A secure log architecture to support remote auditing

Abstract This paper presents BBox , a digital black box to provide for authentic archiving (and, consequently, forensic evidence) for remote auditing in distributed systems. Based upon public key cryptography and trusted computing platforms, the BBox employs standard primitives to ensure the authenticity of records during the transmission from devices to the collector, as well as during their storage on the collector and keyword retrieval by authorized auditors.

[1]  Matthew K. Franklin,et al.  A survey of key evolving cryptosystems , 2006, Int. J. Secur. Networks.

[2]  Anna Carlin,et al.  IT Audit: A Critical Business Process , 2007, Computer.

[3]  John Kelsey,et al.  Signed Syslog Messages , 2010, RFC.

[4]  David W. Chadwick,et al.  A PKI Based Secure Audit Web Server , 2005 .

[5]  Kent E. Seamons,et al.  Logcrypt: Forward Security and Public Verification for Secure Audit Logs , 2005, IACR Cryptol. ePrint Arch..

[6]  Rafael Accorsi,et al.  Automated Privacy Audits Based on Pruning of Log Data , 2008, 2008 12th Enterprise Distributed Object Computing Conference Workshops.

[7]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[8]  Di Ma,et al.  Practical forward secure sequential aggregate signatures , 2008, ASIACCS '08.

[9]  Rafael Accorsi,et al.  Personalization in privacy-aware highly dynamic systems , 2006, CACM.

[10]  Hyokyung Bahn,et al.  P/PA-SPTF: Parallelism-aware request scheduling algorithms for MEMS-based storage devices , 2009, TOS.

[11]  Mihir Bellare,et al.  Forward Integrity For Secure Audit Logs , 1997 .

[12]  Martín Abadi,et al.  Prudent engineering practice for cryptographic protocols , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  Rafael Accorsi,et al.  Business Process as a Service: Chances for Remote Auditing , 2011, 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops.

[14]  Adolf Hohl,et al.  Enabling persistent service links , 2005, Seventh IEEE International Conference on E-Commerce Technology (CEC'05).

[15]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[16]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[17]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[18]  Erin Kenneally Digital logs - proof matters , 2004, Digit. Investig..

[19]  Bruce Schneier,et al.  Secure audit logs to support computer forensics , 1999, TSEC.

[20]  Panayiotis Kotzanikolaou,et al.  A Framework for Secure and Verifiable Logging in Public Communication Networks , 2006, CRITIS.

[21]  Gunnar Peterson,et al.  Logging in the Age of Web Services , 2009, IEEE Security & Privacy.

[22]  Rafael Accorsi,et al.  Safe-Keeping Digital Evidence with Secure Logging Protocols: State of the Art and Challenges , 2009, 2009 Fifth International Conference on IT Security Incident Management and IT Forensics.

[23]  Gene Tsudik,et al.  A new approach to secure logging , 2008, TOS.

[24]  Rafael Accorsi,et al.  Towards Forensic Data Flow Analysis of Business Process Logs , 2011, 2011 Sixth International Conference on IT Security Incident Management and IT Forensics.

[25]  Rafael Accorsi,et al.  Detective Information Flow Analysis for Business Processes , 2009, BPSC.

[26]  Rafael Accorsi,et al.  SWAT: A Security Workflow Analysis Toolkit for Reliably Secure Process-aware Information Systems , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[27]  Rebecca T. Mercuri On auditing audit trails , 2003, CACM.

[28]  Günter Müller,et al.  Sichere Nutzungskontrolle für mehr Transparenz in Finanzmärkten , 2009, Informatik-Spektrum.

[29]  Rafael Accorsi Automated counterexample-driven audits of authentic system records , 2008 .

[30]  Rafael Accorsi,et al.  Strong non-leak guarantees for workflow models , 2011, SAC.

[31]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[32]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[33]  Adolf Hohl,et al.  Delegating Secure Logging in Pervasive Computing Systems , 2006, SPC.

[34]  Miklos A. Vasarhelyi,et al.  The Remote Audit , 2010 .

[35]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[36]  Lutz Lowis,et al.  Vulnerability Analysis in SOA-Based Business Processes , 2011, IEEE Transactions on Services Computing.

[37]  Rafael Accorsi,et al.  On the exploitation of process mining for security audits: the conformance checking case , 2012, SAC '12.

[38]  Brent Waters,et al.  Building an Encrypted and Searchable Audit Log , 2004, NDSS.

[39]  Pieter H. Hartel,et al.  Secure Audit Logging with Tamper-Resistant Hardware , 2003, SEC.

[40]  Marc Fischlin Fast Verification of Hash Chains , 2004, CT-RSA.

[41]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[42]  Lutz Lowis,et al.  On a Classification Approach for SOA Vulnerabilities , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[43]  Rafael Accorsi,et al.  On the Relationship of Privacy and Secure Remote Logging in Dynamic Systems , 2006, SEC.