SAINT-ly Protection of Computer Systems

Sep 13, 1996

Abstract

One problem with Unix systems and security tools currently in use is that they generate several different log files, in different formats and different places. It's up to the administrator to read them all, and it's often difficult to do this in a consistent fashion. Furthermore, there may be entries in these log files that, by themselves, aren't very significant, but that when associated with entries in other log files, could point to possible problems.

This talk presents the design of SAINT, a tool being developed at the National Autonomous University of Mexico that will allow integrated analysis of information gathered from various sources, such as security tools and system logs. By simulating events occurring in the systems, and collected from the different sources, SAINT will allow detection, or even prevention of problems that may otherwise go undetected due to lack of information about them in any single place. SAINT's modular and extensible architecture make it feasible to add new modules for processing new data types, detecting new kinds of problems, or presenting the results in different formats.