论文信息 - A secure logging scheme for Forensic Computing

A secure logging scheme for Forensic Computing

In this paper, we propose a secure logging scheme for Forensic Computing. Forensic Computing is the process conducted to identify the method of an attack and intruders in the case of system compromise. In Forensic Computing, trustworthy logs admissible for court are needed. Moreover, since the log contains various confidential information, the confidentiality of the log must be preserved. Our scheme achieves the integrity of logs and fine-grained access control for logs with small overhead size using the signature tree and Forward Integrity.

[1] George M. Mohay,et al. Computer and Intrusion Forensics , 2003 .

[2] Simon S. Lam,et al. Digital signatures for flows and multicasts , 1999, TNET.

[3] Nasir D. Memon,et al. ForNet: A Distributed Forensics Network , 2003, MMM-ACNS.

[4] Simon S. Lam,et al. Digital signatures for flows and multicasts , 1998, Proceedings Sixth International Conference on Network Protocols (Cat. No.98TB100256).

[5] Bruce Schneier,et al. Minimizing Bandwidth for Remote Access to Cryptographically Protected Audit Logs , 1999, Recent Advances in Intrusion Detection.

[6] Bruce Schneier,et al. Secure audit logs to support computer forensics , 1999, TSEC.

[7] Mihir Bellare,et al. Forward Integrity For Secure Audit Logs , 1997 .

[8] Stuart Haber,et al. Improving the Efficiency and Reliability of Digital Time-Stamping , 1993 .