Sciweavers

Share
IJNSEC
2007

Evaluation of Distributed File Integrity Analyzers in the Presence of Tampering

9 years 10 months ago
Evaluation of Distributed File Integrity Analyzers in the Presence of Tampering
In this paper, the Collaborative Object Notification Framework for Insider Defense using Autonomous Network Transactions (CONFIDANT) is evaluated in the presence of tampering. CONFIDANT’s mitigation capabilities are assessed and compared with conventional file integrity analyzers such as AIDE and tripwire. The potential of distributed techniques to address certain tampering modes such as Pacing, Altering Internal Data, and File Juggling are discussed. To assess capabilities, a variably-weighted tampering mode exposure metric scheme is developed and utilized. Results indicate a range of vulnerabilities for which mitigation techniques such as Encapsulation, Redundancy, Scrambling, and mandatory obsolescence can increase robustness against challenging exposures, including various insider tampering risks.
Adam J. Rocke, Ronald F. DeMara, Simon Foo
Added 15 Dec 2010
Updated 15 Dec 2010
Type Journal
Year 2007
Where IJNSEC
Authors Adam J. Rocke, Ronald F. DeMara, Simon Foo
Comments (0)
books