Auditing overhead, auditing adaptation, and benchmark evaluation in Linux

Logging is a critical component of Linux auditing. However, our experiments indicate that the logging overhead can be significant. The paper aims to leverage the performance overhead introduced by Linux audit framework under various usage patterns. The study on the problem leads to an adaptive audit-logging mechanism. Many security incidents or other important events are often accompanied with precursory events. We identify important precursory events - the vital signs of system activity and the audit events that must be recorded. We then design an adaptive auditing mechanism that increases or reduces the type of events collected and the frequency of events collected based upon the online analysis of the vital-sign events. The adaptive auditing mechanism reduces the overall system overhead and achieves a similar level of protection on the system and network security. We further adopt LMbench to evaluate the performance of key operations in Linux with compliance to four security standards. Copyright © 2015 John Wiley & Sons, Ltd.

[1]  Yang Xiao Flow-net methodology for accountability in wireless networks , 2009, IEEE Network.

[2]  Yang Xiao,et al.  Achieving Accountable MapReduce in cloud computing , 2014, Future Gener. Comput. Syst..

[3]  Bo Fu,et al.  Accountability and Q-Accountable Logging in Wireless Networks , 2014, Wireless Personal Communications.

[4]  J. Gabriel The Defense , 2013 .

[5]  Yang Xiao Accountability for wireless LANs, ad hoc networks, and wireless mesh networks , 2008, IEEE Communications Magazine.

[6]  Yang Xiao,et al.  A Survey of Payment Card Industry Data Security Standard , 2010, IEEE Communications Surveys & Tutorials.

[7]  Yang Xiao,et al.  Linux auditing: Overhead and adaptation , 2015, 2015 IEEE International Conference on Communications (ICC).

[8]  Bo Fu,et al.  GlobalView: building global view with log files in a distributed/networked system for accountability , 2014, Secur. Commun. Networks.

[9]  E. Todeva Networks , 2007 .

[10]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[11]  Zahir Tari,et al.  Security and Privacy in Cloud Computing , 2014, IEEE Cloud Computing.

[12]  George Wilson,et al.  Extending Linux for Multi-Level Security , 2007 .

[13]  Daisuke Takahashi,et al.  Accountability using flow-net: design, implementation, and performance evaluation , 2012, Secur. Commun. Networks.

[14]  David F. Ferraiolo,et al.  Role-Based Access Controls | NIST , 1992 .

[15]  Yang Xiao,et al.  Building a wireless capturing tool for WiFi , 2009, Secur. Commun. Networks.