Visual Audit Browser Movie Maker


The Visual Audit Browser Movie Maker, developed in the UC Davis Computer Science Department Security Lab under the Audit Workbench Project, is a utility to convert audit logs into animated sequences of images that represents certain portions of the activity recorded in the audit logs.

In its current implementation, it works by processing a BSM audit log using a perl program which filters out certain records and produces a DOT language file specifying a graph depicting the relationship of processes and files as well as recording certain time-ordering information. This DOT file is passed into the AT&T Bell Lab's graph layout filter, DOT, which produces a PostScript file. This file is then consumed by another perl program, which emits a Postscript file whose pages are the sequence of images.

An option is provided to have "quiet" nodes and edges "fade away" after a certain amount of time. This is either done by abruptly removing a node/edge, or by the printed node/edge becoming increasingly lighter until it is used again.

Some Examples (these look best using a postscript viewer such as Pageview)

o suid attack-no fading
o suid attack-no fading,9 to a page
o suid attack-slow fading
o suid attack-slow fading,9 to a page

<- Back to the Visual Audit Browser page AWB SecLab Home Page Last revised 27-Jul-95 by Jim Hoagland