| FreeBSD中内核级安全审计系统的构建 |
| |
| 引用本文: | 潘学俭,袁春阳,梁洪亮,吕洪利.FreeBSD中内核级安全审计系统的构建[J].计算机工程与设计,2007,28(5):1007-1011. |
| |
| 作者姓名: | 潘学俭 袁春阳 梁洪亮 吕洪利 |
| |
| 作者单位: | 中国科学院,软件研究所,北京,100080;北京信息技术应用研究所,北京,100091 |
| |
| 基金项目: | 科技部攻关计划基金
,
国家知识创新基金 |
| |
| 摘 要: | 审计子系统是安全操作系统的重要组成部分,系统中与安全相关的活动均应进行审计.实现了一个基于FreeBSD内核,遵循(高于)国家标准GB17859-1999第三级要求的安全审计系统,使之成为该平台上已知的、安全等级最高的审计系统,并且和主流发行版兼容,遵循BSM规范;在实现中,还注意到了和其它安全模块的有机结合,包括对其它安全模块提供监控接口,以及利用其它模块对审计子系统进行保护.同时,该审计子系统在实现时还注意到了安全性和效率之间的平衡,尽可能地降低对系统性能的影响.
|
| 关 键 词: | 内核 安全 审计子系统 国家标准 效率 |
| 文章编号: | 1000-7024(2007)05-1007-05 |
| 修稿时间: | 2006-03-28 |
Construction of kernel level secure auditing in FreeBSD |
| |
| PAN Xue-jian,YUAN Chun-yang,LIANG Hong-liang,L Hong-li.Construction of kernel level secure auditing in FreeBSD[J].Computer Engineering and Design,2007,28(5):1007-1011. |
| |
| Authors: | PAN Xue-jian YUAN Chun-yang LIANG Hong-liang L Hong-li |
| |
| Affiliation: | 1. Institute of Software, Chinese Academy of Sciences, Beijing 100080, China; 2. Beijing Application Institute of Information Technology, Beijing 100091, China |
| |
| Abstract: | Audit is an essential part of secure operating system.It needs to record all the activities that may cause damages to the system.A secure kernel-level auditing subsystem is implemented,which is FreeBSD-based and accords with the third level requirements of GB17859 national standard of China.It is a great enhancement to the original auditing method of FreeBSD,and meets the most security requirements in FreeBSD platform.It also offers a convenient monitoring interface for other secure modules,while is safeguarded by them.Besides,it remains compatible with the main release of FreeBSD,follows BSM standard,and achieving a good balance between security and efficiency. |
| |
| Keywords: | kernel security auditing subsystem national standard of China efficiency |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
