Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kenfe-Mickael Laventure Laurent Malvert Macquarie University 2008-09-19 LEMONA Linux Enhanced Monitoring Architecture Linux zest for security.

Published byCathleen Hardy Modified over 9 years ago

Similar presentations

Presentation on theme: "Kenfe-Mickael Laventure Laurent Malvert Macquarie University 2008-09-19 LEMONA Linux Enhanced Monitoring Architecture Linux zest for security."— Presentation transcript:

1 Kenfe-Mickael Laventure Laurent Malvert Macquarie University 2008-09-19 LEMONA Linux Enhanced Monitoring Architecture Linux zest for security

2 Lemona – Linux Enhanced Monitoring Architecture22008-09-19Laventure / Malvert Outline Security and Forensics –Forensics –Computer Security –Computer Forensics Related Work Lemona –Project –Overview –Architecture References

3 Lemona – Linux Enhanced Monitoring Architecture32008-09-19Laventure / Malvert Forensics Short for “Forensic Science” Aims at: –Collecting Evidence –Providing Legal Proof (used in court) Concerned with Computers / Networks

4 Lemona – Linux Enhanced Monitoring Architecture42008-09-19Laventure / Malvert Confidentiality AvailabilityIntegrity Computer Security

5 Lemona – Linux Enhanced Monitoring Architecture52008-09-19Laventure / Malvert eaves- dropping tamperingimpersonationrepudiation denial of service illegal access Computer Security

6 Lemona – Linux Enhanced Monitoring Architecture62008-09-19Laventure / Malvert Computer Forensics Memory Analysis… –Volatile Memory (i.e. RAM) –Optical Drives (i.e. CD-ROM) –Magnetic Drives (i.e. HDD, Floppies) … but also Logs Analysis –Network –System

7 Lemona – Linux Enhanced Monitoring Architecture72008-09-19Laventure / Malvert Computer Forensics Incomplete –Logs are not activated by default –Not everything is logged –Not all applications generate logs Unreliable –Generated in User Land –Editable by an Attacker

8 Lemona – Linux Enhanced Monitoring Architecture82008-09-19Laventure / Malvert Outline Security and Forensics –Forensics –Computer Security –Computer Forensics Related Work Lemona –Project –Overview –Architecture References

9 Lemona – Linux Enhanced Monitoring Architecture92008-09-19Laventure / Malvert Related Work Forensix + System Calls Interception + Attack Reconstruction Sarmoria + Memory Mapped Monitoring - Not State Aware Kprobe / DjProbe + Dynamic Kernel Probing + Built in Kernel (but inactive) ReVirt + Sandboxing

10 Lemona – Linux Enhanced Monitoring Architecture102008-09-19Laventure / Malvert Outline Security and Forensics –Forensics –Computer Security –Computer Forensics Related Work Lemona –Project –Overview –Architecture References

11 Lemona – Linux Enhanced Monitoring Architecture112008-09-19Laventure / Malvert Lemona > Project Open Architecture –Open Protocols –Open Source Implementation Decentralized –Local Tracing Components –Remote Monitoring Components Prevention, Detection, Forensics, Recovery –Possible…?

12 Lemona – Linux Enhanced Monitoring Architecture122008-09-19Laventure / Malvert Lemona > Overview Exhaustiveness –Kernel Land Tracer  100% User Land Coverage Integrity –Harder to bypass  Would require Kernel Level code –Integrity Checks Flexible –Variable Granularity Levels –Selectable Hooks

13 Lemona – Linux Enhanced Monitoring Architecture132008-09-19Laventure / Malvert Lemona > Architecture User Application SysCallEntryExecutionReturn Memory Mapped File Open Read/Write Page Fault Close Inside Attackers Outside Attackers Target Storage Point Forensics Tools Lemona traces transmission Architecture > ^ Workflow / Hooks

14 Lemona – Linux Enhanced Monitoring Architecture142008-09-19Laventure / Malvert Outline Security and Forensics –Forensics –Computer Security –Computer Forensics Related Work Lemona –Project –Overview –Architecture References

15 Lemona – Linux Enhanced Monitoring Architecture152008-09-19Laventure / Malvert References > Lemona [home]http://lemona.googlecode.com/http://lemona.googlecode.com/ [blog]http://lemona-project.blogspot.com/http://lemona-project.blogspot.com/ [wiki]http://lemona.googlecode.com/wiki/http://lemona.googlecode.com/wiki/ [SCM]http://lemona.googlecode.com/svn/http://lemona.googlecode.com/svn/ [group]http://groups.google.com/group/lemona/http://groups.google.com/group/lemona/

16 Lemona – Linux Enhanced Monitoring Architecture162008-09-19Laventure / Malvert References > Related –SARMORIA, C. G. & CHAPIN, S. J. (2005) Monitoring access to shared memory-mapped files. Proc. of the 2005 Digital Forensics Research Workshop (DFRWS). New Orleans. –GOEL, A., FENG, W. C., MAIER, D. & WALPOLE, J. (2005) Forensix: a robust, high-performance reconstruction system. Distributed Computing Systems Workshops, 2005. 25th IEEE International Conference on, 155-162. –KRISHNAKUMAR, R. (2005) Kernel korner: kprobes-a kernel debugger. Linux Journal, 2005.

Download ppt "Kenfe-Mickael Laventure Laurent Malvert Macquarie University 2008-09-19 LEMONA Linux Enhanced Monitoring Architecture Linux zest for security."

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer.

G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer.
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.

Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Henric Johnson1 Network Security /. 2 Outline Attacks, services and mechanisms Security attacks Security services Methods of Defense A model for Internetwork.

Henric Johnson1 Network Security /. 2 Outline Attacks, services and mechanisms Security attacks Security services Methods of Defense A model for Internetwork.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Condor Overview Bill Hoagland. Condor Workload management system for compute-intensive jobs Harnesses collection of dedicated or non-dedicated hardware.

Condor Overview Bill Hoagland. Condor Workload management system for compute-intensive jobs Harnesses collection of dedicated or non-dedicated hardware.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]

1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus - 2007.

Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Cryptography and Network Security

Cryptography and Network Security

Similar presentations

Ads by Google