REsquared – Detecção e Recuperação de Intrusão com uso de Controle de Versão
Abstract
Current computer systems have a huge number of configurations that are hard to manage. The combinations of system configurations can impact on performance and behavior. From the moment that a system stops working correctly it is remarkable that something has changed. That is in common in software development, where changes made by the programmer may result in some features no longer working or the project not compiling anymore. Revision control systems can recover a previous state of the source code through revision mechanisms. Integrity checking is used to catch file modifications, however this technique does nothing toward recovering those files. This study proposes and implements an integrated architecture that combines integrity checking and restoring mechanisms. Tests were executed in order to measure the load imposed by the solution. In addition, analysis of two case studies shows the efficiency of the adopted solution.
References
Banikazemi, M., Poff, D., and Abali, B. (2005). Storage-based file system integrity checker. In StorageSS ’05: Proceedings of the 2005 ACM workshop on Storage security and survivability, pages 57–63, New York, NY, USA. ACM.
Berliner, B. and Prisma, I. (1990). CVS II: Parallelizing software development. In Proceedings of the USENIX Winter 1990 Technical Conference, volume 341, page 352.
Collin-sussman, B., Fitzpatrick, B. W., and Pilato, C. M. (2007). Version control with subversion. E-book http://svnbook.red-bean.com/.
Craig, W. D. and McNeal, P. M. (2003). Radmind: The integration of filesystem integrity checking with filesystem management. In LISA ’03: Proceedings of the 17th USENIX conference on System administration, pages 1–6, Berkeley, CA, USA. USENIX Association. X Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais 267
Feiler, P. (1991). Configuration management models in commercial environments. Technical Report CMU/SEI-91-TR-7 ESD-9-TR-7, Software Engineering Institute. Carnegie Mellon, University. Pittsburgh.
Gift, N. and Shand, A. (2009). Introduction to distributed version control systems. IBM Technical library [link].
Goel, A., Po, K., Farhadi, K., Li, Z., and de Lara, E. (2005). The taser intrusion recovery system. SIGOPS Oper. Syst. Rev., 39(5):163–176.
Kim, G. H. and Spafford, E. H. (1994). The design and implementation of tripwire: a file system integrity checker. In CCS ’94: Proceedings of the 2nd ACM Conference on Computer and communications security, pages 18–29, New York, NY, USA. ACM.
Osiris. Osiris: Host integrity management tool. In https://www.osiris.com.
O’Sullivan, B. (2007). Distributed revision control with Mercurial. Mercurial project.
Pennington, A. G., Strunk, J. D., Griffin, J. L., Soules, C. A. N., Goodson, G. R., and Ganger, G. R. (2003). Storage-based intrusion detection: watching storage activity for suspicious behavior. In SSYM’03: Proceedings of the 12th conference on USENIX Security Symposium, pages 10–10, Berkeley, CA, USA. USENIX Association.
Reed, J. (2003). File integrity with aide. www.iforkr.org/bri/presentations/aide.
Rochkind, M. J. (1975). The source code control system. IEEE Trans. Software Eng., 1(4):364–370.
Samhain, L. (2010). Samhain: File system integrity checker. http://samhain.sourceforge.net.
Shah, B. (2001). How to choose introduction detection solution. Whitepaper [link]. 334, SANS Institute.
Strunk, J. D., Goodson, G. R., Pennington, A. G., Craig, S. A. N., and Ganger, G. R. (2002). Intrusion detection, diagnosis, and recovery with self-securing storage. Technical report, School of Computer Science, Carnegie Mellon University, Pittsburgh. CMU-CS-02-140.
Suel, T. and Memon, N. (2002). Algorithms for delta compression and remote file synchronization. Lossless Compression Handbook, Academic Press, 2002.
Tichy, W. F. (1985). Rcs - a system for version control. Software, Practices and Experience, 15(7):637–654.
Wheeler, D. A. (2008). Free software (oss/fs) software configuration management (scm) / revision-control systems. Comments on Open Source Software.
Wiegley, J. (2008). Git from from the bottom up. E-book http://ftp.newartisans.com/pub/git.from.bottom.up.pdf.
