【作者】 仰石；

【导师】 李涛；

【作者基本信息】 四川大学 ， 计算机软件与理论， 2005， 硕士

【摘要】 信息技术和互联网技术地迅猛发展在给人们带来了生活方便的同时也引入了众多的安全问题,因此对计算机信息系统的安全性研究也日益得到人们的重视和关注。而传统的安全防护措施如防火墙技术、入侵检测技术等都有自己的局限性。而安全审计系统是一个完整安全框架中的一个必要环节,作为防火墙和入侵检测等系统的一个补充,它能够检测出某些入侵检测无法检测的特殊的入侵行为;可以对入侵行为进行记录并在任何时间对其进行再现以达到取证的目的;另外它还可以用来提取一些未知的或未被发现的入侵行为模式等。在安全审计系统中,可靠、完整的日志记录信息是安全审计的基础和核心。然而在传统安全审计中,日志记录以明文形式存放,日志记录容易被人非法篡改或破坏;日志的定义不够完整;日志一般是限于本机存储,容量有限;分析审计也仅限于简单的查询等功能。在本文中,利用数字水印技术与传统的数字加密算法相结合的办法使日志记录的安全性得到更大的提高,其水印日志通过安全VPN 存放于远程专用日志服务器,从而能很好的避免日志被篡改、伪造。在数字水印日志基础上实现的安全日志审计,分析审计也就具有可信性与说服力,分析审计结果也就具有很高的合法性与权威性。具体说来,本文的主要工作: (1) 对现行安全审计系统的模型和流程进行了分析和阐述,对两种类型的安全审计进行了分析比较。(2) 分析了数字水印相关技术以及其实现模型,并在系统中实现了水印添加与水印验证模型。(3) 构建了远程安全日志服务器,将日志采集点的日志能过安全VPN 存放到远程日志服务器。更多还原

【Abstract】 With the convenience contributed by rapid development of information technology and Internet, numerous security problems have been introduced. Therefore, the research of security in computer information system has arisen the attention and recognition increasingly. As traditional methods of network security, firewall technology and intrusion detection system (IDS) both have their shortcomings and limitations. As an indispensable part of the complete security framework and a complement of firewall system and IDS, Security Audit System (SAS) can detect some special potential security violations that IDS can’t find out; it can record the intrusions and recur them at any time for us to get network intrusion evidence. It can also be used to pick up some unknown or undetected intrusion modes. In the process of security audit, Reliability and integrity of log is the foundation and kernel. But the traditional log is stroraged with plain text, and can be easily modified or destroyed lawlessly. The definition of log is incomplete. The log is usually stored at the local machine, the capability of storage is limited, and audit analysis is limited to the function of simple inquiry. This paper shows that the security of log can be improved by the combination of digital-watermarking technology and traditional encryption, and modification and falsification of the log can be well avoided, and the digital-watermarking log is storaged in the remote log server through the Virtual private network (VPN). The process of audit and analysis based on digital-watermarking has more reliability and stringency. Therefore, the result of audit has much higher validity and authority. Specifically, the contribution in the paper includes the following: 1. Analysis and explanation of the model and process of the current security audit system and a comparison between two types of security audit is included. 2. Analysis of the correlative technology and model of digital-watermarking, and implementation of the model of adding watermark and validating watermark. 3. The long-distance security log server is set up, and logs can be stored in the long-distance log server through virtual private network (VPN). 4. A definition of different log files in the log server is made, and the integrity of the files is secured by modification of the head of the files. 5. Implementation of the model of security log audit based on correlative files is made in the log server, and the rule library of security audit is defined with reference to the rule library of snort. 6. The fields of logs, the rules and results of the security audit are defined and illuminated in the log server.更多还原