Introduction to XDAS

The purpose of security audit services is to provide support for

• the principle of accountability, that is holding users of a system accountable for their actions within the system, and
• detection of security policy violations, that is the detection of attempts by unauthorised individuals to access the system and of attempts by authorised users to misuse their access to the system.

The objective of the XDAS specification is to define

• a set of generic events of relevance at a global distributed system level, For example, end-user system sign-on and the initiation and termination of communication sessions between components.
• a common portable audit record format to facilitate the merging and analysis of audit information from multiple components at the distributed system level
• an API for use by applications to submit events to XDAS
• an API to import audit data from existing component specific audit services to XDAS
• an API to configure event pre-selection criteria for event submission to XDAS
• an API to read records from a XDAS audit trail

This service is intended to be a complement to existing system component specific audit services, not to replace them. Such local audit services are also likely to handle events and a level of detail that may be irrelevant at the global level of XDAS.

Interfaces are supported for use by four different types of applications:

• an API to submit events to the audit service, for use by applications that generate audit records and use XDAS to log such events
• an API and a common audit event record format for use by existing component specific audit services to import audit records into the XDAS audit stream for distributed system level analysis
• an API to support the configuration of event pre-selection criteria and event disposition actions, for use by XDAS audit event management applications
• an API together with a common audit event record format, for use by Audit Log Analysis applications

The XDAS-API provides the following benefits:

• Application developers have a common API, a generic set of audit events, and a common audit format regardless o the platform on which the XDAS service is running. This is of benefit to the developers of both applications that detect and wish to record security relevant events and of applications that analyse audit events.
• Platform and application infrastructure vendors are able to support the needs of users at the distributed system level within a heterogeneous environment without the necessity to re-engineer their current operating system or application specific audit service implementations, perhaps with resulting performance implications
• End-user organisations benefit through increased effectiveness in enforcing individual accountability within a distributed environment.

Return to Security index page

    
© 1995-2018     Sales Enquiries      Site Index