1 / 16

LEMONA Linux Enhanced Monitoring Architecture

LEMONA Linux Enhanced Monitoring Architecture. Linux zest for security. Outline. Security and Forensics Forensics Computer Security Computer Forensics Related Work Lemona Project Overview Architecture References. Forensics. Short for “Forensic Science” Aims at: Collecting Evidence

ryo
Download Presentation

LEMONA Linux Enhanced Monitoring Architecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LEMONALinux Enhanced Monitoring Architecture Linux zest for security

  2. Outline • Security and Forensics • Forensics • Computer Security • Computer Forensics • Related Work • Lemona • Project • Overview • Architecture • References

  3. Forensics • Short for “Forensic Science” • Aims at: • Collecting Evidence • Providing Legal Proof (used in court) • Concerned with Computers / Networks

  4. Computer Security

  5. Computer Security

  6. Computer Forensics • Memory Analysis… • Volatile Memory (i.e. RAM) • Optical Drives (i.e. CD-ROM) • Magnetic Drives (i.e. HDD, Floppies) • … but also Logs Analysis • Network • System

  7. Computer Forensics • Incomplete • Logs are not activated by default • Not everything is logged • Not all applications generate logs • Unreliable • Generated in User Land • Editable by an Attacker

  8. Outline • Security and Forensics • Forensics • Computer Security • Computer Forensics • Related Work • Lemona • Project • Overview • Architecture • References

  9. Related Work

  10. Outline • Security and Forensics • Forensics • Computer Security • Computer Forensics • Related Work • Lemona • Project • Overview • Architecture • References

  11. Lemona > Project • Open Architecture • Open Protocols • Open Source Implementation • Decentralized • Local Tracing Components • Remote Monitoring Components • Prevention, Detection, Forensics, Recovery • Possible…?

  12. Lemona > Overview • Exhaustiveness • Kernel Land Tracer  100% User Land Coverage • Integrity • Harder to bypass  Would require Kernel Level code • Integrity Checks • Flexible • Variable Granularity Levels • Selectable Hooks

  13. Lemona > Architecture Outside Attackers Storage Point Target Lemona tracestransmission ^Workflow / Hooks Architecture > Inside Attackers Forensics Tools

  14. Outline • Security and Forensics • Forensics • Computer Security • Computer Forensics • Related Work • Lemona • Project • Overview • Architecture • References

  15. References > Lemona [home]http://lemona.googlecode.com/ [blog]http://lemona-project.blogspot.com/ [wiki]http://lemona.googlecode.com/wiki/ [SCM]http://lemona.googlecode.com/svn/ [group]http://groups.google.com/group/lemona/

  16. References > Related • SARMORIA, C. G. & CHAPIN, S. J. (2005)Monitoring access to shared memory-mapped files.Proc. of the 2005 Digital Forensics Research Workshop (DFRWS). New Orleans. • GOEL, A., FENG, W. C., MAIER, D. & WALPOLE, J. (2005)Forensix: a robust, high-performance reconstruction system.Distributed Computing Systems Workshops, 2005. 25th IEEE International Conference on, 155-162. • KRISHNAKUMAR, R. (2005)Kernel korner: kprobes-a kernel debugger.Linux Journal, 2005.

More Related