Article

SAINT: A Security Analysis Integration Tool

04/1997;
Source: CiteSeer

ABSTRACT

This paper presents the design of SAINT, a tool being developed at the National Autonomous University of Mexico that will allow integrated analysis of information gathered from various sources, such as security tools and system logs. By simulating events occurring in the systems, and collected from the different sources, SAINT will allow detection, or even prevention of problems that may otherwise go undetected due to lack of information about them in any single place. SAINT's modular and extensible architecture make it feasible to add new modules for processing new data types, detecting new kinds of problems, or presenting the results in different formats. 1 Introduction --- The Problem As part of the ongoing computer security activities at the National AutonomousUniversity of Mexico (UNAM), the use of various security tools has been promoted as one of many ways of increasing Unix system security. Until now, only freely available tools have been used, mainly because they cove...

Full-text preview

Available from: psu.edu
  • [Show abstract] [Hide abstract]
    ABSTRACT: Organizations more often than not lack comprehensive security policies and are not adequately prepared to protect their systems against intrusions. This paper puts forward a review of the state of the art and state of the applicability of intrusion detection systems and models. The paper also presents a classification of literature pertaining to intrusion detection.
    No preview · Conference Paper · Feb 2002
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: A basic method in computer security is to perform integrity checks on the file system to detect the installation of malicious programs, or the modification of sensitive files. Integrity tools to date rely on the operating system to function correctly, so once the operating system is compromised even a novice attacker can easily defeat these tools. A novel way to overcome this problem is the use of an independent auditor, which uses an out-of-band verification process that does not depend on the underlying operating system. In this paper we present a definition of independent auditors and a specific implementation of an independent auditor using an embedded system attached to the PCI bus.
    Preview · Article · Jan 2003
  • [Show abstract] [Hide abstract]
    ABSTRACT: Organizations more often than not lack comprehensive security policies and are not adequately prepared to protect their systems against intrusions. This paper puts forward a review of state of the art and state of the applicability of intrusion detection systems and models. The paper also presents a classification of literature pertaining to intrusion detection.
    No preview · Article · Oct 2003 · Information Management & Computer Security
Show more