Analyzing Audit Trails in the Aeolus Security Platform

Download: pdf.

“Analyzing Audit Trails in the Aeolus Security Platform” by Aaron Blankstein. Masters thesis, MIT, (Cambridge, MA, USA), June 2011.

Abstract

This thesis presents the design and implementation of an analysis system for audit trails generated by Aeolus, a distributed security platform based on information flow control. Previous work focused on collecting these audit trails in the form of event logs. This thesis presents a model for representing these events and a system for analyzing them. In addition to allowing users to issue SQL queries over the audit log, this analysis system provides mechanisms for active monitoring of events. This thesis introduces a new model for event monitoring called watchers. These watchers receive updates about events from a watcher manager. This manager allows watchers to specify filters and rules for dynamically modifying those filters. My results show that this analysis system can efficiently process large event logs and manage large sets of queries.

Download: pdf.

BibTeX entry:

@mastersthesis{blanks11:_analyze_audit_aeolus_secur_platf,
   author = {Aaron Blankstein},
   title = {Analyzing Audit Trails in the {Aeolus} Security Platform},
   school = {MIT},
   address = {Cambridge, MA, USA},
   month = jun,
   year = {2011}
}

Also see all authors, all publications by date, and all publications by topic.

Programming Methodology Group