A User-level Framework for Auditing and Monitoring

A
ACSAC
2005
21st Annual Computer Security Applications Conference (ACSAC'05)
Abstract - A User-level Framework for Auditing and Monitoring

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Wu Yongzheng Articles by Roland H. C. Yap

21st Annual Computer Security Applications Conference (ACSAC'05)

Tucson, Arizona

December 05-December 09

ISBN: 0-7695-2461-3

	ASCII Text	x
	Wu Yongzheng, Roland H. C. Yap, "A User-level Framework for Auditing and Monitoring," Computer Security Applications Conference, Annual, pp. 95-105, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005.

	BibTex	x
	@article{ 10.1109/CSAC.2005.8, author = {Wu Yongzheng and Roland H. C. Yap}, title = {A User-level Framework for Auditing and Monitoring}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2005}, issn = {1063-9527}, pages = {95-105}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.8}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - A User-level Framework for Auditing and Monitoring SN - 1063-9527 SP95 EP105 A1 - Wu Yongzheng, A1 - Roland H. C. Yap, PY - 2005 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Wu Yongzheng, National University of Singapore

Roland H. C. Yap, National University of Singapore

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.8

Logging and auditing is an important system facility for monitoring correct system operation and for detecting potential security problems. We present an architecture for implementing user-level auditing monitors which: (i) does not require superuser privileges; (ii) makes it simple to create user defined monitors which are transparent; and (iii) provides security guarantees such as mandatory and reliable monitoring while maintaining confidentiality of setuid processes. We avoid problems of self-referential monitoring. Monitor use policies can be specified to increase flexibility. We show that our framework can be tailored so that it is very efficient with low overhead on macro and micro benchmarks. This demonstrates that it is feasible to make use of arbitrary and programmable user-level monitors for system security and auditing applications.

Citation:

Wu Yongzheng, Roland H. C. Yap, "A User-level Framework for Auditing and Monitoring," acsac, pp.95-105, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.