate warnings. Much research has been done on file monitoring tools, which di...

show abstract

NOPFIT: File System Integrity Tool for Virtual Machine Using Multi-byte NOP Injection

Cited by 6 publications

References 7 publications

Comparison of File Integrity Monitoring (FIM) techniques for small business networks

Comparison of File Integrity Monitoring (FIM) techniques for small business networks

What is Really Going On at Your Cloud Service Provider? Creating Trustworthy Certifications by Continuous Auditing

File integrity monitoring tools: Issues, challenges, and solutions

Contact Info

Product

Resources

About