| Based on the development of a practical secure operating system, RFSOS, which is funded by the National Natural Science Foundation of China and the National 863 High-tech Program of China, this paper focuses mainly on the design and implementation of the audit subsystem. An efficient technology for intrusion detection based on the audit subsystem (named W-detection) is also put forward. RFSOS is designed based on CC and was certificated the third level of GB-17859. RFSOS is already put into use in some government departments. The principal achievements are at the following:Firstly, requirements about the audit subsystem in some representative security criteria, including CC, TCSEC and GB-17859 are analyzed; some typical implementations of audit in operating systems such as Digital UNIX, AIX, Trusted Solaris, Windows 2000 and Linux are studied and compared, which can help to determine the architecture of the audit subsystem of RFSOS.Secondly, some problems in enforcement of security mechanisms in the secure operating system are put forward and the dynamic integrity mechanism is given with detailed description and verification of the access control rules, which can improve compatibility of RFSOS.Thirdly, the audit subsystem in RFSOS, which meets the requirements of both Common Criteria and GB 17859 Level 3 (security label protection), are designed and implemented based on all the security mechanisms introduced in RFSOS with some details discussed.Fourthly, the concept "generalized system call" is put forward based on the audit subsystem and is also classified based on their potential effects on applications and the whole system.Lastly, an efficient intrusion detection technique is put forward based on the classification of generalized system calls and it is verified by experiments. The architecture of the intrusion detection system that makes use of the technique is also described.In summary, the whole process from the design and implementation of the audit subsystem to the intrusion detection based on the audit data is studied in detail in this paper and the achievements can be very helpful to the further study of secure operating systems and intrusion detection techniques.
|
PDF Full Text Request