Log Auditing through Model-Checking

Cape Breton, Novia Scotia, Canada June 11-June 13

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/CSFW.2001.930148

14th IEEE Computer Security Foundatio ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Muriel Roger Articles by Jean Goubault-Larrecq

	ASCII Text	x
	Muriel Roger, Jean Goubault-Larrecq, "Log Auditing through Model-Checking," Computer Security Foundations Workshop, IEEE, pp. 0220, 14th IEEE Computer Security Foundations Workshop (CSFW'01), 2001.

	BibTex	x
	@article{ 10.1109/CSFW.2001.930148, author = {Muriel Roger and Jean Goubault-Larrecq}, title = {Log Auditing through Model-Checking}, journal ={Computer Security Foundations Workshop, IEEE}, volume = {0}, year = {2001}, isbn = {0-7695-1146-5}, pages = {0220}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSFW.2001.930148}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Foundations Workshop, IEEE TI - Log Auditing through Model-Checking SN - 0-7695-1146-5 SP EP A1 - Muriel Roger, A1 - Jean Goubault-Larrecq, PY - 2001 VL - 0 JA - Computer Security Foundations Workshop, IEEE ER -

Muriel Roger, GIE Dyade, INRIA Rocquencourt and LSV, ENS Cachan

Jean Goubault-Larrecq, GIE Dyade, INRIA Rocquencourt and LSV, ENS Cachan

Abstract: Log auditing is a basic intrusion detection mechanism, whereby attacks are detected by uncovering matches of sequences of events against signatures. We argue that this is naturally expressed as a model-checking problem against linear Kripke models. A variant of the classic linear time temporal logic of Manna and Pnueli with first-order variables is first investigated in this framework. But this logic is in dire need of refinement, as far as expressiveness and efficiency are concerned. We therefore propose a second, less standard logic consisting of flat, Wolper-style linear-time formulae. We describe an efficient on-line algorithm, making the approach attractive for complex log auditing tasks. We also present a few optimizations that the use of a formal semantics affords us.

Citation:

Muriel Roger, Jean Goubault-Larrecq, "Log Auditing through Model-Checking," csfw, pp.0220, 14th IEEE Computer Security Foundations Workshop (CSFW'01), 2001

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.