AUDIT AND SURVEILLANCE ARE TWO TECHNIQUES FOR OBSERVING THE WAY USERS EMPLOY A COMPUTER RESOURCE. AUDIT ANALYZES USE AFTER THE FACT WHILE SURVEILLANCE ACTIVELY MONITORS USER BEHAVIOR FOR CERTAIN CHARACTERISTICS. THESE TWO TECHNIQUES HAVE BEEN RECOMMENDED AS COMPUTER SECURITY METHODS, BUT ANYONE WHO KNOWS HOW TO USE THE SOFTWARE CAN CIRCUMVENT THEM. A BETTER SECURITY SYSTEM FOR A MULTILEVEL SECURE COMPUTING ENVIRONMENT IS ONE BASED ON A SECURITY KERNEL. THEN AUDIT AND SURVEILLANCE SOFTWARE CAN PROVIDE SECURITY BACKUP. AUDIT SOFTWARE CAN BE OF TWO TYPES. THE FIRST GIVES THE SECURITY OFFICER THE ABILITY TO CHOOSE WHICH EVENTS ARE AUDITED FOR WHICH PROCESSES OR USERS, THE SECOND ALLOWS THE OFFICER TO SEARCH THE VOLUMINOUS RECORDED DATA FOR SPECIFIC EVENTS. SURVEILLANCE STRATEGIES CAN INCLUDE BOTH ESOTERIC SYSTEMS, SUCH AS PATTERN MATCHING OR ENTRAPMENT, AND SIMPLE SOFTWARE WHICH MIGHT INCLUDE ALARMS TO CALL ATTENTION TO PATENT ATTEMPTS AT PASSWORD GUESSING OR TO ESPECIALLY HIGH FREQUENCIES OF ATTEMPTED PROTECTION VIOLATIONS. THE PROTECTION RECOMMENDED FOR THE AIR FORCE SECURITY KERNEL-BASED MULTICS SYSTEM THEN IS DISCUSSED IN GENERAL, NONCLASSIFIED TERMS. THE PROPOSED SYSTEM WOULD COMBINE MANY AUDIT AND SURVEILLANCE APPROACHES AND WOULD DIVIDE THESE FUNCTIONS AMONG A NUMBER OF PERSONNEL. (GLR)