Chapter 21. Auditing
LADY MACBETH: Your servants ever Have theirs, themselves and what is theirs, in compt, To make their audit at your highness' pleasure, Still to return your own.
|--The Tragedy of Macbeth, I, vi, 27–30.|
Auditing is an a posteriori technique for determining security violations. This chapter presents the notions of logging (recording of system events and actions) and auditing (analysis of these records). Auditing plays a major role in detection of security violations and in postmortem analysis to determine precisely what happened and how. This makes an effective auditing subsystem a key security component of any system.
The development of techniques for auditing computer systems sprang from the need to trace access ...