By Topic

Design and Implementation of Secure Auditing System in Linux Kernel

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

5 Author(s)
Kuo Zhao ; Dept. of Comput. Sci. & Technol., Jilin Univ., Changchun ; Qiang Li ; Jian Kang ; Dapeng Jiang
more authors

As a very important component of secure operating system, auditing subsystem has been playing a key role in monitoring the system, insuring proper implementing of security policy, and building intrusion detection systems. The original Linux audit mechanism based on applications has inherent flaws, and should be improved. This paper presents the design and implementation of a secure auditing system in Linux kernel. This system implements the function of auditing in kernel based on loadable kernel modules (LKM), and applies a new system call hijacking method based on duplicating interrupt descriptor table (IDT). In addition, this system can collect comprehensive information in kernel, provide flexible configuration of auditing and take effective measures to protect the security of auditing system itself. Keywords: audit; loadable kernel modules; interrupt descriptor table.

Published in:

Anti-counterfeiting, Security, Identification, 2007 IEEE International Workshop on

Date of Conference:

16-18 April 2007