LSM-Based Secure System Monitoring Using Kernel Protection Schemes

A
ARES
2010
2010 International Conference on Availability, Reliability and Security
Abstract - LSM-Based Secure System Monitoring Using Kernel Protection Schemes

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Takamasa Isohara Articles by Keisuke Takemori Articles by Yutaka Miyake Articles by Ning Qu Articles by Adrian Perrig

2010 International Conference on Availability, Reliability and Security

Krakow, Poland

February 15-February 18

ISBN: 978-0-7695-3965-2

	ASCII Text	x
	Takamasa Isohara, Keisuke Takemori, Yutaka Miyake, Ning Qu, Adrian Perrig, "LSM-Based Secure System Monitoring Using Kernel Protection Schemes," Availability, Reliability and Security, International Conference on, pp. 591-596, 2010 International Conference on Availability, Reliability and Security, 2010.

	BibTex	x
	@article{ 10.1109/ARES.2010.48, author = {Takamasa Isohara and Keisuke Takemori and Yutaka Miyake and Ning Qu and Adrian Perrig}, title = {LSM-Based Secure System Monitoring Using Kernel Protection Schemes}, journal ={Availability, Reliability and Security, International Conference on}, volume = {0}, year = {2010}, isbn = {978-0-7695-3965-2}, pages = {591-596}, doi = {http://doi.ieeecomputersociety.org/10.1109/ARES.2010.48}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Availability, Reliability and Security, International Conference on TI - LSM-Based Secure System Monitoring Using Kernel Protection Schemes SN - 978-0-7695-3965-2 SP591 EP596 A1 - Takamasa Isohara, A1 - Keisuke Takemori, A1 - Yutaka Miyake, A1 - Ning Qu, A1 - Adrian Perrig, PY - 2010 KW - Secure system monitoring KW - Linux Security Module KW - Lifetime kernel code integrity KW - Mandatory Access Control VL - 0 JA - Availability, Reliability and Security, International Conference on ER -

Ning Qu

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2010.48

Monitoring a process and its file I/O behaviors is important for security inspection for a data center server against intrusions, malware infection and information leakage. In the case of the Linux kernel 2.6, a set of hook functions called the Linux Security Module (LSM) has been implemented in order to monitor and control the system calls. By using the LSM we can inspect the activity of unknown malicious processes. However, a sophisticated attacker could breach the kernel configurations using the rootkits. Furthermore since the monitoring results of the malicious process activity are stored as a file on Hard Disk Drive (HDD), it will be easily manipulated by the attacker. In this paper, we propose a secure monitoring scheme that addresses the attacks against the monitoring module and its result for security inspection of the data center server. The monitoring module is implemented as a LSM-based function and protected by the kernel protection technique. The integrity of the monitoring result is guaranteed by using a Mandatory Access Control (MAC) of the Linux kernel and a mechanism of the trusted process invocation. This mechanism can serve as an infrastrucuture of secure inspection platform for data center server because the integrity of the monitoring module and its result is guaranteed.

Index Terms:

Secure system monitoring, Linux Security Module, Lifetime kernel code integrity, Mandatory Access Control

Citation:

Takamasa Isohara, Keisuke Takemori, Yutaka Miyake, Ning Qu, Adrian Perrig, "LSM-Based Secure System Monitoring Using Kernel Protection Schemes," ares, pp.591-596, 2010 International Conference on Availability, Reliability and Security, 2010

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.