| After intruducing the security demand from the Computer area, this paper present the designing aim of the Real time Audit Analysis System (RAAS), considering the Trusted Computer System Evaluation Criteria (TCSEC) of US DoD and Common Criteria for IT Security Evaluation (CC). Based the audit analysis and auto response from CC, it have completed like IDS in kernel. Integrating the audit system to collect the data of system call and privilege command in the kernel, the RAAS could analyze datas and compare to the user normal behavior from the normal library.The paper have described the present Audit system and IDS of Windows NT, Solaris, Linux; and the model of Common Intrusion Detection Framework (CIDF), analyzed and compared the detection methods of the current IDS, described and analyzed the ERCIST Secure Linux Operation System, especially the Audit subsystem.On the designing part of the RAAS, the generation of events, the normal library of users, the process of detecting and analyzing, and the response units were described based on the CIDF.On the operating design of RAAS, the paper focused on the change of task_struct, the design of kernel process kaasd, the timing of RAAS, the configuration and initialization of RAASIn the end, the paper evaluate the RAAS from the aim of system design, the integration with the other secure components of Secure OS, provide some problems unsolved, such as the expanding to network Monitor, the new technology of IDS... |
PDF Full Text Request