| 通过扩展LSM框架构建审计支持机制 |
| |
| 引用本文: | 陈慧,石文昌,梁洪亮.通过扩展LSM框架构建审计支持机制[J].计算机科学,2005,32(3):144-147. |
| |
| 作者姓名: | 陈慧 石文昌 梁洪亮 |
| |
| 作者单位: | 中国科学院软件研究所,北京,100080 |
| |
| 基金项目: | 本文得到国家863高技术研究发展项目(2002AA141080),国家自然科学基金(60073022和60373054) |
| |
| 摘 要: | LSM是纳入到Linux内核的一个安全模型支持框架,它通过提供钩子机制来支持安全机制的实现。审计机制是安全操作系统的重要组成部分。然而,LSM的现有设计主要考虑的是对访问控制的支持,对审计机制的支持存在着明显的不足。把审计支持纳入到LSM框架中,为审计系统或者是入侵检测系统提供统一的支持接口,对安全操作系统的研究有重要意义。本文提出一个扩展LSM框架的方法,以增强LSM框架对审计机制的支持能力。本文论述了扩展LSM框架实现审计的方法,以及如何在LSM框架中加入审计钩子及在内核函数中插入钩子函数。依照这种方法,作为安全操作系统SECIMOS开发工作的一个重要组成部分,我们在Linux内核中实现了一个审计系统,并对其性能进行了分析。
|
| 关 键 词: | 扩展LSM框架 审计支持机制 Linux内核 安全机制 |
Enhancing the LSM Framework to Build Audit Support Mechanisms |
| |
| CHEN Hui,SHI Wen-Chang,LIANG Hong-liang.Enhancing the LSM Framework to Build Audit Support Mechanisms[J].Computer Science,2005,32(3):144-147. |
| |
| Authors: | CHEN Hui SHI Wen-Chang LIANG Hong-liang |
| |
| Affiliation: | CHEN Hui,SHI Wen-Chang,LLANG Hong-Liang Institute of Software,Chinese Academy of Sciences,Beijing 100080 |
| |
| Abstract: | LSM (Linux Security Module) is a security-model-support framework which is now an important part of the Linux kernel. It supports security mechanisms by providing hooks mechanism. Audit is an essential part of secure operating system. Mainly focusing on access control, LSM is lack of ability to support audit. It is significant to extend the LSM framework to support audit mechanism which can provide an interface to audit system or intrusion detection system. This paper presents a method to enhance the LSM framework to support audit functions. It discusses how to add audit hooks into the LSM framework and how to insert hook functions into Linux kernel functions. In this way, an audit system is implemented as a main part of the SECIMOS secure operating system. Also, its performance is test- ed and analyzed. |
| |
| Keywords: | LSM Audit system Linux |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
点击此处可从《计算机科学》下载全文 |
