Requirements and Non-requirements for XDAS

An implementation of the XDAS needs to meet the following security requirements:

The security requirements are met by using underlying distributed system security services and platform security services, wherever possible.

Distributed System Requirements

Two requirements need to be met by the XDAS to support a distributed model. It must:

Non-functional Requirements

The following non-functional requirements have been identified:

Out of Scope

The XDAS provides a set of primitives only, which are used by audit applications. The following facilities and services are deemed to be out of scope.

Event Detection
The detection of security relevant events is done outside the audit service. The specification assumes that that the applications responsible for even detection will prevent any unauthorised modification of those event detection services.
Dynamic Modification of Audit Filter Parameters
XDAS does not include facilities for the analysis of monitored security related events to determine whether modifications are needed to the filter parameters. This functionality falls within the scope of an event management service. That is, the initiation of specific actions arising from detection of an event or sequence of events.
Domain Specific Event
XDAS is not attempting to map all operating system or domain specific events to XDAS generic events, only those of significance at a distributed system level.
Graphical User Interface (GUI)
The XDAS provides support for GUI tools. The specification supports but does \f2not\fP address the definition of these tools.
Audit Log Analysis
The XDAS provides a set of interfaces for audit log analysis. It does not support queries on the audit log against a set of selection criteria. Nor does it define any of the audit log analysis tools. It is assumed that the audit analysis tools will consolidate recorded security related events as part of their analysis of the audit logs.
Audit Log Management
The current XDAS specification views the audit log as a stream of time ordered audit event records. No management structure is imposed on this stream and no functions are specified for the management of the system resources, for example files, used for the storage and processing of the stream

 

Return to Security index page

    
© 1995-2010
     Sales Enquiries      Site Index