中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
安全审计系统的设计与实现
作者: 陈慧
答辩日期: 2004
专业: 计算机软件与理论
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: 安全操作系统 ; 内核级 ; 安全 ; 审计系统
其他题名: Design and Implementation of Secure Auditing System in Operating System
摘要: 审计是一种通过事后追查来增强系统安全性的安全技术,它是安全操作系统中的一个重要部分。目前,许多安全操作系统中都包含审计部分,也有专门的审计系统。综合现在的研究状况来看,现有的审计系统主要有四个方面需要改进:审计系统对内核的影响、审计的内容、审计的安全、审计记录文件的处理。本文提出了一个通过扩展LSM框架、在内核中安插钩子函数调用来实现审计系统的方法,并遵循国家标准GB17859一1999第四级要求,在Linux上设计并实现了一个审计系统,并对系统性能进行了分析。本文的主要工作有:第一,通过对审计系统要求的分析和对Linux内核版本升级的考虑,提出了通过扩展LSM机制来构造审计系统。在LSM框架中新增了审计钩子,同时,在对内核85个系统调用进行分析的基础上,在内核中找出290个钩子插入点。这些钩子是用于收集审计信息、操作审计记录的接口。第二,论述了审计模块的设计与实现,就审计记录结构、审计规则等关键问题进行了阐述。第三,论述了通过扩展syslog系统调用来提供用户层审计接口的新方法。第四,论述了通过安全操作系统的其他部分如MAC、DAC等来保证审计系统的安全。第五,探讨了审计文件的处理和审计对系统性能的影响。本文提出的扩展LSM框架实现审计的方法是审计系统研究中的一个新的尝试,实践表明这种方法是可行的。为了保证系统的实用性,审计系统还提供了功能齐备的用户层审计管理工具,包括审计配置和审计查询图形工具和一些审计命令。
英文摘要: Audit is a kind of security technology that can enhance system security by checking auditing trails after attacks. It's an important part of secure operating system. Nowadays, a lot of secure operating systems have auditing function, and there're many individual auditing systems. According to current research status, auditmg system need to be improved in four aspects: the effect to kernel, auditing content, security of audit and the management of auditing record files. We bring out a new method to implement auditing system by extending LSM framework and inserting auditing hooks into kernel. In this way, a secure kernel-level auditing subsystem, which is based on Linux and accords with the fourth level requirements of the National Standard of China, is designed and implemented, and its performance is analyzed. Main achievement of the thesis is as follows: Firstly, with the analysis of auditing demand and the consideration of kernel updating, to build a auditing system by extending LSM framework is presented. We added new auditing hooks into LSM framework, and with the analysis of 85 system calls, we found 290 inserting point of hooks in kernel. These hooks are the interface to collect auditing information and manage auditing record. Secondly, based on the new auditing hooks in kernel, the design and implementation of an auditing module are presented, and several key problems are discussed. Thirdly, a new method that provides user level auditing interface by extending the function of system call "syslog" is proposed. Fourthly, by cooperating with other parts in secure operating system, such as MAC and DAC, the security of auditing system is guaranteed. Fifthly, the management of auditing record files and the system performance is discussed. The idea put forward in this paper intends to open a new approach to build auditing system. The effectiveness of this approach is proved by practical system. As far as availability, auditing system provides functional user managing tools, including auditing configuration and auditing checking GUI tools and some shell commands.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/5986
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW014046.pdf(2412KB)----限制开放-- 联系获取全文

Recommended Citation:
陈慧. 安全审计系统的设计与实现[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2004-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[陈慧]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[陈慧]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace