A User-level Framework for Auditing and Monitoring

14 years 5 months ago

Download www.acsac.org

Logging and auditing is an important system facility for monitoring correct system operation and for detecting potential security problems. We present an architecture for implementing user-level auditing monitors which: (i) does not require superuser privileges; (ii) makes it simple to create user deﬁned monitors which are transparent; and (iii) provides security guarantees such as mandatory and reliable monitoring while maintaining conﬁdentiality of setuid processes. We avoid problems of self-referential monitoring. Monitor use policies can be speciﬁed to increase ﬂexibility. We show that our framework can be tailored so that it is very eﬃcient with low overhead on macro and micro benchmarks. This demonstrates that it is feasible to make use of arbitrary and programmable user-level monitors for system security and auditing applications.

Yongzheng Wu, Roland H. C. Yap

Real-time Traffic

ACSAC 2005 | Auditing | Potential Security Problems | Security Privacy | User-level Auditing Monitors |

claim paper

Post Info
More Details (n/a)

Added	24 Jun 2010
Updated	24 Jun 2010
Type	Conference
Year	2005
Where	ACSAC
Authors	Yongzheng Wu, Roland H. C. Yap

Comments (0)

Sciweavers

A User-level Framework for Auditing and Monitoring

ACSAC 2005 | Auditing | Potential Security Problems | Security Privacy | User-level Auditing Monitors |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers