Improving audit sources by categorizing security monitoring systems
Benjamin Kuperman - PhD Candidate, Purdue University
Apr 21, 2004
AbstractCurrently, security monitoring systems are built around the existing
audit sources present on an operating system. Those sources (if they
exist) frequently were designed based on the now-retired Orange Book
criteria for Trusted Computing. Additionally, these monitoring systems
are usually classified based on the algorithm being used to make
decisions and the structural characteristics. Such categorizations
have limited utility outside of an academic context.
This talk describes a project wherein computer security monitoring
systems were classified in a new manner based on the goals of
monitoring as well as the timeliness of the detection performed. This
categorization was then used to design and build prototype audit
libraries that supply information designed to specifically support a
particular type of detection.
About the SpeakerBenjamin Kuperman is a Doctoral candidate in Computer Sciences at
Purdue University. Since 1998, he has been a graduate research
assistant in both the COAST lab and CERIAS at Purdue working with
Professor Gene Spafford. He is currently finishing his
dissertation on a categorization of computer security monitoring
systems and building audit sources tailored to the goals of
Benjamin Kuperman earned his M.S. in Computer Sciences from Purdue
in 1999, and a B.S.E. in Computer Science and Engineering and a
B.S. in Mathematics from the University of Toledo in 1997. His
current research interest include host based security monitoring
systems, operating system auditing, and computer forensics.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.