External integrity checking with invariants

Hiromasa Shimada, Tatsuo Nakajima

    研究成果: Conference contribution

    抄録

    In order to enhance OS security, most of people use security patches to fix the vulnerabilities of the OS. However, the security patches may also incur vulnerabilities. These vulnerabilities are generated since most OSes has a lot of functionalities and their functionalities are very complex to manage the entire source code manually. Moreover, in order to use the security patch, rebooting the system is required. Some of systems such as enterprise servers and embedded systems cannot accept the rebooting. Therefore, we propose an external integrity checking system to enhance the OS security. The external integrity checking system and a target OS run on a hypervisor simultaneously, therefore, their operations do not affect each other. In addition, the integrity checking system is generated automatically with invariants. Therefore, the possibility of inserting vulnerabilities into the system is as small as possible, and the system can cover a lot of vulnerabilities.

    元の言語English
    ホスト出版物のタイトルProceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011
    ページ122-125
    ページ数4
    2
    DOI
    出版物ステータスPublished - 2011
    イベント1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Co-located with the 17th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2011 - Toyama
    継続期間: 2011 8 282011 8 31

    Other

    Other1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Co-located with the 17th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2011
    Toyama
    期間11/8/2811/8/31

    Fingerprint

    Embedded systems
    Computer systems
    Servers
    Industry

    ASJC Scopus subject areas

    • Computer Science Applications
    • Computer Networks and Communications

    これを引用

    Shimada, H., & Nakajima, T. (2011). External integrity checking with invariants. : Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011 (巻 2, pp. 122-125). [6029871] https://doi.org/10.1109/RTCSA.2011.52

    External integrity checking with invariants. / Shimada, Hiromasa; Nakajima, Tatsuo.

    Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011. 巻 2 2011. p. 122-125 6029871.

    研究成果: Conference contribution

    Shimada, H & Nakajima, T 2011, External integrity checking with invariants. : Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011. 巻. 2, 6029871, pp. 122-125, 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Co-located with the 17th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2011, Toyama, 11/8/28. https://doi.org/10.1109/RTCSA.2011.52
    Shimada H, Nakajima T. External integrity checking with invariants. : Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011. 巻 2. 2011. p. 122-125. 6029871 https://doi.org/10.1109/RTCSA.2011.52
    Shimada, Hiromasa ; Nakajima, Tatsuo. / External integrity checking with invariants. Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011. 巻 2 2011. pp. 122-125
    @inproceedings{f9a36b777463471da75089ed04c3617f,
    title = "External integrity checking with invariants",
    abstract = "In order to enhance OS security, most of people use security patches to fix the vulnerabilities of the OS. However, the security patches may also incur vulnerabilities. These vulnerabilities are generated since most OSes has a lot of functionalities and their functionalities are very complex to manage the entire source code manually. Moreover, in order to use the security patch, rebooting the system is required. Some of systems such as enterprise servers and embedded systems cannot accept the rebooting. Therefore, we propose an external integrity checking system to enhance the OS security. The external integrity checking system and a target OS run on a hypervisor simultaneously, therefore, their operations do not affect each other. In addition, the integrity checking system is generated automatically with invariants. Therefore, the possibility of inserting vulnerabilities into the system is as small as possible, and the system can cover a lot of vulnerabilities.",
    author = "Hiromasa Shimada and Tatsuo Nakajima",
    year = "2011",
    doi = "10.1109/RTCSA.2011.52",
    language = "English",
    isbn = "9780769545028",
    volume = "2",
    pages = "122--125",
    booktitle = "Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011",

    }

    TY - GEN

    T1 - External integrity checking with invariants

    AU - Shimada, Hiromasa

    AU - Nakajima, Tatsuo

    PY - 2011

    Y1 - 2011

    N2 - In order to enhance OS security, most of people use security patches to fix the vulnerabilities of the OS. However, the security patches may also incur vulnerabilities. These vulnerabilities are generated since most OSes has a lot of functionalities and their functionalities are very complex to manage the entire source code manually. Moreover, in order to use the security patch, rebooting the system is required. Some of systems such as enterprise servers and embedded systems cannot accept the rebooting. Therefore, we propose an external integrity checking system to enhance the OS security. The external integrity checking system and a target OS run on a hypervisor simultaneously, therefore, their operations do not affect each other. In addition, the integrity checking system is generated automatically with invariants. Therefore, the possibility of inserting vulnerabilities into the system is as small as possible, and the system can cover a lot of vulnerabilities.

    AB - In order to enhance OS security, most of people use security patches to fix the vulnerabilities of the OS. However, the security patches may also incur vulnerabilities. These vulnerabilities are generated since most OSes has a lot of functionalities and their functionalities are very complex to manage the entire source code manually. Moreover, in order to use the security patch, rebooting the system is required. Some of systems such as enterprise servers and embedded systems cannot accept the rebooting. Therefore, we propose an external integrity checking system to enhance the OS security. The external integrity checking system and a target OS run on a hypervisor simultaneously, therefore, their operations do not affect each other. In addition, the integrity checking system is generated automatically with invariants. Therefore, the possibility of inserting vulnerabilities into the system is as small as possible, and the system can cover a lot of vulnerabilities.

    UR - http://www.scopus.com/inward/record.url?scp=84855520702&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84855520702&partnerID=8YFLogxK

    U2 - 10.1109/RTCSA.2011.52

    DO - 10.1109/RTCSA.2011.52

    M3 - Conference contribution

    AN - SCOPUS:84855520702

    SN - 9780769545028

    VL - 2

    SP - 122

    EP - 125

    BT - Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011

    ER -