Title :
Design and Implementation of Secure Auditing System in Linux Kernel
Author :
Zhao, Kuo ; Li, Qiang ; Kang, Jian ; Jiang, Dapeng ; Hu, Liang
Author_Institution :
Dept. of Comput. Sci. & Technol., Jilin Univ., Changchun
Abstract :
As a very important component of secure operating system, auditing subsystem has been playing a key role in monitoring the system, insuring proper implementing of security policy, and building intrusion detection systems. The original Linux audit mechanism based on applications has inherent flaws, and should be improved. This paper presents the design and implementation of a secure auditing system in Linux kernel. This system implements the function of auditing in kernel based on loadable kernel modules (LKM), and applies a new system call hijacking method based on duplicating interrupt descriptor table (IDT). In addition, this system can collect comprehensive information in kernel, provide flexible configuration of auditing and take effective measures to protect the security of auditing system itself. Keywords: audit; loadable kernel modules; interrupt descriptor table.
Keywords :
Linux; auditing; security of data; Linux kernel; building intrusion detection systems; interrupt descriptor table; secure auditing system; secure operating system; security policy; Buildings; Computer hacking; Computer science; Computer security; Computerized monitoring; Information security; Kernel; Linux; Operating systems; Protection; audit; interrupt descriptor table; loadable kernel modules;
Conference_Titel :
Anti-counterfeiting, Security, Identification, 2007 IEEE International Workshop on
Conference_Location :
Xiamen, Fujian
Print_ISBN :
1-4244-1035-5
Electronic_ISBN :
1-4244-1035-5
DOI :
10.1109/IWASID.2007.373733
