POSTER: Hidden in Plain Sight: A Filesystem for Data Integrity and Confidentiality
Title | POSTER: Hidden in Plain Sight: A Filesystem for Data Integrity and Confidentiality |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Kohlbrenner, Anne, Araujo, Frederico, Taylor, Teryl, Stoecklin, Marc Ph. |
Conference Name | Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-4946-8 |
Keywords | composability, cyber deception, filesystems, intrusion detection and prevention, Metrics, pubcrawl, ransomware, resilience, Resiliency |
Abstract | A filesystem capable of curtailing data theft and ensuring file integrity protection through deception is introduced and evaluated. The deceptive filesystem transparently creates multiple levels of stacking to protect the base filesystem and monitor file accesses, hide and redact sensitive files with baits, and inject decoys onto fake system views purveyed to untrusted subjects, all while maintaining a pristine state to legitimate processes. Our prototype implementation leverages a kernel hot-patch to seamlessly integrate the new filesystem module into live and existing environments. We demonstrate the utility of our approach with a use case on the nefarious Erebus ransomware. We also show that the filesystem adds no I/O overhead for legitimate users. |
URL | https://dl.acm.org/citation.cfm?doid=3133956.3138841 |
DOI | 10.1145/3133956.3138841 |
Citation Key | kohlbrenner_poster:_2017 |