Exploring System-Level Resource Access Auditing with System Call Overloading
System-level resource access auditing is a critical aspect of ensuring security and compliance in software systems. In this article, we will explore an innovative approach to system-level resource access auditing using system call overloading.
Project Scope and Team
The project, named “NIS3302-okftools,” involves a team of developers consisting of Ma Jiale, Wang Zirui, Sun Jingxuan, Zhang Tianshuo, and Wang Hexi. Their primary goal was to develop a tool that can audit system-level resource access by overloading system calls.
System Architecture and Technology Stack
The development environment for this project was Ubuntu 22.04 running Linux kernel version 5.19. The team focused on retrieving the system call table, implementing system call overloading and address writing, and enabling communication between the kernel and user-space. They also developed a graphical user interface for convenient user interaction.
Robust Data Model and Logging
The tool implemented in this project is capable of capturing and logging critical information related to resource access. The team implemented a comprehensive logging mechanism that records information and attempts related to each system call. This logging functionality allows for easy tracking and analysis of resource access events.
Usage and Deployment
To use the “okftools” package, follow these steps:
-
Install the package by running the command
pip install okftools.
-
Verify the installation by running
pip show okftools.
-
Navigate to the okftools directory using the command
cd okftools path. -
Execute the command
./oktfoolsto use the okftools.
Important Note and Troubleshooting
If you encounter the error “libGL error: failed to load driver: swrast” or “libGL error: failed to load driver: vmwgfx,” try resolving it by executing the following command: conda install -c conda-forge gcc=12.1.0. This may solve the issue and ensure smooth execution of the okftools package.
In conclusion, the NIS3302-okftools project presents an innovative approach to system-level resource access auditing through system call overloading. The robust data model, logging mechanism, and graphical user interface make it a powerful tool for analyzing and monitoring resource access events. By following the provided instructions, users can easily set up and utilize the okftools package. This project showcases the importance of systematic auditing in ensuring the security and compliance of software systems. If you have any questions or need further assistance, please feel free to reach out.
References:
– NIS3302-okftools Repository
– Ubuntu
– Linux Kernel
Leave a Reply