Audit Trails in the Aeolus Distributed Security Platform
Author(s)
Popic, Victoria
DownloadMIT-CSAIL-TR-2010-048.pdf (920.3Kb)
Other Contributors
Programming Methodology
Advisor
Barbara Liskov
Metadata
Show full item recordAbstract
This thesis provides a complete design and implementation of audit trail collection and storage for Aeolus, a distributed security platform based on information flow control. An information flow control system regulates all activities that concern information security. By recording all the operations monitored by Aeolus, our audit trails capture all actions that can affect system security. In our system, event records are collected on each system node and shipped to a centralized location, where they are stored and processed. To correlate audit trail events of different system nodes we store event dependencies directly in the event records. Each audit trail record keeps links to its immediate predecessors. Therefore, our audit trails form dependency graphs that capture the causal relationship among system events. These graphs can be used to reconstruct the chains of events leading to a given system state. Our results show that audit trail collection imposes a small overhead on system performance.
Description
MEng thesis
Date issued
2010-09-29Series/Report no.
MIT-CSAIL-TR-2010-048