Research And Design Of Secure Operating System Audit Subsystem

Currently, computer technology has been widely used in more and more areas, more and more important information need to stored in information systems which connect with Internet. Driving by benefits, various invasions appear frequently, the problem of information security become more serious. The developing of security operating system have a decisive role for resolution of these issues. Security audit subsystem is one of the subsystems of security operating system, and it is the most important component of security OS. It serve as the last line of defense of whole system, and has great significance of the correct implementation of security policies, monitoring systems and formation intrusion detection systems.A audit subsystem of security operating system needs to records, inspections and audits secure related things, abstract user behavior from bottom layer data. Its main purpose is to detect and stop the system invasions by those illegal users, and displays the legitimate user's misoperations and records system status when emergence of error. Kernel is the most close contacts with hardware, we can get original audit data from bottom when we placed audit system in the kernel, it can effectively reduces the possibility of auditing bypass. The purpose of this is to construct a kernel-level auditing system on security operating system. The main job including:1. Research the basic theory of security audit, then given a logic model of security auditing through these theories.2. Research and analysis information system's evaluation standards and its impact on the audit requirements.3. In-depth study of the SELinux mandatory access control mechanisms and access control strategies, give a set of scheme to strengthen audit system's own security by use of SELinux's access control mechanism and strategy.4. Analysis and research existing mechanisms and codes of Linux. Utilized security auditing theory and kernel knowledge, describing hook function's settings, the contents of auditing and the class of audit case. Planning various components of an auditing system, research communicate mechanism of components and give a overall architecture model of auditing system.5. According to the general architecture model, implement each module of the model.6. Research and analysis basic theory of covert channel. Analysis the principles and shortcomings of an existing auditing system, and propose an improved program.