David Wheeler wrote: > > Crispin Cowan has suggested that the "next stage" should examine > audit requirements, and SGI has worked hard on figuring out how to > implement the "CAPP" requirements for auditing. Thank you. Especially, thank you for the feedback on the first set of changes we proposed. I expect our revised proposals to be considerably more palatable. Stephen's suggestion regarding interposition was especially well founded. > I'm sure that there are other events that someone might want to audit, > and I'm sure not everyone would want this list. Just as any particular decision might rouse debate as to its inclusion in "policy", so to may the value in recording it for posterity. > However, a > system that has enough hooks to audit these events would be a good start, > and you'd be able to refer to a canonical list of events to audit. Audit implementations often stress the mindsets of criteria developers, programmers, and system admins. The tradeoffs between performance, completeness, usability and clarity could drive a Bishop to drink. -- Casey Schaufler Manager, Trust Technology, SGI caseyat_private voice: 650.933.1634 casey_pat_private Pager: 888.220.0607 _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jul 16 2001 - 16:04:27 PDT