Résumé
After a brief survey of the problems related to audit trail analysis and of some approaches to deal with them, the paper outlines the project ASAX which aims at providing an advanced tool to support such analysis. One key feature of ASAX is its elegant architecture build on top of a universal analysis tool allowing any audit trail to be analysed after a straight format adaptation. Another key feature of the project ASAX is the language RUSSEL used to express queries on audit trails. RUSSEL is a rulebased language which is tailor-made for the analysis of sequential files in one and only one pass. The conception of RUSSEL makes a good compromise with respect to the needed efficiency on the one hand and to the suitable declarative look on the other hand. The language is illustrated by examples of rules for the detection of some representative classical security breaches.
langue originale | Anglais |
---|---|
titre | Computer Security - ESORICS 1992 - 2nd European Symposium on Research in Computer Security, Proceedings |
rédacteurs en chef | Jean-Jacques Quisquater, Gerard Eizenberg , Yves Deswarte |
Editeur | Springer Verlag |
Pages | 435-450 |
Nombre de pages | 16 |
ISBN (imprimé) | 9783540562467 |
Etat de la publication | Publié - 1 janv. 1992 |
Evénement | 2nd European Symposium on Research in Computer Security, ESORICS 1992 - Toulouse, France Durée: 23 nov. 1992 → 25 nov. 1992 |
Série de publications
Nom | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 648 LNCS |
ISSN (imprimé) | 0302-9743 |
ISSN (Electronique) | 1611-3349 |
Une conférence
Une conférence | 2nd European Symposium on Research in Computer Security, ESORICS 1992 |
---|---|
Pays/Territoire | France |
La ville | Toulouse |
période | 23/11/92 → 25/11/92 |