{"title":"用于在线处理操作系统内核事件的运行时环境","authors":"Michael Schöbel, A. Polze","doi":"10.1145/2134243.2134245","DOIUrl":null,"url":null,"abstract":"Different approaches were proposed for the logging of operating system kernel events. In general, the resulting logfiles are huge and have to be analyzed by administrators, who try to identify problems and derive adequate actions. The idea of autonomic computing is to automate such tasks.\n As an important step towards this vision, computer systems have to be self-aware, i.e. they must be able to detect their runtime state and react if certain problems are detected. In contrast to control-theory based approaches for autonomic computing, the processing of discrete eventstreams offers the possibility of detecting singular events such as attacks or failing components directly.\n Our proposed runtime environment (1) processes event pattern descriptions, (2) combines events generated by usermode applications and the operating system kernel, (3) can be integrated into the operating system kernel to handle the events as close to their source as possible, (4) adaptively chooses relevant events to keep system disturbance low, and (5) provides an API for the implementation of ideas of autonomic computing in context of reactions to event patterns.\n In this paper, the event pattern specification language and the runtime environment are described. The described prototype implements the envisioned runtime environment in user-mode and is able to look for event patterns in prerecorded event logfiles. Additionally, an outlook on the planned operating system kernel integration is given.","PeriodicalId":315305,"journal":{"name":"International Workshop on Dynamic Analysis","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-07-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A runtime environment for online processing of operating system kernel events\",\"authors\":\"Michael Schöbel, A. Polze\",\"doi\":\"10.1145/2134243.2134245\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Different approaches were proposed for the logging of operating system kernel events. In general, the resulting logfiles are huge and have to be analyzed by administrators, who try to identify problems and derive adequate actions. The idea of autonomic computing is to automate such tasks.\\n As an important step towards this vision, computer systems have to be self-aware, i.e. they must be able to detect their runtime state and react if certain problems are detected. In contrast to control-theory based approaches for autonomic computing, the processing of discrete eventstreams offers the possibility of detecting singular events such as attacks or failing components directly.\\n Our proposed runtime environment (1) processes event pattern descriptions, (2) combines events generated by usermode applications and the operating system kernel, (3) can be integrated into the operating system kernel to handle the events as close to their source as possible, (4) adaptively chooses relevant events to keep system disturbance low, and (5) provides an API for the implementation of ideas of autonomic computing in context of reactions to event patterns.\\n In this paper, the event pattern specification language and the runtime environment are described. The described prototype implements the envisioned runtime environment in user-mode and is able to look for event patterns in prerecorded event logfiles. Additionally, an outlook on the planned operating system kernel integration is given.\",\"PeriodicalId\":315305,\"journal\":{\"name\":\"International Workshop on Dynamic Analysis\",\"volume\":\"14 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-07-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Workshop on Dynamic Analysis\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2134243.2134245\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Workshop on Dynamic Analysis","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2134243.2134245","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A runtime environment for online processing of operating system kernel events
Different approaches were proposed for the logging of operating system kernel events. In general, the resulting logfiles are huge and have to be analyzed by administrators, who try to identify problems and derive adequate actions. The idea of autonomic computing is to automate such tasks.
As an important step towards this vision, computer systems have to be self-aware, i.e. they must be able to detect their runtime state and react if certain problems are detected. In contrast to control-theory based approaches for autonomic computing, the processing of discrete eventstreams offers the possibility of detecting singular events such as attacks or failing components directly.
Our proposed runtime environment (1) processes event pattern descriptions, (2) combines events generated by usermode applications and the operating system kernel, (3) can be integrated into the operating system kernel to handle the events as close to their source as possible, (4) adaptively chooses relevant events to keep system disturbance low, and (5) provides an API for the implementation of ideas of autonomic computing in context of reactions to event patterns.
In this paper, the event pattern specification language and the runtime environment are described. The described prototype implements the envisioned runtime environment in user-mode and is able to look for event patterns in prerecorded event logfiles. Additionally, an outlook on the planned operating system kernel integration is given.