Detecting Breaches in Computer Security: A Pragmatic System with a Logic Programming Flavor

Computer security is a topic of growing concern because, on the one hand, the power of computers continues to increase at exponential speed and all computers are virtually connected to each other and because, on the other hand, the lack of reliability of software systems may cause dramatic and unrecoverable damage to computer systems and hence to the newly emerging computerized society. Among the possible approaches to improve the current situation, expert systems have been advocated to be an important one. Typical tasks that such expert systems can achieve include evaluating the security level of a software connguration and detecting malicious or incorrect behaviors of users. Logic programming provides a powerful formalism for knowledge representation and deductive reasoning and is therefore a good choice to build such expert systems. However general implementations of logic programming (e.g., Prolog) can be too complex and too ineecient to be used in a security context, where all users' actions should potentially be analyzed in real time. In this paper, we describe a \hand-crafted" system especially designed for watching what is happening in a computer connguration on a real time basis. The system integrates ideas from logic programming, imperative programming and rule-based systems in a pragmatic way. Some aspects of the systems have been presented elsewhere; in this paper, we concentrate on a new component, which is based on the deductive data base approach. Securing computers and network computers against unauthorized access and misuse is a growing concern in the computer community as evidenced by the rising number of press reports about security incidents. There are several means of securing computers, which can be divided into two broad approaches. Access control provides mechanisms for preventing unauthorized external users