Jae-Kook Lee and Hyong-Shik Kim
Chungnam National University, Dept. of Computer Science
220 Gung-dong, Yuseong-gu, Daejeon, 305-764 Korea
emails: {empire, hskim}@cs.cnu.ac.kr
Security solutions such as IDS and Firewall have been suggested to protect file systems from hacker's operations of modifying, appending and deleting files.
However, those solutions could not handle newly emerging attacks. One of the possible solutions working even with the attacks is to provide the recovery function on the file system. The simplest one is just to duplicate all the contents on file basis. However it does not only require much space, but also provide the limited information on the original contents, in worst case.
This thesis proposes a novel recovery system that can keep the previous contents of designated files as a chain of logs. Whenever a designated file is modified (or deleted), a log will be created automatically and kept in case it is necessary. Furthermore, the system purges the log in order to maintain the size of chained logs within a reasonable volume. Both the time and user information recoded with a log will be used for damage assessment of individual files. Recovery function will look through a chain of logs associated with the file and replace damaged blocks with old ones. According to the measurement on actual system, the overhead of maintaining logs is found to be as low as 86.7%.
With new data structures as well as operations, it will be able to significantly reduce the overhead.