11 Security Since DTrace can examine custom events on the system with whatever additional data is of interest, it can be applied for various uses in computer security. These include the following: Sniffing, such as real-time forensics Monitoring: ­ Custom auditing ­ Host-based Intrusion Detection Systems (HIDS) Policy enforcement Security debugging: ­ Privilege debugging ­ Reverse engineering Scripts are provided in this chapter to demonstrate these uses. These and addi- tional topics including DTrace privileges and DTrace-based attacks are discussed first. Privileges, Detection, and Debugging In this section, we discuss the Solaris privileges associated with using DTrace and how DTrace can be used in several important security scenarios. 867