Abstract
After a brief survey of the problems related to audit trail analysis and of some approaches to deal with them, the paper outlines the project ASAX which aims at providing an advanced tool to support such analysis. One key feature of ASAX is its elegant architecture build on top of a universal analysis tool allowing any audit trail to be analysed after a straight format adaptation. Another key feature of the project ASAX is the language RUSSEL used to express queries on audit trails. RUSSEL is a rulebased language which is tailor-made for the analysis of sequential files in one and only one pass. The conception of RUSSEL makes a good compromise with respect to the needed efficiency on the one hand and to the suitable declarative look on the other hand. The language is illustrated by examples of rules for the detection of some representative classical security breaches.
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
J.P. Anderson, “Computer Security Threat Monitoring and Surveillance”, J.P. Anderson Co, Fort Washington, PA, April 1980.
N. Habra, B. Le Charlier, A. Mounji & I. Mathieu, “Preliminary Report on Advanced Security Audit Trail Analysis on UniX”, Research Report 1/92, Institut d'Informatique, University of Namur, January 1992.
N. Habra, B. Le Charlier & A. Mounji, “Advanced Security Audit Trail Analysis on UniX: Implementation Design of the NADF Evaluator”, Research Report 7/92, Institut d'Informatique, University of Namur, March 1992.
A. Baur & W. Weiss, “Audit Analysis Tool for Systems with High Demands Regarding Security and Access Control”, Research Report, ZFE F2 SOF 42, Siemens Nixdorf Software, München, November 1988.
K. Brunnstein, S. Fisher-Hübner & M. Swimmer, “Concepts of an Expert System for Virus Detection”, Proceedings of the 7th IFIP International Conference and Exhibition on Information Security, Brighton, UK, May 1991.
D.E. Denning, “An Intrusion-Detection Model”, IEEE Transactions on Software Engineering, Vol.13, No.2, February 1987.
Th.D. Garvey & T.F. Lunt, “Model-Based Intrusion Detection”, Proceedings of the 14th National Security Conference, Washington DC, October 1991.
N. Habra, “Computer-Aided Prototyping: A Transformational Approach”, Information and Software Technology, Vol.33, No.9, November 1991.
T. Lunt, J. van Horne & L. Halme, “Automated Analysis of Computer System Audit Trails”, Proceedings of the 9th DOE Computer Security Group Conference, May 1986.
T.F. Lunt & R. Jagannathan, “A Prototype Real-time Intrusion Detection Expert System”, Proceedings of the 1988 IEEE Symposium on Security and Privacy, April 1988.
T.F. Lunt, “Automated Audit Trail Analysis and Intrusion Detection: A Survey”, Proceedings of the 11th National Security Conference, Baltimore, MD, October 1988.
T.F. Lunt, R. Jagannathan, R. Lee, A. Whitehurst & S. Listgarten “Knowledge Based Intrusion Detection”, Proceedings of the 1989 AI Systems in Government Conference, Washington, DC, March 1989.
T.F. Lunt, “Real Time Intrusion Detection”, Proceedings of the COMPCON spring 89', San Fransisco, CA, February, 1989.
T.F. Lunt et. al., “A Real-Time Intrusion-Detection Expert System”, Interim Progress Report, Computer Science Laboratory, SRI International, Menlo Park, CA, May 1990.
R.D. Tennent, “Principles of Programming Languages”, Printice-Hall International, 1981
R.A. Whitehurst, “Expert Systems in Intrusion Detection: A Case Study”, Computer Science Laboratory, SRI International, Menlo Park, CA, November 1987.
Standard Manuals
“Trusted Computer System Evaluation Criteria”, The Orange Book, Department of Defense, NCSC, National Computer Security Centre, DoD 5200.28-STD, December 1985.
“Manual for the Evaluation of Trustworthiness of Information Technology Systems”, The German Information Security Agency (GISA), February 1990
“Information Technology Security Evaluation Criteria”, European Community Advisory Group SOG-IS, June 1991
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1992 Springer-Verlag
About this paper
Cite this paper
Habra, N., Charlier, B.L., Mounji, A., Mathieu, I. (1992). ASAX: Software architecture and rule-based language for universal audit trail analysis. In: Deswarte, Y., Eizenberg, G., Quisquater, JJ. (eds) Computer Security — ESORICS 92. ESORICS 1992. Lecture Notes in Computer Science, vol 648. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0013912
Download citation
DOI: https://doi.org/10.1007/BFb0013912
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-56246-7
Online ISBN: 978-3-540-47488-3
eBook Packages: Springer Book Archive