Sun Microsystems, Inc., SunOS Release 4,1,1, C2-BSM Patch, Revision A, 2550 Garcia Ave, Mountain View, CA 94043, Decemher 15, 1991.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....ACTION, OBJECT . Each of these attributes contains subfields, which are used to reveal as much information as possible about the particular attribute. The subfield structure is shown in The C2 BSM is designed to be compliant with the TCSEC requirements for a system at the C2 classification [32]. 3 Unlike USTAT, statistical anomaly detection systems use the re turn field to detect browsers who perform abnormally high numbers of unsuccessful attempts or external attackers who repeatedly fail to pass logon authentication. SUBJECT ACTION OBJECT 1 Real User ID Effective User ID ....

....Thus, a compromise that requires the above two actions is achievable regardless of the order in which they are executed. STAT was originally designed to support permutable state transitions. However, permutable state transitions were not necessary for the scenarios that were used for the 17See [32] or the auditreduce(8) man pages for more information about auditreduce. development of USTAT, where each scenario corresponds to a single, non permutable rule sequence. Therefore, permutable sequences were not implemented in the USTAT prototype. A method for implementing permutable rule ....

Sun Microsystems, Inc., SunOS Release 4,1,1, C2-BSM Patch, Revision A, 2550 Garcia Ave, Mountain View, CA 94043, Decemher 15, 1991.

....occur for the successful completion of the penetration. A prototype of STAT, called USTAT, was implemented on SunOS 4.1.1 to validate the functional capabilities and conceptional soundness of the state transition analysis approach. The C2 BSM (Basic Security Module) was used to collect audit data [Sun 91] USTAT consists of the following components. The Preprocessor The Knowledge base The Fact base The Fact base Initializer The Fact base Updater The Rule base The State Description Table The Signature Action Table The Inference Engine The Decision Engine The audit record preprocessor is ....

Sun Microsystems Incorporated, SunOS Release 4.1.1, C2-BSM Patch, Revision A, Mountain View, CA, 1991.

....audituser system call audituser(2) other other Events not in any other class su(1) Table 4.1 List of Event Classes Among these audit classes, dr and dw generate the highest volume of audit records. A complete list of programs or system library calls that are audited by these flags can be found in [C2 b91]. Control files used by the audit system Besides the audit collection data files there are two special files used by the audit system. etc security audit auditcontrol, and etc security audit auditdata The audit control file: The audit control file is read by the audit daemon to determine how ....

....time) or immediate (takes effect after login time, and only for the duration of the session) For a permanent change the appropriate entry in the passwd file should be edited, whereas for an immediate change the audit program should be executed with u option. Details of these can be found in [C2 b91]. Audit data files and audit records This section describes the structure of the audit data files and the structure of the audit records contained in these files. Audit data files: The audit data files are created in the file system specified in the audit control file. The current audit file name ....

[Article contains additional citation context not shown here]

Sun Microsystems, Inc., SunOS Release 4.1.1. C2-BSM Patch, Revision A, 2550 Garcia Ave, Mountain View, CA 94043, Dec. 15, 1991.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC