External integrity checking with invariants

Hiromasa Shimada, Tatsuo Nakajima

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    In order to enhance OS security, most of people use security patches to fix the vulnerabilities of the OS. However, the security patches may also incur vulnerabilities. These vulnerabilities are generated since most OSes has a lot of functionalities and their functionalities are very complex to manage the entire source code manually. Moreover, in order to use the security patch, rebooting the system is required. Some of systems such as enterprise servers and embedded systems cannot accept the rebooting. Therefore, we propose an external integrity checking system to enhance the OS security. The external integrity checking system and a target OS run on a hypervisor simultaneously, therefore, their operations do not affect each other. In addition, the integrity checking system is generated automatically with invariants. Therefore, the possibility of inserting vulnerabilities into the system is as small as possible, and the system can cover a lot of vulnerabilities.

    Original languageEnglish
    Title of host publicationProceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011
    Pages122-125
    Number of pages4
    Volume2
    DOIs
    Publication statusPublished - 2011
    Event1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Co-located with the 17th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2011 - Toyama
    Duration: 2011 Aug 282011 Aug 31

    Other

    Other1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Co-located with the 17th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2011
    CityToyama
    Period11/8/2811/8/31

    Fingerprint

    Embedded systems
    Computer systems
    Servers
    Industry

    ASJC Scopus subject areas

    • Computer Science Applications
    • Computer Networks and Communications

    Cite this

    Shimada, H., & Nakajima, T. (2011). External integrity checking with invariants. In Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011 (Vol. 2, pp. 122-125). [6029871] https://doi.org/10.1109/RTCSA.2011.52

    External integrity checking with invariants. / Shimada, Hiromasa; Nakajima, Tatsuo.

    Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011. Vol. 2 2011. p. 122-125 6029871.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Shimada, H & Nakajima, T 2011, External integrity checking with invariants. in Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011. vol. 2, 6029871, pp. 122-125, 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Co-located with the 17th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2011, Toyama, 11/8/28. https://doi.org/10.1109/RTCSA.2011.52
    Shimada H, Nakajima T. External integrity checking with invariants. In Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011. Vol. 2. 2011. p. 122-125. 6029871 https://doi.org/10.1109/RTCSA.2011.52
    Shimada, Hiromasa ; Nakajima, Tatsuo. / External integrity checking with invariants. Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011. Vol. 2 2011. pp. 122-125
    @inproceedings{f9a36b777463471da75089ed04c3617f,
    title = "External integrity checking with invariants",
    abstract = "In order to enhance OS security, most of people use security patches to fix the vulnerabilities of the OS. However, the security patches may also incur vulnerabilities. These vulnerabilities are generated since most OSes has a lot of functionalities and their functionalities are very complex to manage the entire source code manually. Moreover, in order to use the security patch, rebooting the system is required. Some of systems such as enterprise servers and embedded systems cannot accept the rebooting. Therefore, we propose an external integrity checking system to enhance the OS security. The external integrity checking system and a target OS run on a hypervisor simultaneously, therefore, their operations do not affect each other. In addition, the integrity checking system is generated automatically with invariants. Therefore, the possibility of inserting vulnerabilities into the system is as small as possible, and the system can cover a lot of vulnerabilities.",
    author = "Hiromasa Shimada and Tatsuo Nakajima",
    year = "2011",
    doi = "10.1109/RTCSA.2011.52",
    language = "English",
    isbn = "9780769545028",
    volume = "2",
    pages = "122--125",
    booktitle = "Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011",

    }

    TY - GEN

    T1 - External integrity checking with invariants

    AU - Shimada, Hiromasa

    AU - Nakajima, Tatsuo

    PY - 2011

    Y1 - 2011

    N2 - In order to enhance OS security, most of people use security patches to fix the vulnerabilities of the OS. However, the security patches may also incur vulnerabilities. These vulnerabilities are generated since most OSes has a lot of functionalities and their functionalities are very complex to manage the entire source code manually. Moreover, in order to use the security patch, rebooting the system is required. Some of systems such as enterprise servers and embedded systems cannot accept the rebooting. Therefore, we propose an external integrity checking system to enhance the OS security. The external integrity checking system and a target OS run on a hypervisor simultaneously, therefore, their operations do not affect each other. In addition, the integrity checking system is generated automatically with invariants. Therefore, the possibility of inserting vulnerabilities into the system is as small as possible, and the system can cover a lot of vulnerabilities.

    AB - In order to enhance OS security, most of people use security patches to fix the vulnerabilities of the OS. However, the security patches may also incur vulnerabilities. These vulnerabilities are generated since most OSes has a lot of functionalities and their functionalities are very complex to manage the entire source code manually. Moreover, in order to use the security patch, rebooting the system is required. Some of systems such as enterprise servers and embedded systems cannot accept the rebooting. Therefore, we propose an external integrity checking system to enhance the OS security. The external integrity checking system and a target OS run on a hypervisor simultaneously, therefore, their operations do not affect each other. In addition, the integrity checking system is generated automatically with invariants. Therefore, the possibility of inserting vulnerabilities into the system is as small as possible, and the system can cover a lot of vulnerabilities.

    UR - http://www.scopus.com/inward/record.url?scp=84855520702&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84855520702&partnerID=8YFLogxK

    U2 - 10.1109/RTCSA.2011.52

    DO - 10.1109/RTCSA.2011.52

    M3 - Conference contribution

    SN - 9780769545028

    VL - 2

    SP - 122

    EP - 125

    BT - Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011

    ER -