GR-251 Operating System (OS) Security: Identifying Vulnerable Logging Events and Logging Optimization to Detect OS Threats
Event Website
https://sites.google.com/view/jobair/projetcs/operating-systems-security
Document Type
Event
Start Date
1-12-2022 5:00 PM
Description
Modern operating systems have security threats from different perspectives, logging for instance. Logging refers to a collection of computer activities uses for statistical purposes, and it becomes a fundamental feature of OS. Analysis of events of logs allows not only the detection and debugging of OS but also configuration errors of applications. Cyberattackers can utilize logging information that can jeopardize operating systems' security. In this research paper, we investigate operating systems logging mechanisms of modern operating systems where we focus on Microsoft Windows OS. We introduce different security issues related to logging and emphasize the selection and optimization of logging events for the Windows 11 event viewer to find features of the logging service that can be exploited by malicious individuals to conduct vulnerability in OS. We identify various unwanted logging features that are vulnerable to the operating system's security. We also identify features for system tuning, intrusion detection, authentication, session management, file system, runtime, and connectivity errors along with virus detection and configuration changes. These logging features also can be adopted for forensics purposes to identify fraud, suspicious, or other cybercrime activities utilizing user's activities. According to our preliminary findings, identified logging features should be discarded or improved to enhance OS security and increase the level of logging events protection for users. In our extended study, we will consider including the available open-source vulnerable logging dataset to provide a comparison between previous and identified logging vulnerabilities.
GR-251 Operating System (OS) Security: Identifying Vulnerable Logging Events and Logging Optimization to Detect OS Threats
Modern operating systems have security threats from different perspectives, logging for instance. Logging refers to a collection of computer activities uses for statistical purposes, and it becomes a fundamental feature of OS. Analysis of events of logs allows not only the detection and debugging of OS but also configuration errors of applications. Cyberattackers can utilize logging information that can jeopardize operating systems' security. In this research paper, we investigate operating systems logging mechanisms of modern operating systems where we focus on Microsoft Windows OS. We introduce different security issues related to logging and emphasize the selection and optimization of logging events for the Windows 11 event viewer to find features of the logging service that can be exploited by malicious individuals to conduct vulnerability in OS. We identify various unwanted logging features that are vulnerable to the operating system's security. We also identify features for system tuning, intrusion detection, authentication, session management, file system, runtime, and connectivity errors along with virus detection and configuration changes. These logging features also can be adopted for forensics purposes to identify fraud, suspicious, or other cybercrime activities utilizing user's activities. According to our preliminary findings, identified logging features should be discarded or improved to enhance OS security and increase the level of logging events protection for users. In our extended study, we will consider including the available open-source vulnerable logging dataset to provide a comparison between previous and identified logging vulnerabilities.
https://digitalcommons.kennesaw.edu/cday/Fall_2022/Graduate_Research/3