Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

Using Independent Auditors as Intrusion Detection Systems

Summary: Using Independent Auditors
as Intrusion Detection Systems
Jesus Molina and William Arbaugh
Department of Computer Science
University of Maryland
20742 College Park, MD
Abstract. A basic method in computer security is to perform integrity
checks on the file system to detect the installation of malicious programs,
or the modification of sensitive files. Integrity tools to date rely on the
operating system to function correctly, so once the operating system
is compromised even a novice attacker can easily defeat these tools. A
novel way to overcome this problem is the use of an independent auditor,
which uses an out-of-band verification process that does not depend on
the underlying operating system. In this paper we present a definition of
independent auditors and a specific implementation of an independent
auditor using an embedded system attached to the PCI bus.
1 Introduction
Computer systems have been made increasingly secure over the past decades.
However, new attacks and the spread of harmful viruses have shown that bet-


Source: Arbaugh, William A. - Institute for Advanced Computer Studies & Department of Computer Science, University of Maryland at College Park


Collections: Computer Technologies and Information Sciences