Based On The Design Of The The LSM Security Audit System

This paper is to present a security audit model which bases on the Linux Security Modules Framework. The Security Audit System is effective for both the host security and network security; it should be an ongoing process but not be a one-time shot. On top, security is a delicate balance among protection, availability and user acceptance. An audit trail is a series of records of computer events, about an operating system, an application, or user activities. It is generated by an auditing system that monitors system activity. By analyzing the audit trails, we can determine vulnerabilities, establish accountability, assess damage and recover the system. There are two kinds of Security Audit System, one is the auditing function of the operating system, the other is provided by third-party software. The operating system can provide more finely grained audit function, which can be inserted into the system call functions, while this audit trail is mainly target of the hacker. The third-party software mainly records the events of application. The Audit System is to be taken great progress in these aspects: portable, more finely grained, usage of resource, security.Linux Security Modules (LSM) is a lightweight, general purpose, access control framework for the mainstream Linux kernel. It provides lots of kernel-level interfaces of programming. Base on LSM framework, many different access control models have been implemented as loadable kernel modules. This paper has researched the mechanism of the LSM, and implemented a kind of Security Auditing Policy. The main results are as follow:1. This paper presented the definition, function of the Security Audit. and described the status in the security system.2. Researched and analyzed the criteria for the security evaluation of information technology systems and products.3. Analyzed the well-known audit systems SYSLOG of Linux and SNARE, and provided the solutions for the weaknesses of them.4. Researched the design, interface and implementation of the Linux Security Modules Framework.