CFWatcher: A novel target-based real-time approach to monitor critical files using VMI

Dongyang Zhan, Lin Ye, Binxing Fang, Xiaojiang Du, Shen Su

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

10 Scopus citations

Abstract

Protecting critical files in file systems is very important to computer systems. To protect critical files, the VMI-based Real-time File-system Monitor tools are promising options. However, these tools are always operation-based and introduce high overhead. The operation-based approaches intercept some kind of file operation to monitor critical files. The selected file operation is intercepted by the monitor whenever it is being executed. As file operation are high-frequency, the operationbased methods always result in the high performance degradation. In this paper, we present a VMI-based low overhead real-time critical file monitor method, CFWatcher, to meet the performance requirements of real-time monitor tools. CFWatcher is a target-based monitor tool which means it only intercepts the file operations accessing the user-defined critical files, and then obtains enough information to check the rules. The overhead of CFWatcher is related to the frequency of the target being accessed. Besides monitoring critical files, CFWatcher can take actions to prevent the illegal access if there is any rule violation. We implemented the prototype of CFWatcher and then evaluated the performance. Experimental results show that the overhead of our approach is low.

Original languageEnglish
Title of host publication2016 IEEE International Conference on Communications, ICC 2016
ISBN (Electronic)9781479966646
DOIs
StatePublished - 12 Jul 2016
Event2016 IEEE International Conference on Communications, ICC 2016 - Kuala Lumpur, Malaysia
Duration: 22 May 201627 May 2016

Publication series

Name2016 IEEE International Conference on Communications, ICC 2016

Conference

Conference2016 IEEE International Conference on Communications, ICC 2016
Country/TerritoryMalaysia
CityKuala Lumpur
Period22/05/1627/05/16

Keywords

  • Critical file monitor
  • VMI
  • target-based method

Fingerprint

Dive into the research topics of 'CFWatcher: A novel target-based real-time approach to monitor critical files using VMI'. Together they form a unique fingerprint.

Cite this