A study of accountability in operating systems

dc.contributorZhang, Jingyuan
dc.contributorHong, Xiaoyan
dc.contributorVrbsky, Susan V.
dc.contributorZhao, Shan
dc.contributor.advisorXiao, Yang
dc.contributor.advisorChen, Hui
dc.contributor.authorZeng, Lei
dc.contributor.otherUniversity of Alabama Tuscaloosa
dc.date.accessioned2017-04-26T14:22:41Z
dc.date.available2017-04-26T14:22:41Z
dc.date.issued2014
dc.descriptionElectronic Thesis or Dissertationen_US
dc.description.abstractLogging has become a fundamental feature within the modern operating systems due to the fact that logging may be used through a variety of applications and fashion. Syslog daemon is the logging implementation in Unix/Linux platforms, while Windows Event Log is the logging implementation in Microsoft Windows platforms. These logging implementations provide APIs that in turn, simplify logging functions from data collection to data storage. First, we introduce accountable administration. Accountability implies that entities should be held responsible for their actions or behaviors so that the entities are part of larger chains of accountability. Many security models and systems are built upon the assumption that super users are trustworthy. However, it becomes challenging to hold super users accountable since they can erase any trace of their activities. This chapter proposes an accountable administration model for operating systems where all system administrators can be accounted for even if they are untrustworthy. The accountability policy and operating system primitives are designed and constructed so that the proposed model is provable. Second, Flow-net model is introduced in order to achieve better accountability, which means a logging system should be capable of capturing activities as well as the relationships among activities. Existing logging techniques record isolated events and rely on attributes and time stamps to establish their relationships, and this leads to probable loss of event relationships among large and complex logs. In this chapter, we present the design of flow-net methodology and its implementation in current operating system such as Linux. We demonstrate that the flow-net logging technique is capable of preserving event relationships. Finally, we leverage the overhead introduced by Linux Auditing Framework. Logging is a critical component of Linux auditing. The experiments indicate that the logging overhead can be significant. The chapter aims to leverage the performance overhead introduced by Linux Audit Framework under various usage patterns. The study on the problem leads an adaptive audit logging mechanism. Many security incidents or other important events are often accompanied with precursory events. We identify important precursory events - the vital signs of system activity and the audit events that must be recorded. We then design an adaptive auditing mechanism that increases or reduces the type of events collected and the frequency of events collected based upon the online analysis of the vital sign events.en_US
dc.format.extent147 p.
dc.format.mediumelectronic
dc.format.mimetypeapplication/pdf
dc.identifier.otheru0015_0000001_0001739
dc.identifier.otherZeng_alatus_0004D_12179
dc.identifier.urihttp://ir.ua.edu/handle/123456789/2965
dc.languageEnglish
dc.language.isoen_US
dc.publisherUniversity of Alabama Libraries
dc.relation.hasversionborn digital
dc.relation.ispartofThe University of Alabama Electronic Theses and Dissertations
dc.relation.ispartofThe University of Alabama Libraries Digital Collections
dc.rightsAll rights reserved by the author unless otherwise indicated.en_US
dc.subjectComputer science
dc.titleA study of accountability in operating systemsen_US
dc.typethesis
dc.typetext
etdms.degree.departmentUniversity of Alabama. Department of Computer Science
etdms.degree.disciplineComputer Science
etdms.degree.grantorThe University of Alabama
etdms.degree.leveldoctoral
etdms.degree.namePh.D.
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
file_1.pdf
Size:
1.3 MB
Format:
Adobe Portable Document Format