作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2009, Vol. 35 ›› Issue (18): 130-132. doi: 10.3969/j.issn.1000-3428.2009.18.046

• 安全技术 • 上一篇    下一篇

基于双空间审计迹的Linux安全审计技术

段雪涛,贾春福   

  1. (南开大学信息技术科学学院,天津 300071)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-09-20 发布日期:2009-09-20

Linux Security Audit Technology                  Based on Double Spaces Audit Trace

DUAN Xue-tao, JIA Chun-fu   

  1. (College of Information Technology Science, Nankai University, Tianjin 300071)
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-09-20 Published:2009-09-20

摘要: 在研究Linux安全审计技术的基础上,提出一种基于双空间审计迹的安全审计方法,融合操作系统内核空间的系统调用和用户空间的库函数调用,提高对操作系统内核层攻击和恶意用户行为的识别能力。对LSM框架进行审计扩展,用于设计审计模型的数据获取模块,增强了模型的审计粒度、安全性和灵活性。为了提高安全审计的实时性,引入典型集方法压缩正常行为特征库。

关键词: 安全审计, 系统调用, 典型集

Abstract: This paper researches Linux security audit technology and proposes a security audit method based on double spaces security audit. The operating system kernel space system call and user space library function call are merged to enhance the identified ability against the operating system kernel attacks and user’s malicious behaviors, an extended LSM(Linux Security Modules) framework is designed for audit data hook module to improve the audit granularity, security and flexibility of security audit model. In order to improve the real-time efficiency, a typical set method is introduced to compress the normal signature database.

Key words: security audit, system call, typical set

中图分类号: