Integrity Through Mediated Interfaces
Abstract
We created an Integrity Manager that monitors and records the tools (i.e. programs), and operations within those tools, being applied to integrity-marked data sets to provide an end-to-end audit record of all the transformations performed on the data set. This operation level audit record can be used off-line for attribution (who made a specific change and when did it occur) and on-line for authorization (who and/or which tools are allowed to make particular types of changes to an integrity-marked data set). We also use this transaction history to recreate corrupted data sets by replaying the recorded sequence of data set modifications. We also developed a wrapper that monitors the run-time behavior of opened email attachments to ensure that these processes don't do anything harmful. It does so by detecting violations of process-specific rules establishing the acceptable (and safe) behavior of these processes relative to four resources: the file system, the system registry, inter- host communication, and process spawning. When attempted violations are detected, the user is notified, informed of the severity of the violation, and determines whether to allow or prohibit the offending operation. The violation, the user's response, and the initiating email and attachment, obtained from the email client, are logged.
Document Details
- Document Type
- Technical Report
- Publication Date
- Dec 01, 2004
- Accession Number
- ADA429810
Entities
People
- Robert Balzer
Organizations
- University of Southern California