Distributed security auditing subsystem for an operating system

Patent 5032979 Issued on July 16, 1991. Estimated Expiration Date:

June 22, 2010. Estimated Expiration Date is calculated based on simple USPTO term provisions. It does not account for terminal disclaimers, term adjustments, failure to pay maintenance fees, or other factors which might affect the term of a patent.

Abstract Claims Description Full Text

Patent References

Software version management system
Patent #: 4558413
Issued on: 12/10/1985
Inventor: Schmidt , et al.

Method for monitoring receipt and stocking of goods in a direct store delivery
Patent #: 4621325
Issued on: 11/04/1986
Inventor: Naftzger , et al.

Protector system for computer access and use
Patent #: 4672572
Issued on: 06/09/1987
Inventor: Alsberg

Console unit for clustered digital data processing system
Patent #: 4720782
Issued on: 01/19/1988
Inventor: Kovalcin

Insertion machine with audit trail and command protocol
Patent #: 4734865
Issued on: 03/29/1988
Inventor: Scullion , et al.

Security system for microcomputers
Patent #: 4757533
Issued on: 07/12/1988
Inventor: Allen , et al.

Method of file access in a distributed processing computer network
Patent #: 4825354
Issued on: 04/25/1989
Inventor: Agrawal , et al.

Reconfigurable well logging system
Patent #: 4970644
Issued on: 11/13/1990
Inventor: Berneking, et al.

Database usage metering and protection system and method Patent #: 4977594
Issued on: 12/11/1990
Inventor: Shear

Inventors

Application

No. 542688 filed on 06/22/1990

US Classes:

713/164Security kernel or utility

Examiners

Primary: MacDonald, Allen R.
Assistant: Ray, Gopal C.

Attorney, Agent or Firm

Hoel; John E.

International Classes

H04L 009/00
G06F 015/16
G06F 013/00

Abstract

The distributed auditing subsystem invention runs in a UNIX-like operating system environment with a hierarchical file system. The invention provides an audit trail of accesses to the objects it protects and maintains and protects that audit trail from modification or unauthorized access or destruction. The audit data generated by the invention is protected so that read access to it is limited to those who are authorized for audit data. The invention enables the recording of events which are relevant to the maintenance of the security of the system, such as the use of identification and authentication mechanisms, the introduction of objects into a user's address space, the deletion of such objects, actions taken by computer operators and system administrators and/or system security officers, and other security relevant events. The invention generates an audit record for each recorded event which includes the date and time of the event, the user, the type of event, and the success or failure of the event. The invention performs an on-line compression of the audit trail log file using a UNIX-type daemon process. The audi daemon process has a restartable feature that enables it to recover after node failures.

Other References

The Design of the Unixoperating System--Maurice J. Bach, 1986, pp. 422-429
An Introduction to Database Systems--C. J. Date, 1983, pp. 11-13
J. Picciotto, "The Design of an Effective Auditing Subsystem," Proceedings of the 1987 IEEE Symposium on Security and Privacy, Oakland, Calif., pp. 13-22 (Apr. 1987)
T. A. Berson, et al., "KSOS--Development Methodology for a Secure Operating System," Proc. of the Natl. Comp. Conf., vol. 48, AFIPS Press, 1979, Montvale, N.J., pp. 365-372
S. Kramer, "LINUS IV--An Experiment in Computer Security," Proc. of the 1984 Symposium on Security and Privacy, Oakland, Calif., Apr. 1984, pp. 24-33
G. J. Popek et al., "UCLA Secure Unix," Proc. of the Natl. Comp. Conf., vol. 48, AFIPS Press, 1979, Montvale, N.J., pp. 355-364
V. D. Gligor, et al., "On the Design and Implementation of Secure Xenix Workstations," IEEE Symposium on Security, 4/86, pp. 102-11