中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
安全模块审计与基于审计的可视化研究
作者: 钱晓俊
答辩日期: 2007-05-29
授予单位: 中国科学院软件研究所
授予地点: 软件研究所
学位: 博士
关键词: 安全操作系统 ; 安全审计 ; 事件类分析 ; 审计配置 ; 审计数据转储
其他题名: Secure Module Audit and Audit-Based Visualization Research
摘要: 操作系统作为所有应用程序工作的平台,可以说操作系统的安全是软件系统安全的基础。 为了实现生产应用安全,响应国家科技部攻关计划,在FreeBSD平台的基础上,我们研发了CAS-EARTH安全操作系统。其中,安全审计系统作为整个安全操作系统的一种安全保障机制,是本文阐述的主要内容。 文章以OpenBSM审计系统为基础,研究了内核级安全审计的工作机制和基本设计,这包括审计事件的分类和审计事件类的安全性分级、审计记录队列和缓冲区、审计内核线程、审计守护进程、以及审计日志的管理办法和报警方案,重点说明了CAS-EARTH安全操作系统自身安全模块的审计办法和详细设计,从而描绘出内核级审计系统的整体框架。 另外,为了审计管理员更加方便的配置审计系统,文章还给出了审计的用户态工具、审计的图形化配置办法,重点说明了CAS-EARTH安全操作系统自身的典型应用——集成管理框架(WMA)所采用的审计方案。 一个完整易用的审计系统除了审计日志的记录,同样重要的还有基于审计记录的分析和通告器。从生产应用的角度出发,为了更加方便的浏览日志记录及时发现可能存在的系统入侵和职权滥用,文章提供了日志转储的具体方案,利用关系型数据库对日志结构进行检索,并以Web页面的方式呈现出来。
英文摘要: Operating Systems play the role as the platform where all applications work, whose security can be said the base of software systems’. To achieve safe production and application in industry, and to respond the request of [plan], we developed the CAS-EARTH secure operating system, on the basis of the FreeBSD 6.0 Release. In this system, auditing subsystem is designed and implemented as a safeguard mechanism, which also this paper mainly focuses. The subsystem is based on the OpenBSM auditing system. The paper describes the functional mechanism and essential design of a kernel-level auditing system, which includes classification of auditing events, secure levels of auditing classes, auditing record queue and buffers, kernel-level auditing threads, auditing daemon process, log management and alarm measures. The main content approachs how to audit its own secure modules of CAS-EARTH secure operating system, including TPATH, SEBSD and MLS modules, and farther sketch out the overall framework of a kernel-level auditing subsystem. Morely, to facilitate the distribution and deployment of auditing systems and help auditing administrators to configure their systems more expediently, the article also provides user-level tools, friendly interactive interfaces and importantly discusses how to audit the typical application of CAS-EARTH secure operating system (WMA). In addition to a complete auditing system, the analysis and reporting of the records are as important as logging. In aspect of industrial production and application, more fast and easily to explore auditing records, more possibly to find out the abnormally behaviors and authority abuse. Thus, the paper also provides a log dump concrete proposals, using relational database to search out and to show the way with web pages.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/5902
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
10001_200428015029074钱晓俊_paper.pdf(1456KB)----限制开放-- 联系获取全文

Recommended Citation:
钱晓俊. 安全模块审计与基于审计的可视化研究[D]. 软件研究所. 中国科学院软件研究所. 2007-05-29.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[钱晓俊]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[钱晓俊]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace