Browse > Article
http://dx.doi.org/10.13089/JKIISC.2011.21.4.101

A Study on System Tracing User Activities in the Windows Operating System  

Jung, Chang-Sung (Dept. of Computer Engineering, Graduate School of Information and Communications, Hanbat National University)
Kim, Young-Chan (Dept. of Computer Engineering, Graduate School of Information and Communications, Hanbat National University)
Abstract
As it seems like critical information leakages have been increasing due to industrial espionage and malicious internal users, the importance of introducing audit and log security technology is growing every now and then. In this paper, we suggest the session logging system for the company's internal control to meet the SOX legislation level, by monitoring and analyzing users behaviors connecting to the business-critical Operating System. The system proposed in this paper aims to monitor the user's illegal activities in the Operating System, and to present the clear evidence of purpose of those activities by detailed logs. For this purpose, we modified Operating System by adding multiple services suggested in this paper. These services utilize interfaces provided by the existing Operating System and add functions to control access and get logs. The system saves and manages session logs of users or administrators connected to the server with centralized log storage. And the system supports session log searching and lookup features required by SOX legislation for the company's internal controls with the level of computer forensics and logging technology.
Keywords
Sarbanes-Oxley Act; Computer Forensics; User Activities;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 김경호, "회계투명성 확보는 기업의 장기 성장전략: 엔론 사태의 교훈," 회계기준위원회, 2002년 3월.
2 M. Souppaya and K. Kent, "Guide to Computer Security Log Management," National Institute of Standards and Technology, Apr. 2006.
3 D.C. Brewer, "Security Controls for Sarbanes-Oxley Section 404 IT," Wiley, May. 2006.
4 내부회계관리제도운영위원회, "내부 회계 관리제도 모범규준," 금융감독원, 2005년 6월.
5 이도영, 김일곤, "법적 증거능력 및 증명력을 위한 컴퓨터 포렌식에 관한 연구," 한국정보처리학회 춘계학술발표대회 논문집, 11(1), pp. 1149-1152, 2004년 5월.
6 J. Shenk, "SANS Annual 2009 Log Management Survey," SANS, Apr. 2009.
7 김완집, 염흥열, "이기종 로그에 대한 통합관리와 IT 컴플라이언스 준수," 정보보호학회지, 20(5), pp. 65-73, 2010년 10월.
8 고은주, 오세민, 장은겸, 이종섭, 최용락, "컴퓨터 포렌식스 지원을 위한 시스템 로그 및 휘발성 정보수집에 관한 연구," 한국정보기술전략혁신학회, 10(4), pp. 41-56, 2007년 12월.
9 J. Babbin, D. Kleiman and E.F. Carter, Security Log Management, SYNGRESS, pp. 244-251, Jan. 2006.
10 R. Rinnan, "Benefits of Centralized Log file Correlation," Master's Thesis, Gjovik University College, Jan. 2005.
11 J.Q. Walker, "Security Event Correlation: Where Are We Now?," NetIQ Corporation, Nov. 2001.
12 I. Ivanov, "API hooking revealed," available at http://www.codeproject.com/KB/ system/hooksys.aspx, 2002.
13 P. Dabak, S. Phadke and M. Borate, Undocumented Windows NT, M&T Books, Oct. 1999.
14 M. Pollitt, "Computer Forensics: An Approach to Evidence in Cyberspace," Proceedings of the National Information Systems Security Conference, Vol. II, pp. 487-491, Oct. 1995.