Framework de Kernel para um sistema de segurança imunologica
AUTOR(ES)
Martim d Orey Posser de Andrade Carbone
DATA DE PUBLICAÇÃO
2006
RESUMO
The alarming growth in the quantity and the sophistication of the attacks that threaten modem computer systems shows the need for new, more efticient security systems. In nature, there is a biological system that accomplishes this task with a remarkable efticiency: the human immune system. Not only this system is capable of assuring the survival of a human being for decades; it is also capable of learning about new threats and creating defenses to fight them. Its efticiency, combined with the similarity that exists between the biological and the computer security problems, has motivated the creation of the Imuno project, whose goal is the construction of a computer security system based on the principIes of the human immune system. After initial studies, the system s conceptual modeling and the implementation of prototypes of certain Imuno functionalities, this project s goal is to advance towards the construction of a complete, general scope immune security system. In order to accomplish that, the implementation of an operating system leveI framework that supports the prevention, detection and response security functionalities to be used by such a system is necessary. Designed for the 2.6 Linux kernel, this framework is composed of several pre-existing frameworks, such as Linux Security Modules (L8M), Netfilter, Class-based Kernel Resource Management (CKRM), BSD Secure Levels (8EClvl) and UndoFS, adjusted according to the framework requirements; and supplemented by a new multifunctional hook architecture. This architecture expands L8M s native hook infrastructure, making them flexible and generic enough to be used by other security functionalities beyond access control, such as detection and response, and also capable of being controlled from userspace in real-time. A prototype has been implemented for Linux version 2.6.12 and submitted to various tests, aiming to evaluate the performance overhead it creates and its behavior in a simulated attack situation. These tests results are shown at the end of this document, along with a general conclusion about the project and extension proposals
ASSUNTO(S)
computers internet (redes de computação) - medidas de segurança sistemas operacionais (computadores) internet (computer network) computadores - medidas de segurança safety measures linux (computer operating system) operating systems (computers) linux (sistema operacional de computador)
ACESSO AO ARTIGO
http://libdigi.unicamp.br/document/?code=vtls000388253Documentos Relacionados
- Um sistema computacional para análise de segurança em sistemas de energia elétrica
- Uma metodologia para implantação de um Sistema de Gestão de Segurança da Informação
- CERNE ("KERNEL") de sistema operacional para suporte de programas em LANAC
- CERNE ("KERNEL") de sistema operacional para suporte de programas em LANAC
- CERNE ("KERNEL") de sistema operacional para suporte de programas em LANAC
