Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cost of Security Auditing Focus Matthew Chambers (Michigan Technological University) Kevin Lopez (California State University, San Bernardino) Casey Mortensen.

Published bySheena McDowell Modified over 9 years ago

Similar presentations

Presentation on theme: "Cost of Security Auditing Focus Matthew Chambers (Michigan Technological University) Kevin Lopez (California State University, San Bernardino) Casey Mortensen."— Presentation transcript:

1 Cost of Security Auditing Focus Matthew Chambers (Michigan Technological University) Kevin Lopez (California State University, San Bernardino) Casey Mortensen (New Mexico Institute of Mining and Technology) Mentor: David Kennel (DCS-1) Instructor: Andree Jacobson (NMC) 2011 Computer System, Cluster and Networking Summer Institute

2 Introduction  What is the audit daemon?  What purpose does auditd serve?  What is the cost of security?

3 Auditd  Kernel level service  Intrusion Detection System  Does not prevent malicious activity Novell © - http://www.novell.com/documentation/sled10/pdfdoc/audit_sp1/audit _sp1.pdf

4 The Benefits of Auditd  Increased security  Monitor file activity  Monitor syscall activity  Creates detailed logs  User info, syscall used, timestamp, etc.  Robust search and filter implementations  Easy, manageable logging rotation solution

5 The Drawbacks of Auditd  Performance degradation  CPU interrupts  Context Switching  Logging  Only a detection system

6 Results (Small File I/O)

7

8 Results (Intel MPI)

9 Results (Syscalls)

10 Hybrid Benchmark Init Calculate prime in range Write to file CHMODCHMOD Read all files Calculate prime in range Write to one file Fork CPython BASH

11 Results (Hybrid)

12 What to consider…  Scaling  Protection Measures (SE Linux)  NFS vs Audit Dispatcher  SSD and RAM performance

13 Conclusion  Performance Cost  Non-CAPP rules  CAPP Rules  Recommendation  Minimal day to day impact  Implement Auditing

14 Questions?

Download ppt "Cost of Security Auditing Focus Matthew Chambers (Michigan Technological University) Kevin Lopez (California State University, San Bernardino) Casey Mortensen."

Similar presentations

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.
Trusted System Elements and Examples CS461/ECE422 Fall 2011.

Trusted System Elements and Examples CS461/ECE422 Fall 2011.
System Area Network Abhiram Shandilya 12/06/01. Overview Introduction to System Area Networks SAN Design and Examples SAN Applications.

System Area Network Abhiram Shandilya 12/06/01. Overview Introduction to System Area Networks SAN Design and Examples SAN Applications.
CS426Fall 2010/Lecture 71 Computer Security CS 426 Lecture 7 Operating System Security Basics.

CS426Fall 2010/Lecture 71 Computer Security CS 426 Lecture 7 Operating System Security Basics.
Honeypots and Network Security Research by: Christopher MacLellan Project Mentor: Jim Ward EPSCoR and Honors Program.

Honeypots and Network Security Research by: Christopher MacLellan Project Mentor: Jim Ward EPSCoR and Honors Program.
CS526 - Advanced Internet & Web Systems May 11, 2009 Nathan Archer.

CS526 - Advanced Internet & Web Systems May 11, 2009 Nathan Archer.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Transparent Process Migration for Distributed Applications in a Beowulf Cluster Mark Claypool and David Finkel Computer Science Department Worcester Polytechnic.

Transparent Process Migration for Distributed Applications in a Beowulf Cluster Mark Claypool and David Finkel Computer Science Department Worcester Polytechnic.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
Jharrod LaFon (HPC-3) Jim Williams (HPC-3) 2011 Computer System, Cluster, and Networking Summer Institute Russell Husted (MTU) Derek Walker (NCA&TSU) Povi.

Jharrod LaFon (HPC-3) Jim Williams (HPC-3) 2011 Computer System, Cluster, and Networking Summer Institute Russell Husted (MTU) Derek Walker (NCA&TSU) Povi.
Performance Evaluation of Load Sharing Policies on a Beowulf Cluster James Nichols Marc Lemaire Advisor: Mark Claypool.

Performance Evaluation of Load Sharing Policies on a Beowulf Cluster James Nichols Marc Lemaire Advisor: Mark Claypool.
1 Performance Evaluation of Load Sharing Policies with PANTS on a Beowulf Cluster James Nichols Mark Claypool Worcester Polytechnic Institute Department.

1 Performance Evaluation of Load Sharing Policies with PANTS on a Beowulf Cluster James Nichols Mark Claypool Worcester Polytechnic Institute Department.
ThreadsThreads operating systems. ThreadsThreads A Thread, or thread of execution, is the sequence of instructions being executed. A process may have.

ThreadsThreads operating systems. ThreadsThreads A Thread, or thread of execution, is the sequence of instructions being executed. A process may have.
Virtual Machine Monitors CSE451 Andrew Whitaker. Hardware Virtualization Running multiple operating systems on a single physical machine Examples:  VMWare,

Virtual Machine Monitors CSE451 Andrew Whitaker. Hardware Virtualization Running multiple operating systems on a single physical machine Examples:  VMWare,
Department Of Computer Engineering

Department Of Computer Engineering
Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.
I/O Systems ◦ Operating Systems ◦ CS550. Note:  Based on Operating Systems Concepts by Silberschatz, Galvin, and Gagne  Strongly recommended to read.

I/O Systems ◦ Operating Systems ◦ CS550. Note:  Based on Operating Systems Concepts by Silberschatz, Galvin, and Gagne  Strongly recommended to read.
Computer Organization Review and OS Introduction CS550 Operating Systems.

Computer Organization Review and OS Introduction CS550 Operating Systems.
Rensselaer Polytechnic Institute CSCI-4210 – Operating Systems David Goldschmidt, Ph.D.

Rensselaer Polytechnic Institute CSCI-4210 – Operating Systems David Goldschmidt, Ph.D.

Similar presentations

Ads by Google