Audit trails are prevented from operating properly. Examples
include overloading audit mechanisms with irrelevant data so as to prevent
proper recording of malicious behavior, network packet corruption to prevent
network-based audit trails from being properly recorded, and consuming some
resource critical to the auditing process so as to prevent audit from being
generated or kept.
Complexity: This class of attacks has not been thoroughly analyzed from a
mathematical standpoint, but it appears that in most systems, audit trail
suppression is straightforward. It may be far more difficult to accomplish
this in a system designed to provide a high assurance of audit
completeness.
fc@red.a.net