ABHIJIT PATHAK

1
FILE INTEGRITY CHECKER USING MOBILE AGENTS

• ABHIJIT PATHAK

2
Roadmap

• Introduction
• System Overview
• System Architecture
• Detailed Design
• Fault Tolerance
• Results
• Future Work

3
Introduction

• Inherent security threats in networking
• What is a file integrity checker ?
• Concept of mobile agents
• File Integrity checker with mobile Agents

4
System Overview

• Ajanta Mobile Agent Platform
• FileProc Agent and FileMon Agent
• Two Phase Operation of System
• Initialization Phase
• Monitoring Phase
• User Interface

5
System Architecture

• Ajanta Architecture Overview
• File Integrity Checker Architecture

6
File Integrity Checker Architecture
Host A
Host B
Host C
Agent Server
Agent Server
Agent Server
FM
FM
FM
Launching Host
Database
Launcher
FM
FP
FM File Monitor Agent FP File
Processor Agent
7
Design Alternatives

• Agent Carrying File signatures
• Agent Carrying File Names
• Implementation Decision Factors
• Avoid carrying signatures
• Lightweight Agents

8
Important Features

• Usability and Flexibility
• Creation of multiple Agent pairs
• Monitoring with various frequencies
• Catering to different monitoring attributes

9
Monitoring Options

• Host Based Settings
• Recursive monitoring of directories
• Non-recursive monitoring of directories
• Exclusion of files/directories
• File/Directory based settings
• Specifying various attributes

10
Configuration File

• hostnewton.cs.umn.edu
• /home/grad09/apathak/proj -a
• !/usr/lib/link_audit/64
• /usr/include -ab
• /dev -ai

11
Configuration Flags

• -a Ignore changes in last access time
• -m Ignore changes in last modification time
• -c Ignore changes in file creation time
• -i Ignore change in i-node information
• -u Ignore change in user id of file owner
• -g Ignore change in group id of file owner
• -s Ignore change in file size
• -b Ignore change in allocated disk blocks for
  file
• -p Ignore change in access permissions
• -h Ignore change in the file contents hash value

12
Launcher

• Extension of Agent Server
• Parsing the Configuration file and generating
  itinerary
• Creation and Launch of Agents
• User Interface thread
• Three Launching Modes
• Initialization and Monitoring
• Initialize only
• Monitor Only

13
Database Design

• Signature Tables
• File Attributes with hostnames
• Directory-file name mapping tables
• Event Table
• File Added Event
• File Deleted Event
• File Changed Event
• Report Generator tool

14
Fault Tolerance

• Failure of Agent Server
• Additional intelligence in Agents
• Failure of Agents
• User configurable timeout mechanism

15
Results

• The System is deployed on 15 hosts
• Average statistics per host
• Number of files 8830
• File size (in bytes) 20757
• Bytes sent per file 175
• Agent residency time Approx 8 minutes
• Type of files being monitored
• System Binaries
• System Libraries
• System Header files

16
Results

• The following scenarios were detected
  successfully
• Changing contents of log files by removing or
  adding single and/or multiple lines
• Changing owner information of file
• Moving files to and from various directories
• Replacing binary file with another file with same
  name and size

17
Results

• Removing entire directory recursively with all
  files in it
• Changing file deep in directory hierarchy for
  recursive monitoring mode
• Changing access times of the files by opening
  those without modifications

18
Future work

• Sensing the load on hosts before launching Agents
  
• Customizing Report Generating tool
• Integration of Launcher and Report Generation UI
• Porting System to various platforms including
  windows NT

19
Thank You