Recent rootkit-attack mitigation work neglected to address the integrity of the mitigation tool itself. Both detection and prevention arms of current rootkit-attack mitigation solutions can be given credit for the advancement of multiple methodologies for rootkit defense but if the defense system itself is compromised, how is the defense system to be trusted? Another deficiency not addressed is how platform integrity can be preserved without availability of current RIDS or RIPS solutions, which operate only upon the loading of the kernel i.e. without availability of a trusted boot environment. To address these deficiencies, we present our architecture for solving rootkit persistence – Rootkit Guard (RG). RG is a marriage between TrustedGRUB (providing trusted boot), IMA (Integrity Measurement Architecture) (serves as RIDS) and SELinux (serves as RIPS). TPM hardware is utilised to provide total integrity of our platform via storage of the aggregate of the clean snapshot of our platform OS kernel into TPM hardware registers (i.e. the PCR) – of which no software attacks have been demonstrated to date. RG solves rootkit persistence by leveraging on one vital but simple strategy: the mounting of rootkit defense via prevention of the execution of configuration binaries or build initialisation scripts. We adopted the technique of rootkit persistence prevention via thwarting the initialisation of a rootkit’s installation procedure; if the rootkit is successfully installed, proper deployment via thwarting of the rootkit’s
configuration is prevented. We had subjected the RG to 8 real world Linux 2.6 rootkits and the RG was successful in solving rootkit persistence in all 8 evaluated rootkits. In terms of performance, the RG introduced a maximum of 11% overhead and an average of 4% overhead, hence permitting deployment in production environments.
The rapid development of roads and the increasing number of vehicles have complicated road traffic enforcement in many countries due to limited resources of the traffic police, specifically when traffic infraction registration is done manually. The efficiency of the traffic police can be improved by a computer-based method. This study focused on mobile traffic infraction registration system benchmarking which is used to evaluate the server performance under load. The study attempts to provide a clear guideline for the performance evaluation of mobile road traffic infraction registration system, whereby the traffic police can make decision based on them to migrate from the manual-method toward computer-based method. A closed form of benchmark tool was used for the evaluation of the system performance. The tool was configured to imitate ramp scenarios, and statistics were gathered. The server was monitored at different times and works. Contributing factors include bottleneck, traffic, and response time, which are related with criteria and measurements. The system resource was also monitored for the tests.