ALS 2000 Technical Program

ALS 2000 Abstract

Piranha Audit: A Kernel Enhancements And Utilities To Improve Audit/Logging

Vincenzo Cutello, Emilio Mastriani, Francesco Pappalardo, University of Catania, Italy

Abstract

This paper presents a mechanism to enrich logging as required in TCSEC [1] document to detect and stop possible intrusions based on typical attacks and to protect the sensible audit data from deletion/modification even in root compromise situation. After installing Piranha Audit, administrators will have a solid infrastructure for improving security and resistance to penetration, with only modest performance penalties. We present experimental results of the advantages of this solution and the performance impact of the mechanism.

View the full text of this paper in HTML form, PDF form, and PostScript form.
If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
To become a USENIX Member, please see our Membership Information.

Need help? Use our Contacts page.

Last changed: 29 Jan. 2002 ml

Technical Program

ALS Web Site

USENIX home