A user-level framework for auditing and monitoring

Author

Yongzheng, Wu ; Yap, Roland H C

Author_Institution

Sch. of Comput., Singapore Nat. Univ.

fYear

2005

fDate

5-9 Dec. 2005

Lastpage

105

Abstract

Logging and auditing is an important system facility for monitoring correct system operation and for detecting potential security problems. We present an architecture for implementing user-level auditing monitors which: (i) does not require superuser privileges; (ii) makes it simple to create user defined monitors which are transparent; and (iii) provides security guarantees such as mandatory and reliable monitoring while maintaining confidentiality of setuid processes. We avoid problems of self-referential monitoring. Monitor use policies can be specified to increase flexibility. We show that our framework can be tailored so that it is very efficient with low overhead on macro and micro benchmarks. This demonstrates that it is feasible to make use of arbitrary and programmable user-level monitors for system security and auditing applications

Keywords

security of data; supervisory programs; system monitoring; user interfaces; arbitrary user-level monitor; monitor use policy; potential security problem detection; programmable user-level monitor; setuid process confidentiality; system auditing; system facility; system logging; system operation monitoring; system security; user-level auditing application; Application software; Computer architecture; Computer displays; Computer security; Computerized monitoring; Costs; Intrusion detection; Kernel; Maintenance; National security;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 21st Annual

Conference_Location

Tucson, AZ

ISSN

1063-9527

Print_ISBN

0-7695-2461-3

Type

conf

DOI

10.1109/CSAC.2005.8

Filename

1565238