Institutional Repository
| 安全模块审计与基于审计的可视化研究 | |
| Alternative Title | Secure Module Audit and Audit-Based Visualization Research |
| 钱晓俊 | |
| 2007-05-29 | |
| Degree Grantor | 中国科学院软件研究所 |
| Degree Level | 博士 |
| Place of Degree Grantor | 软件研究所 |
| Keyword | 安全操作系统 安全审计 事件类分析 审计配置 审计数据转储 |
| English Abstract | 操作系统作为所有应用程序工作的平台,可以说操作系统的安全是软件系统安全的基础。 为了实现生产应用安全,响应国家科技部攻关计划,在FreeBSD平台的基础上,我们研发了CAS-EARTH安全操作系统。其中,安全审计系统作为整个安全操作系统的一种安全保障机制,是本文阐述的主要内容。 文章以OpenBSM审计系统为基础,研究了内核级安全审计的工作机制和基本设计,这包括审计事件的分类和审计事件类的安全性分级、审计记录队列和缓冲区、审计内核线程、审计守护进程、以及审计日志的管理办法和报警方案,重点说明了CAS-EARTH安全操作系统自身安全模块的审计办法和详细设计,从而描绘出内核级审计系统的整体框架。 另外,为了审计管理员更加方便的配置审计系统,文章还给出了审计的用户态工具、审计的图形化配置办法,重点说明了CAS-EARTH安全操作系统自身的典型应用——集成管理框架(WMA)所采用的审计方案。 一个完整易用的审计系统除了审计日志的记录,同样重要的还有基于审计记录的分析和通告器。从生产应用的角度出发,为了更加方便的浏览日志记录及时发现可能存在的系统入侵和职权滥用,文章提供了日志转储的具体方案,利用关系型数据库对日志结构进行检索,并以Web页面的方式呈现出来。 |
| Abstract | Operating Systems play the role as the platform where all applications work, whose security can be said the base of software systems’. To achieve safe production and application in industry, and to respond the request of [plan], we developed the CAS-EARTH secure operating system, on the basis of the FreeBSD 6.0 Release. In this system, auditing subsystem is designed and implemented as a safeguard mechanism, which also this paper mainly focuses. The subsystem is based on the OpenBSM auditing system. The paper describes the functional mechanism and essential design of a kernel-level auditing system, which includes classification of auditing events, secure levels of auditing classes, auditing record queue and buffers, kernel-level auditing threads, auditing daemon process, log management and alarm measures. The main content approachs how to audit its own secure modules of CAS-EARTH secure operating system, including TPATH, SEBSD and MLS modules, and farther sketch out the overall framework of a kernel-level auditing subsystem. Morely, to facilitate the distribution and deployment of auditing systems and help auditing administrators to configure their systems more expediently, the article also provides user-level tools, friendly interactive interfaces and importantly discusses how to audit the typical application of CAS-EARTH secure operating system (WMA). In addition to a complete auditing system, the analysis and reporting of the records are as important as logging. In aspect of industrial production and application, more fast and easily to explore auditing records, more possibly to find out the abnormally behaviors and authority abuse. Thus, the paper also provides a log dump concrete proposals, using relational database to search out and to show the way with web pages. |
| Pages | 95 |
| Language | 中文 |
| Content Type | 学位论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/5902 |
| Collection | 中科院软件所_中科院软件所 |
| Recommended Citation GB/T 7714 | 钱晓俊. 安全模块审计与基于审计的可视化研究[D]. 软件研究所. 中国科学院软件研究所,2007. |
| Files in This Item: | ||||||
| File Name/Size | DocType | Version | Access | License | ||
| 10001_20042801502907(1456KB) | 限制开放 | -- | Application Full Text | |||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment