| In consequence of numerous demands of data exchange in internal and external networks,the Ministry of Public Security put forward the concept of Secure Access Platform. As a securityequipment, the Data Secure Exchange Platform who situates on the boundary of internal andexternal networks should confront many security risks, such as intentional damages of hackers,user's wrong operation and problems caused by lack of system resource. As the result, we need anaudit system to record and analyze the activities of the system as well as the activities of thebusiness application system, in order to find out the problems in time. This paper proposes asecurity audit subsystem who adapts to the real demands of the Data Secure Exchange Platform.The main tasks were as followed:(1) We analyzed current audit demands of the Data Secure Exchange Platform and designed thegeneral structure of the audit system for the Data Secure Exchange Platform of internal andexternal network. This general structure reflects from two levels all system activities.(2) We analyzed the basic workflow of application programs on the Data Secure ExchangePlatform and confirmed the data which have to be audited, then provided the frame ofinformation collection module on application layer. Furthermore, we designed an API called byapplication system and proposed a concrete design of transfer agent module based on thresholdand buffer compression. These tasks increased our efficiency by reducing the transfer flow ofinformation to be audited.(3) We designed a core audit system by using Linux LSM system and applied the database ofaudit rules for a more convenient deployment of these rules. In order to guarantee the security ofaudit system, we introduced a self-protection mechanism who supplies a total protection fromthree aspects: audit program of application layer, core audit system and files deployment.Concerning core and user space, we increased the stability and the development efficiency byusing Netlink.(4) We studied the common methods of audit information analysis based on system calling andmodified the analysis methods for system calling sequence of Forrest in order to satisfy the actualdemands of system.(5) Considering J2EE as benchmark, we designed and implemented the general structure ofaudit management platform. |