Distributed Audit Service (XDAS)
Copyright © 1998 The Open Group
APIApplication Programming Interface.
The interface between the application software and the application platform,
across which all services are provided.
The application programming interface is primarily in support of application
portability, but system and application interoperability are also supported
by a communication API (see POSIX.0).
auditSee Security Audit (see ISO/IEC 7498-2).
audit analysisThe analysis of audit data comprises manual or automated
processes which scrutinize the audit data to identify in them real
or potential security threats or to track system activity for the
purpose of assigning accountability. Several approaches are possible
to compare activity with a profile based on normal behaviour;
to seek out unacceptable or suspicious events by establishing a rules
base for inappropriate system activity.
Analysis can generate filtering requirements which can be fed back
into the discrimination process and provide strong reporting utilities.
audit trailSee Security Audit Trail (see ISO/IEC 7498-2).
authenticated identityAn identity of a principal that has been assured through
authentication (see ISO/IEC 10081-2).
authenticationVerify claimed identity;
see data origin authentication, and peer entity authentication
(see ISO/IEC 7498-2).
Authentication information in the form of a security certificate which may be
used to assure the identity of an entity guaranteed by an authentication
authority (see ISO/IEC 10081-2).
authorizationThe granting of rights, which includes the granting of access based on access
rights (see ISO/IEC 7498-2).
authorization policyA set of rules, part of an access control policy, by which access by security
subjects to security objects is granted or denied. An authorization policy may
be defined in terms of access control lists, capabilities or attributes
assigned to security subjects, security objects
or both (see ECMA TR/46).
availabilityThe property of being accessible and usable upon demand by an authorized
entity (see ISO/IEC 7498-2).
client-serverThese operations occur between a pair of communicating independent peer
processes. The peer process initiating a service request is termed the
client. The peer process responding to a service request is termed the
server. A process may act as both client and server in the context of a set
The peer processes may reside on the same or different processors.
The configuration most commonly envisaged as client-server is that of a
workstation hosting client processors servicing a single user communicating
with server processes on a host processor servicing multiple workstation
confidentialityThe property that information is not made available or disclosed to
unauthorized individuals, entities, or processes (see ISO/IEC 7498-2).
credentialsData that is transferred to establish
the claimed identity of an entity (see ISO/IEC 7498-2).
data integrityThe property that data has not been altered or destroyed in an unauthorized
manner (see ISO/IEC 7498-2).
denial of serviceThe unauthorized prevention of authorized access to resources or the
delaying of time-critical operations (see ISO/IEC 7498-2).
identificationThe assignment of a name by which an entity can be referenced.
The entity may be high level (such as a user) or low level (such as a
process or communication channel.
initiatorAn entity (for example, human user or computer based entity) that attempts
to access other entities (see ISO/IEC 10081-3).
integritySee Data Integrity (see ISO/IEC 7498-2).
policySee security policy (see ISO/IEC 7498-2).
privacyThe right of individuals to control or influence what information related to
them may be collected and stored and by whom and to whom that information may
- because this term relates to the right of individuals, it cannot be
very precise and its use should be avoided except as a motivation for
requiring security (see ISO/IEC 7498-2).
security attributeA security attribute is a piece of security information which is associated
with an entity.
security auditAn independent review and examination of system records and operations in
order to test for adequacy of system controls, to ensure compliance with
established policy and operational procedures, to detect breaches in security
and to recommend any indicated changes
in control, policy and procedures (see ISO/IEC 7498-2).
security audit messageA message generated following the occurrence of an auditable security-related
event (see ISO/IEC 10081-7).
security audit recordA single record in a security audit trail corresponding to a single
security-related event (see ISO/IEC 10081-7).
security audit trailData collected and potentially used to facilitate
a security audit (see ISO/IEC 7498-2).
security auditorAn individual or a process allowed to have access to the security audit trail
and to build audit reports (see ISO/IEC 10081-7).
security domainA set of elements, a security policy, a security authority and a set of
security-relevant operations in which the set of elements are subject to the
security policy, administered by the security authority, for the specified
operations (see ISO/IEC 10081-1).
security policyThe set of criteria for the provision of security services (see also
identity-based and rule-based security policy).
security serviceA service which may be invoked directly or indirectly by functions
within a system that ensures
adequate security of the system or of data transfers between
components of the system or with other systems.
targetAn entity to which access may be attempted (see ISO/IEC 10081-3).
threatA potential violation of security (see ISO/IEC 7498-2).
An action or event that might prejudice security (see ITSEC).
trustA relationship between two elements, a set of operations and a security policy
in which element X trusts element Y if and only if X has confidence that Y
behaves in a well defined way (with respect to the operations) that does
not violate the given security policy (see ISO/IEC 10081-1).
trusted functionalityThat which is perceived to be correct with respect to some criteria, for
example, as established by a security policy (see ISO/IEC 7498-2).
Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy
of this publication.