Institutional Repository
| 安全Linux操作系统审计子系统的设计与实现 | |
| 任党恩 | |
| Major | 计算机应用技术 |
| 2000 | |
| Degree Grantor | 中国科学院软件研究所 |
| Degree Level | 博士 |
| Place of Degree Grantor | 中国科学院软件研究所 |
| Keyword | 安全操作系统 审计系统 审计记录 Linux核心 自主访问控制 强制访问控制 入侵检测 |
| English Abstract | 审计系统作为安全操作系统的一个重要组成部分,对于监督系统的正常运行,保障安全策略的正确实施,构造计算机入侵检测系统等都具有十分重要的意义。本文旨在论述审计系统的设计原则和具体实现方法,内容组织如下:首先介绍了计算机领域的安全现状及流行的攻击手段,这些背景信息使我们构造安全系统时具有明确的针对性;美国国防部的可信计算机评测标准(TCSEC)是目前公认的设计开发安全产品的重要指导,从它规定的各安全级别的主要特性中,我们可以了解安全系统的设计实现要求。WindowsNT和Solaris2.x都是目前主流的服务器操作系统,分析它们已有的安全审计模块,对于我们的设计有很强的指导作用,从中可以获得有益的思路和可借鉴的处理办法。在此基础上叙述基于Linux核心开发B2级安全操作系统的总体框架,并阐明审计与可信安全基(TCB)其它各部分的协同关系。然后,在审计系统的详细设计部分,着重论述审计子系统的结构模型、审计策略设定、功能模块的功分和具体实现以及审计自身的保护等,其中涉及Linux内核的重要概念,以及为审计安全相关命令而对它们所做的改造等,也进行了详细分析和描述,并给出最终的安全操作系统中的属层界面。接着,论述审计数据对于系统安全性的意义,举例说明了审计数据在入侵检测中的应用。最后,提出了几个需要进一步思考的问题,如审计数据的选择、压缩、加密和网络审计。 |
| Abstract | Audit is a fundamental component of any secure operating system. It will be a great assistant to safeguard the running system, ensure the practice of security policies and build intrusion detection systems. In this paper, we mainly discuss the design and implementation of an auditing system. Structure of the contents is a s follows: Firstly, background of computer security area and some typical attacks are introduced, which will show us a clear direction when we develop a secure system. Trusted Computer System Evaluation Criteria of US DoD is a well-known guideline on security designing, from characters of each security level it specifies, we can set up the security requirements of our own. NT and Solaris2.x are both popular today as server operating system, the analysis of their auditing mechanism will give us some references and valuable clues or tips in our work. Our target is to develop a secure operating system based on linux kernel at B2 level, so the entire architecture and the cooperative relationships between auditing and the other parts of Trusted Computing Base are illustrated. After that, in the detailed design and implementation part, we focus on some issues including the audit model, decision of auditing policies, division of functional modules and the comprehensive implementation, the protection of audit itself is presented as well. Some concepts of linux kernel utilized by auditing system and the modifications of security relevant applications are also described. Interfaces of auditing subsystem in the whole operating system are represented as the final result. In the next part, we talk about intrusion detection and the contributions made by audit records. Lastly, we bring out some future works such as the selection of audit data, employ of compression and encryption, and network-based auditing. |
| Pages | 41 |
| Language | 中文 |
| Content Type | 学位论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/6598 |
| Collection | 中科院软件所_中科院软件所 |
| Recommended Citation GB/T 7714 | 任党恩. 安全Linux操作系统审计子系统的设计与实现[D]. 中国科学院软件研究所. 中国科学院软件研究所,2000. |
| Files in This Item: | ||||||
| File Name/Size | DocType | Version | Access | License | ||
| LW002120.pdf(2445KB) | 限制开放 | -- | Application Full Text | |||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment