External integrity checking with invariants

Hiromasa Shimada; Tatsuo Nakajima

doi:10.1109/RTCSA.2011.52

External integrity checking with invariants

Hiromasa Shimada^*, Tatsuo Nakajima

^*Corresponding author for this work

School of Fundamental Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

In order to enhance OS security, most of people use security patches to fix the vulnerabilities of the OS. However, the security patches may also incur vulnerabilities. These vulnerabilities are generated since most OSes has a lot of functionalities and their functionalities are very complex to manage the entire source code manually. Moreover, in order to use the security patch, rebooting the system is required. Some of systems such as enterprise servers and embedded systems cannot accept the rebooting. Therefore, we propose an external integrity checking system to enhance the OS security. The external integrity checking system and a target OS run on a hypervisor simultaneously, therefore, their operations do not affect each other. In addition, the integrity checking system is generated automatically with invariants. Therefore, the possibility of inserting vulnerabilities into the system is as small as possible, and the system can cover a lot of vulnerabilities.

Original language	English
Title of host publication	Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011
Pages	122-125
Number of pages	4
DOIs	https://doi.org/10.1109/RTCSA.2011.52
Publication status	Published - 2011 Dec 1
Event	1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Co-located with the 17th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2011 - Toyama, Japan Duration: 2011 Aug 28 → 2011 Aug 31

Publication series

Name	Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011
Volume	2

Conference

Conference	1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Co-located with the 17th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2011
Country/Territory	Japan
City	Toyama
Period	11/8/28 → 11/8/31

ASJC Scopus subject areas

Computer Science Applications
Computer Networks and Communications

Access to Document

10.1109/RTCSA.2011.52

Cite this

Shimada, H., & Nakajima, T. (2011). External integrity checking with invariants. In Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011 (pp. 122-125). Article 6029871 (Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011; Vol. 2). https://doi.org/10.1109/RTCSA.2011.52

External integrity checking with invariants. / Shimada, Hiromasa; Nakajima, Tatsuo.
Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011. 2011. p. 122-125 6029871 (Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011; Vol. 2).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Shimada, H & Nakajima, T 2011, External integrity checking with invariants. in Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011., 6029871, Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011, vol. 2, pp. 122-125, 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Co-located with the 17th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2011, Toyama, Japan, 11/8/28. https://doi.org/10.1109/RTCSA.2011.52

Shimada H, Nakajima T. External integrity checking with invariants. In Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011. 2011. p. 122-125. 6029871. (Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011). doi: 10.1109/RTCSA.2011.52

Shimada, Hiromasa ; Nakajima, Tatsuo. / External integrity checking with invariants. Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011. 2011. pp. 122-125 (Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011).

@inproceedings{f9a36b777463471da75089ed04c3617f,

title = "External integrity checking with invariants",

abstract = "In order to enhance OS security, most of people use security patches to fix the vulnerabilities of the OS. However, the security patches may also incur vulnerabilities. These vulnerabilities are generated since most OSes has a lot of functionalities and their functionalities are very complex to manage the entire source code manually. Moreover, in order to use the security patch, rebooting the system is required. Some of systems such as enterprise servers and embedded systems cannot accept the rebooting. Therefore, we propose an external integrity checking system to enhance the OS security. The external integrity checking system and a target OS run on a hypervisor simultaneously, therefore, their operations do not affect each other. In addition, the integrity checking system is generated automatically with invariants. Therefore, the possibility of inserting vulnerabilities into the system is as small as possible, and the system can cover a lot of vulnerabilities.",

author = "Hiromasa Shimada and Tatsuo Nakajima",

year = "2011",

month = dec,

day = "1",

doi = "10.1109/RTCSA.2011.52",

language = "English",

isbn = "9780769545028",

series = "Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011",

pages = "122--125",

booktitle = "Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011",

note = "1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Co-located with the 17th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2011 ; Conference date: 28-08-2011 Through 31-08-2011",

}

TY - GEN

T1 - External integrity checking with invariants

AU - Shimada, Hiromasa

AU - Nakajima, Tatsuo

PY - 2011/12/1

Y1 - 2011/12/1

N2 - In order to enhance OS security, most of people use security patches to fix the vulnerabilities of the OS. However, the security patches may also incur vulnerabilities. These vulnerabilities are generated since most OSes has a lot of functionalities and their functionalities are very complex to manage the entire source code manually. Moreover, in order to use the security patch, rebooting the system is required. Some of systems such as enterprise servers and embedded systems cannot accept the rebooting. Therefore, we propose an external integrity checking system to enhance the OS security. The external integrity checking system and a target OS run on a hypervisor simultaneously, therefore, their operations do not affect each other. In addition, the integrity checking system is generated automatically with invariants. Therefore, the possibility of inserting vulnerabilities into the system is as small as possible, and the system can cover a lot of vulnerabilities.

AB - In order to enhance OS security, most of people use security patches to fix the vulnerabilities of the OS. However, the security patches may also incur vulnerabilities. These vulnerabilities are generated since most OSes has a lot of functionalities and their functionalities are very complex to manage the entire source code manually. Moreover, in order to use the security patch, rebooting the system is required. Some of systems such as enterprise servers and embedded systems cannot accept the rebooting. Therefore, we propose an external integrity checking system to enhance the OS security. The external integrity checking system and a target OS run on a hypervisor simultaneously, therefore, their operations do not affect each other. In addition, the integrity checking system is generated automatically with invariants. Therefore, the possibility of inserting vulnerabilities into the system is as small as possible, and the system can cover a lot of vulnerabilities.

UR - http://www.scopus.com/inward/record.url?scp=84855520702&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84855520702&partnerID=8YFLogxK

U2 - 10.1109/RTCSA.2011.52

DO - 10.1109/RTCSA.2011.52

M3 - Conference contribution

AN - SCOPUS:84855520702

SN - 9780769545028

T3 - Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011

SP - 122

EP - 125

BT - Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011

T2 - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Co-located with the 17th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2011

Y2 - 28 August 2011 through 31 August 2011

ER -

External integrity checking with invariants

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this