| 基于双空间审计迹的Linux安全审计技术 |
| |
| 引用本文: | 段雪涛,贾春福.基于双空间审计迹的Linux安全审计技术[J].计算机工程,2009,35(18):130-132. |
| |
| 作者姓名: | 段雪涛 贾春福 |
| |
| 作者单位: | 南开大学信息技术科学学院,天津,300071 |
| |
| 基金项目: | 天津市自然科学基金资助项目 |
| |
| 摘 要: | 在研究Linux安全审计技术的基础上,提出一种基于双空间审计迹的安全审计方法,融合操作系统内核空间的系统调用和用户空间的库函数调用,提高对操作系统内核层攻击和恶意用户行为的识别能力。对LSM框架进行审计扩展,用于设计审计模型的数据获取模块,增强了模型的审计粒度、安全性和灵活性。为了提高安全审计的实时性,引入典型集方法压缩正常行为特征库。
|
| 关 键 词: | 安全审计 系统调用 典型集 |
| 修稿时间: | |
Linux Security Audit Technology Based on Double Spaces Audit Trace |
| |
| DUAN Xue-tao,JIA Chun-fu.Linux Security Audit Technology Based on Double Spaces Audit Trace[J].Computer Engineering,2009,35(18):130-132. |
| |
| Authors: | DUAN Xue-tao JIA Chun-fu |
| |
| Affiliation: | College of Information Technology Science;Nankai University;Tianjin 300071 |
| |
| Abstract: | This paper researches Linux security audit technology and proposes a security audit method based on double spaces security audit.The operating system kernel space system call and user space library function call are merged to enhance the identified ability against the operating system kernel attacks and user's malicious behaviors, an extended LSM(Linux Security Modules) framework is designed for audit data hook module to improve the audit granularity, security and flexibility of security audit model.In orde... |
| |
| Keywords: | security audit system call typical set |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
