Providing a way to check the integrity of information stored in an unreliable medium is a prime necessity in the field of secure storage systems. Also in operating systems like Unix that allow a user to bypass the file system to access the raw disk, integrity checks not only detect data corruption, but also track malicious attacks. Checksumming is a common way of ensuring data integrity. Checksums that are generated using cryptographic hash functions prevent unauthorized users from generating custom checksums to match the malicious data modification that they have made. This report discusses the various design choices in file system checksumming and describes an implementation using an in-kernel database in a stackable encryption file system. 1

Each file on an NFS server is uniquely identified by a persistent file handle that is used whenever a client performs any NFS operation. NFS file handles reveal significant amounts of information about the server. If attackers can sniff the file handle, then they may be able to obtain useful information. For example, the encoding used by a file handle indicates which operating system the server is running. The fields of the file handle contain information such as the date that the file system was created—often the same time that the OS was installed. Since an NFS file handle contains relatively little random data, it is not difficult to guess. If attackers can guess a file handle, then they can bypass the normal mounting procedures. This allows an attacker to access data without appropriate accounting and logging. We have analyzed file handles on three common server operating systems: Linux, FreeBSD, and Solaris. Each one of them suffers from deficiencies when constructing file handles. We have modified the NFS server on Linux to use only randomly-generated file handles over the network. This makes it more difficult for an attacker to guess a file handle, or from utilizing information contained within a file handle. To persistently store file handles we use an in-kernel port of Berkeley DB. Our performance evaluation shows an acceptable overhead. 1

Today, improving the security of computer systems has become an important and difficult problem. Attackers can seriously damage the integrity of systems. Attack detection is complex and time-consuming for system administrators, and it is becoming more so. Current integrity checkers and IDSs operate as user-mode utilities and they primarily perform scheduled checks. Such systems are less effective in detecting attacks that happen between scheduled checks. These user tools can be easily compromised if an attacker breaks into the system with administrator privileges. Moreover, these tools result in significant performance degradation during the checks. Our system, called I 3 FS, is an on-access integrity checking file system that compares the checksums of files in real-time. It uses cryptographic checksums to detect unauthorized modifications to files and performs necessary actions as configured. I 3 FS is a stackable file system which can be mounted over any underlying file system (like Ext3 or NFS). I 3 FS’s design improves over the open-source Tripwire system by enhancing the functionality, performance, scalability, and ease of use for administrators. We built a prototype of I 3 FS in Linux. Our performance evaluation shows an overhead of just 4 % for normal user workloads.

Unlike the numerous tools that exist for identifying when documents have changed, the AT&T Internet Difference Engine (aide) identifies how they have changed. Also, because it archives past versions of pages, it provides the ability to see the evolution of pages being tracked, or to see changes across a set of related pages at the same points in time. Finally, Webguide (the Web Graphical User Interface to a Difference Engine) provides a graphical front-end to aide that enables users to see changes to many documents at once. This paper reports some experiences with aide. It discusses the evolution of the system, its current state, and future plans. It also raises some sociological and legal issues. 1 Introduction The World Wide Web (www) is a medium for the dissemination of many kinds of information, changing at different rates and in different ways. While only a limited number of pages may be of interest to an individual, the total number of pages one might pay attention to tends to i...

Abstract not found

Abstract not found

This paper presents a syntactic lexicon for English that was originally derived from the Oxford Advanced Learner's Dictionary and the Oxford Dictionary of Current Idiomatic English, and then modified and augmented by hand. There are more than 37,000 syntactic entries from all 8 parts of speech. An X-windows based tool is available for maintaining the lexicon and performing searches. C and Lisp hooks are also available so that the lexicon can be easily utilized by parsers and other programs. 1 Introduction One of the central needs of any wide-coverage parser is a large lexicon that contains the syntactic information for various lexical items. The creation of such a lexicon has traditionally been a very large and daunting task and most universities have shied away from it, leaving the creation of wide-coverage parsers to commercial institutions that could afford the time and personnel to devote to the creation of such a lexicon. The release of several machinereadable dictionaries (MRDs)...

Abstract not found

Recently a new generation of P2P systems, offering distributed hash table (DHT) functionality, have been proposed. These systems greatly improve the scalability and exact-match accuracy of P2P systems, but offer only the exact-match query facility. This paper outlines a research agenda for building complex query facilities on top of these DHT-based P2P systems. We describe the issues involved and outline our research plan and current status. 1

Abstract not found