What I did this summer

Sep 08, 1995

Abstract

Operating Systems vendors are becoming increasingly aware of the commercial benefits in selling C2 compliant systems. Part of the C2 specification states that system activites must be audited, and those audit trails stored securely.
HP has begun a project to enhance their kernel (HPUX 10.0) to effectively generate and process large volumes of audit data. As part of a feasability study, they wished to demonstrate a use for the collected audit data. An Intrusion Detection System was developed to show a potential application of monitoring audit trails.

I will be describing the motivation for the IDS and its design. It was built using a new paradigm - that of autonomous agents, developed by me in the COAST Laboratory. It also took advantage of the Streams capability recently added to the HPUX kernel. Achievements of this work will be discussed, and future issues and goals will be outlined.