ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis
Author
Naji Habra,Baudouin Le Charlier,Abdelaziz Mounji,Isabella Mathieu
Abstract
After a brief survey of the problems related to audit trail analysis and of some
approaches to deal with them, the paper outlines the project ASAX which aims at
providing an advanced tool to support such analysis. One key feature of ASAX is its
elegant architecture build on top of a universal analysis tool allowing any audit
trail to be analysed after a straight format adaptation. Another key feature of the
project ASAX is the language RUSSEL used to express queries on audit trails. RUSSEL
is a rule-based language which is tailor-made for the analysis of sequential files
in one and only one pass. The conception of RUSSEL makes a good compromise with
respect to the needed efficiency on the one hand and to the suitable declarative
look on the other hand. The language is illustrated by examples of rules for the
detection of some representative classical security breaches.
Booktitle
Proceedings of ESORICS'92, European Symposium on Research in Computer Security
Publication Date
2001-01-01