Requirements and Non-requirements for XDAS
An implementation of the XDAS
needs to meet the following security requirements:
- Prevent unauthorised
modification of the audit service configuration data.
- Prevent unauthorised
modification of the event detection records.
- Prevent unauthorised
disclosure of the event records.
- Support adequate separation
of duties for users.
- Provide appropriate measures
in dealing with an unauthorised denial of service, for
example, by suspending an offending process, if
appropriate.
- Protect audit service
configuration data.
- Protect the \f2audit log\fP
and its contents from any unauthorised modification or
deletions.
- Protect the audit log by
making it accessible only to principals acting in
specific administrative or security roles.
- This specification places a
dependency on event management services to meet some of
the requirements to handle the detection of compound
events and handle the disposition of alarms resulting in
the initiation of actions or notification of
administrators. Such an event management service is
required to support the security requirements listed
above.
The security requirements are met
by using underlying distributed system security services and
platform security services, wherever possible.
Distributed System Requirements
Two requirements need to be met by
the XDAS to support a distributed model. It must:
- Not hinder the achievement of
adequate performance over the network.
- Utilise trustworthy universal
timestamps on event records. Because the XDAS cannot
assume a trusted time service is available, there is a
requirement that the audit records include a measure of
the uncertainty of the time at which the recorded event
occurred. This uncertainty information needs to be
inserted into the records when they are imported to or
exchanged between XDAS systems.
Non-functional Requirements
The following non-functional
requirements have been identified:
- the XDAS shall be application
independent
- the XDAS shall not impose a
particular placement of access control to distributed
audit services within an operating system kernel
- The XDAS shall not constrain
future extensibility. Nor shall it constrain the services
of other audit systems, including operating system and
site specific events types and associated data.
Out of Scope
The XDAS provides a set of
primitives only, which are used by audit applications. The
following facilities and services are deemed to be out of scope.
- Event Detection
The detection of security relevant events is done outside
the audit service. The specification assumes that that
the applications responsible for even detection will
prevent any unauthorised modification of those event
detection services.
- Dynamic Modification of
Audit Filter Parameters
XDAS does not include facilities for the analysis of
monitored security related events to determine whether
modifications are needed to the filter parameters. This
functionality falls within the scope of an event
management service. That is, the initiation of specific
actions arising from detection of an event or sequence of
events.
- Domain Specific Event
XDAS is not attempting to map all operating system or
domain specific events to XDAS generic events, only those
of significance at a distributed system level.
- Graphical User Interface
(GUI)
The XDAS provides support for GUI tools. The
specification supports but does \f2not\fP address the
definition of these tools.
- Audit Log Analysis
The XDAS provides a set of interfaces for audit log
analysis. It does not support queries on the audit log
against a set of selection criteria. Nor does it define
any of the audit log analysis tools. It is assumed that
the audit analysis tools will consolidate recorded
security related events as part of their analysis of the
audit logs.
- Audit Log Management
The current XDAS specification views the audit log as a
stream of time ordered audit event records. No management
structure is imposed on this stream and no functions are
specified for the management of the system resources, for
example files, used for the storage and processing of the
stream
Return
to Security index page
© 1995-2018 Sales
Enquiries Site
Index