Application-Specific Audit Trails
Mentor
Abstract
Audit is a critical element in operating system security evaluation.With this project an effort will be done to design and implement an application audit system, that will allow application-specific security events to be recorded and managed with an efficient, reliable and trustworthy way.That could be a great addition to the current TrustedBSD project, as it will allow sysadmins to monitor application related security events and consequently enhance application-centric security evaluation.
Timeline
(Community bonding period will also be used for coding)
- 3 weeks : A functional application specific audit framework, in kernel space is ready.
- 1 week : Extend the existing API(libbsm) to support multiple trails.
- 2 weeks : Cleanup above code, look for bugs and security holes.
Midterm Evaluations
- 2 weeks : Extend Auditd to support multiple trails/Test functionality
- 1 week : Mysql Audit Support
- 1 week : Apache2 Audit Support
- 2 weeks : Clean up all code, add comments and do extensive testing of the completed features.
- Stress Test the system at several conditions/Search for security holes.
End of GSoC