Selectively monitoring of 'information flow' events??
Marcin Koziej
creep at desk.pl
Sun Nov 20 14:19:53 GMT 2005
Hi,
I'm working on intelligent intrusion detection system for
academic/educational purposes. The labeled objects with information flow
model in TrustedBSD would really be very usefull in my research.
I'd like to plug into TrustedBSD framework and get records:
source -information flow-> destination, possibly being able to change
monitoring selectively by changing the labels (eg: interest level)
It seems OpenBSM is not for me (It gathers information from cooperating
applications).
Maybe I couls write a MAC policy based on src/sys/security/mac_* which
gathers information into a cyclic buffer for userland to read from later?
Meybe there is an audit function already which provites this feature?
Could You provide me with Your reflections on this topic and/or pointers
to documents/source code.
Thank You for Your time,
Best regards,
Marcin Koziej
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-audit" in the body of the message
More information about the trustedbsd-audit
mailing list