1. Field of the Invention
The present invention relates to computer systems. More specifically, the present invention relates to a method and apparatus for facilitating adjustment of an audit state in a computing environment.
2. Related Art
Auditing is a powerful mechanism for the enforcement of security policies, and for system evaluation. A system administrator can use an auditing mechanism to detect inappropriate and malicious behavior. Moreover, auditing can help identify the perpetrators of such activities. Furthermore, auditing can help system administrators detect flaws in system design, and can facilitate improvements to the design.
When an auditing mechanism comes under the control of an adversary, the auditing mechanism can be used to attack the system that the auditing mechanism is meant to protect. For example, if the auditing mechanism is configured to audit everything that can be audited at the highest level of detail possible, then it is possible for the system to use so much of its resources performing auditing operations that the system is unable to perform other operations. Such malicious use of an auditing mechanism as described above is a form of a denial of service (DoS) attack, which can be devastating in many situations.
The opposite situation can also be detrimental. If an adversary gains control of the auditing mechanism, the adversary can turn off all auditing. In such a situation, no further actions will be recorded, and therefore no record of a subsequent attack will be generated. Therefore, it is important to prevent control of the auditing mechanism from falling into the wrong hands.
However, it is often desirable to have a third-party system initiate auditing when certain pre-defined conditions are met. This is advantageous because the administrator has one less system to be responsible for monitoring. In order to enable the third-party system to initiate auditing, the system administrator typically provides a key to the third-party system which enables the third-party system to change audit settings. This allows the third-party system to take over some of the auditing. However, providing such control to the third-party system creates potential problems because the probability that an unauthorized individual can obtain an audit system key increases each time the key is shared with an authorized third-party.
Hence, what is needed is a method for controlling system auditing capabilities that does not give rise to the above-mentioned problems.