Benjamin Kuperman - PhD Candidate, Purdue University

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

Improving audit sources by categorizing security monitoring systems

Apr 21, 2004

Abstract

Currently, security monitoring systems are built around the existing
audit sources present on an operating system. Those sources (if they
exist) frequently were designed based on the now-retired Orange Book
criteria for Trusted Computing. Additionally, these monitoring systems
are usually classified based on the algorithm being used to make
decisions and the structural characteristics. Such categorizations
have limited utility outside of an academic context.

This talk describes a project wherein computer security monitoring
systems were classified in a new manner based on the goals of
monitoring as well as the timeliness of the detection performed. This
categorization was then used to design and build prototype audit
libraries that supply information designed to specifically support a
particular type of detection.

About the Speaker

Benjamin Kuperman is a Doctoral candidate in Computer Sciences at
Purdue University. Since 1998, he has been a graduate research
assistant in both the COAST lab and CERIAS at Purdue working with
Professor Gene Spafford. He is currently finishing his
dissertation on a categorization of computer security monitoring
systems and building audit sources tailored to the goals of
detection.

Benjamin Kuperman earned his M.S. in Computer Sciences from Purdue
in 1999, and a B.S.E. in Computer Science and Engineering and a
B.S. in Mathematics from the University of Toledo in 1997. His
current research interest include host based security monitoring
systems, operating system auditing, and computer forensics.

Ways to Watch

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!