CFWatcher: A novel target-based real-time approach to monitor critical files using VMI

Dongyang Zhan, Lin Ye, Binxing Fang, Xiaojiang Du, Shen Su
2016 2016 IEEE International Conference on Communications (ICC)  
Protecting critical files in file systems is very important to computer systems. To protect critical files, the VMIbased Real-time File-system Monitor tools are promising options. However, these tools are always operation-based and introduce high overhead. The operation-based approaches intercept some kind of file operation to monitor critical files. The selected file operation is intercepted by the monitor whenever it is being executed. As file operation are high-frequency, the operationbased
more » ... ethods always result in the high performance degradation. In this paper, we present a VMI-based low overhead real-time critical file monitor method, CFWatcher, to meet the performance requirements of real-time monitor tools. CFWatcher is a target-based monitor tool which means it only intercepts the file operations accessing the user-defined critical files, and then obtains enough information to check the rules. The overhead of CFWatcher is related to the frequency of the target being accessed. Besides monitoring critical files, CFWatcher can take actions to prevent the illegal access if there is any rule violation. We implemented the prototype of CFWatcher and then evaluated the performance. Experimental results show that the overhead of our approach is low.
doi:10.1109/icc.2016.7511200 dblp:conf/icc/ZhanYFDS16 fatcat:2bbvgq6lgrb2djtmatfen3a4aq