A file integrity checking system to detect and recover from program modification attacks in multi-user computer systems


The purpose of this paper is to identify and contend with the threat of program modification attacks such as computer viruses. A system that detects the presence of a virus is presented. The system is also capable of taking its own automatic countermeasures. The security system is "a posteriori" because it detects viruses only after an infection has occurred. A method to immunize the security system from viral infection is also presented. The a posteriori security system is intended to complement the existing security access controls of a computer system. © 1990.

Publication Title

Computers and Security