Browse > Article
http://dx.doi.org/10.6109/jkiice.2011.15.11.2381

Efficient Fine-grained Log Auditing using Correlation Method based on Secure OS  

Koo, Ha-Sung (한서대학교 컴퓨터정보공학과)
Park, Tae-Kyou (한서대학교 컴퓨터정보공학과)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.15, no.11, 2011 , pp. 2381-2390 More about this Journal
Abstract
This paper presents the effective and detailed secure monitoring method being used based on Secure OS. For this, the detailed secure log of process, object, user's command and database query in task server are collected by 3 kinds of log collecting module. The log collecting modules are developed by ourselves and contained as constituents of security system. Secure OS module collects process and system secure log of objective unit, Backtracker module collects user's command session log, SQLtracker module collects database query in details. When a system auditor monitors and traces the behaviour of specified user or individual user, the mutual connection method between the secure logs can support detailed auditing and monitering effectively.
Keywords
Log; Auditing; Correlation Method; Secure OS; SOX;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 지식경제부, '보안 OS기반 SOX 대응 내부통제 시스템 개발', 티에스온넷(주), 2009.
2 Splunk Inc., White paper: Splunk for Security, 2011.
3 ArcSight Inc., White paper: Using Advanced Event Correlation to improve Enterprise Security, Compliance and Business Posture, 2011.
4 Wipro Technologies, White paper: Understanding Event Correlation and the Need for Security Information management, 2011.
5 박태규, 임연호, "커널 기반의 보안 리눅스 운영체제 구현", 정보보호학회, 2001.
6 Definition of Normalization. Web site http://www.dmreview.com/glossary/n.html
7 김성락, "상호연관성 분석을 이용한 웹서버 보안관리 시스템", 한국컴퓨터정보학회 논문지, 2004.
8 황현욱, 김민수, 노봉남, "감사로그 상관관계를 통한 호스트기반의 침입탐지시스템", 정보보호학회 논문지, 2003.6.
9 Definition of correlation. Web site http://www.ojp.usdoj.gov/BJA/evaluation/glossary/glossary_c.htm
10 netIQ John Q, W.2001. White Paper. Security event correlation: Where are we now? Electronic version found at Development," Communications of the ACM, 40, pp. 71-79, May 1997.
11 Robert Rinnan, "Benefits of Centralized Log file Correlation", Gjovik University College, 2005.
12 Forte, DV.2004. The "art of log correlation". http://www.infosecsa.co. za /proceedings2004/006.pdf
13 Cristina Abad et al, "Log correlation for intrusion detection: A proof of concept", 19th Annual Computer Security Applications Conference, Las Vegas, 2003.