Logic Object Check [poligraph]
Andrew Reiter
s467338 at gettysburg.edu
Mon May 29 08:18:01 GMT 2000
this is in regards to your paper on the poligraph design. (Sorry to not
quote directly from your previous emails). In your paper, it mentions the
logic checking of an object (presumably a specific event that occurs in
the kernel) to see wwhether it is allowed to do whatever or whether it
will be a logged entry.
My question is.. What _exactly_ is being checked to compare an event to
the object event that has been specified as "special." What I am thinking
is that this might be one of the parts of th code that causes some
sluggish results. I am wondering about possibly, if the check is kind of
a hassle.. Somehow hash the idea of an event you wish to have become
"special."
For example, say we have an audit subsystem setup... I might want to add
the idea of an event that might occur so that I may log the information
regarding this event to our audit logging system. So, in our logic
checking, the pseudo code would go as following (correct me if Im wrong):
/* just do a linear search for the f*sck of it */
LIST_FOREACH(np, &head, entries) {
/* .. check multiple characteristics to guarantee the
* the event currently being handled is/is not in our
* list of events to check for.
*
*/
}
If we keep, for example, a hashed list (of some sorts), then Im sure the
logic checking would be much more simple and less sluggish. HOWEVER, I am
not sure your ideas on the logic checking, so this email may have been all
for not ;)
Andrew
---------------------------------------------------------
Andrew Reiter <s467338 at gettysburg.edu>
Computer Security Engineer
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list