Quote: modern society does not prevent crime; it detects crime after the fact [»schnB_2000]

Quote: understand the attack and what it means; detect, localize, identify, assess [»schnB_2000]

Quote: the gold standard for security consists of authenticating principals, authorizing access, and auditing the guard's decisions [»lampBW6_2004]

Quote: a system must allow for audit and correction of performance and itself [»waltPL11_1979]

Quote: protect public keys by an audit trail giving registrations of keys, signatures, and compromised keys [»dennDE2_1983]

Quote: detection and punishment are the primary instruments of security

Quote: produce audit logs that are admissible in court, prove guilt, and do not contain secrets [»schnB_2000]

Quote: in audit mode, the slab allocator records activity in a circular log; identifies owners of corrupted blocks [»bonwJ6_1994]

Quote: detect intruders in close to real time, while they are still engaged in the attack

Quote: an attacker's activities are constrained by the jail and fully visible to the administrator; the jail administrator can inspected anything in the jail [»kampPH7_2004]

Quote: to ensure security, a reference monitor must be tamper proof, invoked on every data reference, and small enough to be proven correct [»kargPA6_1974]

Quote: security rings and memory segmentation might be provably secure; e.g., Multics, a descriptor-based system [»kargPA6_1974]

Quote: a chain of trust is a proof of an access control decision; store in a tamper-resistant log for auditing and accountability [»lampBW6_2004]

Quote: secure file manager maintains a complete history of the last five minutes; prevents frequent versions of the same file for a pattern-of-use channel [»rushJ7_1983]

Quote: in RCS, lock breaking automatically sends an e-mail message to the lock's owner; only used in real emergencies or if owner resigns [»tichWF7_1985]

Quote: in RCS, forcing a lock is possible; but it automatically sends email to the lock's owner [»tichWF9_1982]

Quote: an attacker can bypass the auditing capabilities of a security system by erasing evidence [»kargPA12_2002]

Quote: passwords and security audits are no more than "security blankets" as long as hardware and software are vulnerable [»kargPA6_1974]