Outline for May 27, 2004

  1. Life cycle: Waterfall Model
    1. Requirements definition and analysis
    2. System and software design (system design, program design)
    3. Implementation and unit testing
    4. Integration and system testing
    5. Operation and maintenance
  2. Other life cycle models
    1. Exploratory programming
    2. Prototyping
    3. Formal transformation
    4. System assembly from reusable components
    5. Extreme programming
  3. Auditing
    1. Definitions
  4. Architecture
    1. Logger
    2. Analyzer
    3. Notifier
  5. A Priori Design
    1. Goal: determine what information indicates violation of security policy
    2. Implementation considerations
    3. Syntactic issues
    4. Sanitizing the logs
    5. System and application logging
  6. A Posteriori Design
    1. Goal: detect any violations of policy, or actions known to be part of such an attempt
    2. Detect violations of a known policy
      1. State-based auditing
      2. Transition-based auditing
    3. Detect known violations of a policy


Here is a PDF version of this document.