One of the activities of most successful intruders of a computer system is to modify data on the victim,either to hide his/her presence and to destroy the evidence of the break-in, or to subvert the system completely and make it accessible for further abuse without triggering alarms. File integrity checking is one common method to mitigate the effects of successful intrusions by detecting the changes an intruder makes to files on a computer system. Historically file integrity checking has been implemented using tools that operate locally on a single system, which imposes quite some restrictions regardingmaintenance and scalability. Recent improvements for large scale environments have introduced trusted central servers which provide secure fingerprint storage and logging facilities, but such centralism presents some new shortcomings. This thesis describes an alternative, decentralised approach where peer-to-peer mechanisms are used to provide fingerprint storage for file integrity checking with more flexibility and scalability than offered by currently available systems. A research implementation has been developed to verify the approach as viable and practical, and experimental results obtained with that prototype are discussed.
|Date of Award||3 Feb 2007|
|Supervisor||Robert Barta (Supervisor)|