Audlib: a configurable, high-fidelity application audit mechanism
نویسندگان
چکیده
In this paper, we introduce Audlib, an extendable tool for generating security-relevant information on Unix systems. Audlib is a wrapper environment that generates application level audit information from existing executable programs. Audlib is not a detection system, instead it is designed to supplement existing audit systems and work transparently with them. Audlib records information that is not presently available from existing kernel-level audit sources. Here, we describe the design of the Audlib framework and the information it provides. We compare auditing the actions of a web server with Audlib to existing kernel audit sources and show that we have 2–4 times the throughput of Linux auditd and less than half the performance overhead of Solaris BSM while collecting detailed information about the server’s execution. Although Audlib is focused on recording security information, this technique can be used to collect data for a wide variety of purposes including profiling, dependency analysis, and debugging. Copyright q 2010 John Wiley & Sons, Ltd.
منابع مشابه
Application-specific Network Management for Energy-Aware Streaming of Popular Multimedia Formats
The typical duration of multimedia streams makes wireless network interface (WNIC) energy consumption a particularly acute problem for mobile clients. In this work, we explore ways to transmit data packets in a predictable fashion; allowing the clients to transition the WNIC to a lower power consuming sleep state. First, we show the limitations of IEEE 802.11 power saving mode for isochronous m...
متن کاملThe Utilization of High Fidelity Simulation in the Support of UAV Launch Phase Design: Three Case Studies
Improvement of the launch phase of a jet powered Unmanned Aerial Vehicle (UAV) with Jet Assisted Take Off (JATO), has been the subject of attention in the UAV industry. Use of flight simulation tools reduces the risk and required some amount of flight testing for complex aerospace systems. Full nonlinear equations of motion are used to study and simulate this maneuver and three case studies of ...
متن کاملAudit Games with Multiple Defender Resources
Modern organizations (e.g., hospitals, social networks, government agencies) rely heavily on audit to detect and punish insiders who inappropriately access and disclose confidential information. Recent work on audit games models the strategic interaction between an auditor with a single audit resource and auditees as a Stackelberg game, augmenting associated well-studied security games with a c...
متن کاملDesign of smart sensing components for volcano monitoring
In a volcano monitoring application, various geophysical and geochemical sensors generate continuous high-fidelity data, and there is a compelling need for real-time raw data for volcano eruption prediction research. It requires the network to support network synchronized sampling, online configurable sensing and situation awareness, which pose significant challenges on sensing component design...
متن کاملThe effect of Internal locus of control on the relationship between psychological empowerment auditor and audit quality
Abstract The high quality of auditing increases investor confidence in financial statements and improves the transparency of financial markets and is seen as an effective regulatory mechanism to prevent managerial opportunistic behavior to reduce representation costs between manager and owner. The purpose of this study was to investigate the effect of locus of control on the relationship betwe...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Softw., Pract. Exper.
دوره 40 شماره
صفحات -
تاریخ انتشار 2010