Evaluation Of Distributed File Integrity Analyzers In The Presence Of Tampering

In this paper, the Collaborative Object Notification Framework for Insider Defense using Autonomous Net-work Transactions (CONFIDANT) is evaluated in the presence of tampering. CONFIDANT\u27s mitigation capa-bilities are assessed and compared with conventional file integrity analyzers such as AIDE and tripwire. The po-tential of distributed techniques to address certain tam-pering modes such as Pacing, Altering Internal Data, and File Juggling are discussed. To assess capabili-ties, a variably-weighted tampering mode exposure metric scheme is developed and utilized. Results indicate a range of vulnerabilities for which mitigation techniques such as Encapsulation, Redundancy, Scrambling, and mandatory obsolescence can increase robustness against challenging exposures, including various insider tampering risks

Abstract Evaluation of Distributed File Integrity Analyzers in the Presence of Tampering ∗

Transactions (CONFIDANT) is evaluated in the presence of tampering. CONFIDANT’s mitigation capabilities are assessed and compared with conventional file integrity analyzers such as AIDE and tripwire. The potential of distributed techniques to address certain tampering modes such as Pacing, Altering Internal Data, and File Juggling are discussed. To assess capabilities, a variably-weighted tampering mode exposure metric scheme is developed and utilized. Results indicate a range of vulnerabilities for which mitigation techniques such as Encapsulation, Redundancy, Scrambling, and mandatory obsolescence can increase robustness against challengin