Piranha Audit: Kernel Enhancements And Utilities To Improve Audit/Logging
نویسندگان
چکیده
This paper presents a mechanism to enrich logging as required in TCSEC [1] document to detect and stop possible intrusions based on typical attacks and to protect the sensible audit data from deletion/modification even in root compromise situation. After installing Piranha Audit, administrators will have a solid infrastructure for improving security and resistance to penetration, with only modest performance penalties. We present experimental results of the advantages of this solution and the performance impact of the mechanism.
منابع مشابه
Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows
Audit logging is an important approach to cyber attack investigation. However, traditional audit logging either lacks accuracy or requires expensive and complex binary instrumentation. In this paper, we propose a Windows based audit logging technique that features accuracy and low cost. More importantly, it does not require instrumenting the applications, which is critical for commercial softwa...
متن کاملSecure Audit Logging with Tamper-Resistant Hardware
Secure perimeter schemes (e.g. DRM) and tracing traitor schemes (e.g. watermarking, audit logging) strive to mitigate the problems of content escaping the control of the rights holder. Secure audit logging records the user’s actions on content and enables detection of some forms of tampering with the logs. We implement Schneier and Kelsey’s secure audit logging protocol [1], strengthening the p...
متن کاملچرخش اجباری مؤسسات حسابرسی و محدودیت در ارائه سایر خدمات حسابرسی: هزینهها و منافع
در سالهای اخیر، مقررات متعددی با هدف حفظ استقلال و ارتقا کیفیت حسابرسی وضع شده است. چرخش اجباری مؤسسات حسابرسی و محدودیت در ارائه سایر خدمات حسابرسی از جمله این مقررات هستند. هدف این تحقیق، بررسی مقایسهای دیدگاه استفادهکنندگان در مورد رابطه بین چرخش اجباری مؤسسات حسابرسی و محدودیت در ارائه سایر خدمات حسابرسی با کیفیت حسابرسی است. همچنین، این تحقیق درصدد بررسی هزینه و منفعت مقررات مذکور میبا...
متن کاملEnhancements to SIP to prevent abuse of Voice-over-IP services
This paper reviews the IETF proposed enhancements to the Session Initialisation Protocol (SIP) to prevent the abuse of its implementation in Voice-over-IP (VoIP) communication services. We look at some of the benefits and drawbacks of these proposed enhancements to ensure trustworthy SIP message exchange. Many proxies assist in establishing of a SIP session. These proxies may modify the travers...
متن کاملCERIAS Tech Report 2000-28 BETTER LOGGING THROUGH FORMALITY APPLYING FORMAL SPECIFICATION TECHNIQUES TO IMPROVE AUDIT LOGS AND LOG CONSUMERS
We rely on programs that consume audit logs to do so successfully (a robustness issue) and form the correct interpretations of the input (a semantic issue). The vendor’s documentation of the log format is an important part of the specification for any log consumer. As a specification, it is subject to improvement using formal specification techniques. This work presents a methodology for formal...
متن کامل