论述了基于B3级安全操作系统审计报警模块增强策略与方法。在审计面扩展方面,通过分析系统进程通信与资源使用特征,增加隐蔽通道审计;在报警决策方面,根据应用场景,提出了一种以具有丰富语义的审计事件为出发点的报警决策方案。通过审计事件多角度分析、安全字段参数控制、审计序列关联分析、由时间戳控制隐蔽通道阈值、引入干扰等阻止信息传递策略,增强了系统的安全性能。
How to design and develop the audit module for secure operating system of B3 level were discussed. Adding the audit of covert channel to improve the audit design by analyzing the inter process communication and the character of the system. A mechanism of alert based on the audit event was put forward. The key measure was composed of the audit of secure parameter and the analysis of interrelated event and the timestamps of the covert channel. The system secure performance was enhanced.