Since DTrace can examine custom events on the system with whatever additional data is of interest, it can be applied for various uses in computer security. These include the following:
• Sniffing, such as real-time forensics
– Custom auditing
– Host-based Intrusion Detection Systems (HIDS)
• Policy enforcement
• Security debugging:
– Privilege debugging
– Reverse engineering
Scripts are provided in this chapter to demonstrate these uses. These and additional topics including DTrace privileges and DTrace-based attacks are discussed first.
In this section, we discuss the Solaris privileges associated with using DTrace and how DTrace can be used in several important security scenarios. ...