摘要 |
A method for checking and tracing integrity in real-time by linking with a security kernel are provided to detect and manage a system call for changing a file in a kernel level in real-time, and check integrity of only the changed file or directory without checking all files included in an integrity checkup list. An integrity policy manager forms an integrity checkup list for important files/directories and an integrity checkup database including an integrity checkup value. A system call controller(104) filters only the system call related to access when the system call is generated by executing a command in an application. A file change detecting/tracing part(103) requests integrity checkup and audition/trace by detecting whether the file and the directory included in the integrity checkup list are generated, modified, or deleted. A user violating an integrity policy is audited and traced by checking the integrity of the changed file and directory.
|