TY - GEN
T1 - CFWatcher
T2 - 2016 IEEE International Conference on Communications, ICC 2016
AU - Zhan, Dongyang
AU - Ye, Lin
AU - Fang, Binxing
AU - Du, Xiaojiang
AU - Su, Shen
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/7/12
Y1 - 2016/7/12
N2 - Protecting critical files in file systems is very important to computer systems. To protect critical files, the VMI-based Real-time File-system Monitor tools are promising options. However, these tools are always operation-based and introduce high overhead. The operation-based approaches intercept some kind of file operation to monitor critical files. The selected file operation is intercepted by the monitor whenever it is being executed. As file operation are high-frequency, the operationbased methods always result in the high performance degradation. In this paper, we present a VMI-based low overhead real-time critical file monitor method, CFWatcher, to meet the performance requirements of real-time monitor tools. CFWatcher is a target-based monitor tool which means it only intercepts the file operations accessing the user-defined critical files, and then obtains enough information to check the rules. The overhead of CFWatcher is related to the frequency of the target being accessed. Besides monitoring critical files, CFWatcher can take actions to prevent the illegal access if there is any rule violation. We implemented the prototype of CFWatcher and then evaluated the performance. Experimental results show that the overhead of our approach is low.
AB - Protecting critical files in file systems is very important to computer systems. To protect critical files, the VMI-based Real-time File-system Monitor tools are promising options. However, these tools are always operation-based and introduce high overhead. The operation-based approaches intercept some kind of file operation to monitor critical files. The selected file operation is intercepted by the monitor whenever it is being executed. As file operation are high-frequency, the operationbased methods always result in the high performance degradation. In this paper, we present a VMI-based low overhead real-time critical file monitor method, CFWatcher, to meet the performance requirements of real-time monitor tools. CFWatcher is a target-based monitor tool which means it only intercepts the file operations accessing the user-defined critical files, and then obtains enough information to check the rules. The overhead of CFWatcher is related to the frequency of the target being accessed. Besides monitoring critical files, CFWatcher can take actions to prevent the illegal access if there is any rule violation. We implemented the prototype of CFWatcher and then evaluated the performance. Experimental results show that the overhead of our approach is low.
KW - Critical file monitor
KW - VMI
KW - target-based method
UR - http://www.scopus.com/inward/record.url?scp=84981298049&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84981298049&partnerID=8YFLogxK
U2 - 10.1109/ICC.2016.7511200
DO - 10.1109/ICC.2016.7511200
M3 - Conference contribution
AN - SCOPUS:84981298049
T3 - 2016 IEEE International Conference on Communications, ICC 2016
BT - 2016 IEEE International Conference on Communications, ICC 2016
Y2 - 22 May 2016 through 27 May 2016
ER -