Hardware-based Computer Security System
Small Business Information
Cybernet Systems Corporation
727 Airport Boulevard, Ann Arbor, MI, 48108-1639
AbstractRootkits are programs that hide pieces of software from the operating system. Rootkits replace or modify intrusion and system status applications, falsely reporting a clean system, when in fact the system has been compromised. A recent McAfee article stated rootkit infections for Windowsbased PCs were up 700% for first quarter 2006, and this trend is expected to continue. A compromised system cannot audit itself; our solution relies on a PCIExpress addon card running Linux that can monitor file accesses, prevent designated sectors modification, and can scan physical memory. This card provides a physically isolated process that monitors the host system, making it impossible for a rootkit to hide completely on the host. The card also logs forensic information and monitors network traffic to scan for malicious behavior. Software developed for our Phase I feasibility study demonstrated that our key components, file hashing and memory scanning, are capable of detecting current and expected rootkit technologies.Another component allows enterprise administration and information gathering across large organizations, and aggregates periodic information snapshots for security auditing and forensics. Requiring physical USB port access for configuration is an option.A bootable CDROM rootkit detection and repair tool for Windows would be a valuable spinoff.
* information listed above is at the time of submission.