Integrity Through Mediated Interfaces
Final technical rept. Jun 1999-Dec 2003
UNIVERSITY OF SOUTHERN CALIFORNIA MARINA DEL REY INFORMATION SCIENCES INST
Pagination or Media Count:
We created an Integrity Manager that monitors and records the tools i.e. programs, and operations within those tools, being applied to integrity-marked data sets to provide an end-to-end audit record of all the transformations performed on the data set. This operation level audit record can be used off-line for attribution who made a specific change and when did it occur and on-line for authorization who andor which tools are allowed to make particular types of changes to an integrity-marked data set. We also use this transaction history to recreate corrupted data sets by replaying the recorded sequence of data set modifications. We also developed a wrapper that monitors the run-time behavior of opened email attachments to ensure that these processes dont do anything harmful. It does so by detecting violations of process-specific rules establishing the acceptable and safe behavior of these processes relative to four resources the file system, the system registry, inter- host communication, and process spawning. When attempted violations are detected, the user is notified, informed of the severity of the violation, and determines whether to allow or prohibit the offending operation. The violation, the users response, and the initiating email and attachment, obtained from the email client, are logged.
- Computer Systems Management and Standards