Better Logging Through Formality: Applying Formal Specification Techniques to Improve Audit Logs and Log Consumers

Get BibTex-formatted data

Download

PDF

Author

Chapman Flack and Mikhail J. Atallah

Tech report number

CERIAS TR 2000-28

Entry type

inproceedings

Abstract

We rely on programs that consume audit logs to do so successfully (a robustness issue) and form the correct interpretations of the input (a semantic issue). The vendor's documentation of the log format is an important part of the specification for any log consumer. As a specification, it is subject to improvement using formal specification techniques. This work presents a methodology for formalizing and refining the description of an audit log to improve robustness and semantic accuracy of programs that use the log. Ideally applied during design of a new format, the methodology is also profitably applied to existing log formats. Its application to Solaris BSM (an existing, commercial format) demonstrated utility by detecting ambiguities or errors of several types in the documentation or implementation of BSM logging, and identifying opportunities to improve the content of the logs. The products of this work are the methodology itself for use in refining other log formats and their consumers, and an annotated, machine-readable grammar for Solaris BSM that can be used by the community to quickly construct applications that consume BSM logs.

Download

PDF

Date

2000 – Oct

URL

http://link.springer-ny.com/li ... /papers/1907/19070001.pdf

Booktitle

Recent Advances in Intrusion Detection (RAID 2000)

Editor

Herv

Key alpha

cerias-2000-10

Number

1907

Pages

1-16

Publisher

Springer-Verlag

Series

Lecture Notes in Computer Science

Affiliation

Purdue University CERIAS

Publication Date

1900-01-01

Copyright

Springer-Verlag Berlin Heidelberg 2000

Isbn

3-540-41085-6

Keywords

log, formal, specification, documentation, reliability,interoperability, CIDF, BSM, grammar

Lccn

QA76.9.A25 R34 2000

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Inproceedings{ cerias-2000-10,
	title = "Better Logging Through Formality: Applying Formal Specification Techniques to Improve Audit Logs and Log Consumers",
	author = "Chapman Flack and Mikhail J. Atallah",
	year = "2000",
	month = "Oct",
	booktitle = "Recent Advances in Intrusion Detection (RAID 2000)",
	editor = "Herv",
	number = "1907",
	pages = "1-16",
	publisher = "Springer-Verlag",
	series = "Lecture Notes in Computer Science",
	abstract = "We rely on programs that
consume audit logs to do so successfully (a robustness issue)
and form the correct
interpretations of the input (a semantic issue).
The vendor's documentation of the log format is an important part of the
specification for any log consumer.
As a specification, it is subject to improvement using formal specification
techniques.
This work presents a methodology for formalizing and refining the description
of an audit log to improve robustness and semantic accuracy of programs that
use the log.
Ideally applied during design of a new format, the methodology is also
profitably applied to existing log formats.
Its application to Solaris BSM (an existing, commercial format) demonstrated
utility by detecting ambiguities or errors of several types in the
documentation or implementation of BSM logging, and identifying opportunities
to improve the content of the logs.
The products of this work are the methodology itself for use in refining
other log formats and their consumers, and an annotated,
machine-readable grammar for Solaris BSM
that can be used by the community to quickly construct
applications that consume BSM logs.
",
	affiliation = "Purdue University CERIAS",
	copyright = "Springer-Verlag Berlin Heidelberg 2000",
	isbn = "3-540-41085-6",
	keywords = "log, formal, specification, documentation, reliability,interoperability, CIDF, BSM, grammar",
	lccn = "QA76.9.A25 R34 2000",
	url = "http://link.springer-ny.com/link/service/series/0558/papers/1907/19070001.pdf",
}