Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC

Filters

1
1
1
Reset filters

Settings
Now showing 1 - 1 of 1
  • Publication
    Active File Integrity Monitoring using Paravirtualized Filesystems
    ( 2013)
    Velten, Michael
    ;
    Wessel, Sascha
    ;
    Stumpf, Frederic
    ;
    Eckert, Claudia
    Monitoring file integrity and preventing illegal modifications is a crucial part of improving system security. Unfortunately, current research focusing on isolating monitoring components from supervised systems can often still be thwarted by tampering with the hooks placed inside of Virtual Machines (VMs), thus resulting in critical file operations not being noticed. In this paper, we present an approach of relocating a supervised VM's entire filesystem into the isolated realm of the host. This way, we can enforce that all file operations originating from a VM (e.g., read and write operations) must necessarily be routed through the hypervisor, and thus can be tracked and even be prevented. Disabling hooks in the VM then becomes pointless as this would render a VM incapable of accessing or manipulating its own filesystem. This guarantees secure and complete active file integrity monitoring of VMs. The experimental results of our prototype implementation show the feasibility of our approach.