Introduction to XDAS
The purpose of security audit
services is to provide support for
- the principle of
accountability, that is holding users of a system
accountable for their actions within the system, and
- detection of security policy
violations, that is the detection of attempts by
unauthorised individuals to access the system and of
attempts by authorised users to misuse their access to
the system.
The objective of the XDAS
specification is to define
- a set of generic events of
relevance at a global distributed system level, For
example, end-user system sign-on and the initiation and
termination of communication sessions between components.
- a common portable audit
record format to facilitate the merging and analysis of
audit information from multiple components at the
distributed system level
- an API for use by
applications to submit events to XDAS
- an API to import audit data
from existing component specific audit services to XDAS
- an API to configure event
pre-selection criteria for event submission to XDAS
- an API to read records from a
XDAS audit trail
This service is intended to be a
complement to existing system component specific audit services,
not to replace them. Such local audit services are also likely to
handle events and a level of detail that may be irrelevant at the
global level of XDAS.
Interfaces are supported for use
by four different types of applications:
- an API to submit events to
the audit service, for use by applications that generate
audit records and use XDAS to log such events
- an API and a common audit
event record format for use by existing component
specific audit services to import audit records into the
XDAS audit stream for distributed system level analysis
- an API to support the
configuration of event pre-selection criteria and event
disposition actions, for use by XDAS audit event
management applications
- an API together with a common
audit event record format, for use by Audit Log Analysis
applications
The XDAS-API provides the
following benefits:
- Application developers have a
common API, a generic set of audit events, and a common
audit format regardless o the platform on which the XDAS
service is running. This is of benefit to the developers
of both applications that detect and wish to record
security relevant events and of applications that analyse
audit events.
- Platform and application
infrastructure vendors are able to support the needs of
users at the distributed system level within a
heterogeneous environment without the necessity to
re-engineer their current operating system or application
specific audit service implementations, perhaps with
resulting performance implications
- End-user organisations
benefit through increased effectiveness in enforcing
individual accountability within a distributed
environment.
Return
to Security index page
© 1995-2018 Sales
Enquiries Site
Index