[cap-talk] Horton vs. ACLs - private namespaces and the Audit Problem
Karp, Alan H
alan.karp at hp.com
Tue Oct 9 13:28:50 EDT 2007
Jed wrote:
>
> I know our main tool in this regard in our NLTSS work
> (
> http://en.wikipedia.org/wiki/NLTSS
> )
> was logging messages. Since every authorization and every
> exercise of an authority (e.g. what are typically referred
> to as "system calls" on conventional systems) flowed over a
> message, by logging all the messages we were able to see all
> authorizations and any exercise of an authority.
Client Utility and e-speak also worked this way.
>
> I don't really see how one can do much better? Is there
> some reason such logs don't suffice for the "audit problem"?
> Of course there is a certain amount of overhead with such
> logging. Because of that we generally didn't leave full
> logging on all the time.
We used a publish/subscribe (actually publish/distribute/subscribe)
system. If there were no subscribers for a particular logging event, we
didn't publish it. That let us leave logging on all the time since many
low-level events rarely had subscribers.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list