ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis

Get BibTex-formatted data

Author

Naji Habra,Baudouin Le Charlier,Abdelaziz Mounji,Isabella Mathieu

Entry type

inproceedings

Abstract

After a brief survey of the problems related to audit trail analysis and of some approaches to deal with them, the paper outlines the project ASAX which aims at providing an advanced tool to support such analysis. One key feature of ASAX is its elegant architecture build on top of a universal analysis tool allowing any audit trail to be analysed after a straight format adaptation. Another key feature of the project ASAX is the language RUSSEL used to express queries on audit trails. RUSSEL is a rule-based language which is tailor-made for the analysis of sequential files in one and only one pass. The conception of RUSSEL makes a good compromise with respect to the needed efficiency on the one hand and to the suitable declarative look on the other hand. The language is illustrated by examples of rules for the detection of some representative classical security breaches.

Date

1992 – November

URL

http://www.springerlink.com/content/5920284140rrh986/

Booktitle

Proceedings of ESORICS'92, European Symposium on Research in Computer Security

Key alpha

Habra

Publication Date

2001-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Inproceedings{ Habra,
	title = "ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis",
	author = "Naji Habra,Baudouin Le Charlier,Abdelaziz Mounji,Isabella Mathieu",
	year = "1992",
	month = "November",
	booktitle = "Proceedings of ESORICS'92, European Symposium on Research in Computer Security",
	abstract = "After a brief survey of the problems related to audit trail analysis and of some
approaches to deal with them, the paper outlines the project ASAX which aims at
providing an advanced tool to support such analysis. One key feature of ASAX is its
elegant architecture build on top of a universal analysis tool allowing any audit
trail to be analysed after a straight format adaptation. Another key feature of the
project ASAX is the language RUSSEL used to express queries on audit trails. RUSSEL
is a rule-based language which is tailor-made for the analysis of sequential files
in one and only one pass. The conception of RUSSEL makes a good compromise with
respect to the needed efficiency on the one hand and to the suitable declarative
look on the other hand. The language is illustrated by examples of rules for the
detection of some representative classical security breaches.",
	url = "http://www.springerlink.com/content/5920284140rrh986/",
}