PillarBox: Combating Next-Generation Malware with Fast Forward-Secure Logging

Security analytics is a catchall term for vulnerability assessment and intrusion detection leveraging security logs from a wide array of Security Analytics Sources (SASs), which include firewalls, VPNs, and endpoint instrumentation. Today, nearly all security analytics systems suffer from a lack of even basic data protections. An adversary can eavesdrop on SAS outputs and advanced malware can undetectably suppress or tamper with SAS messages to conceal attacks.

[1]  Yanpei Chen,et al.  What's New About Cloud Computing Security? , 2010 .

[2]  Paul A. Karger Securing virtual machine monitors: what is needed? , 2009, ASIACCS '09.

[3]  Tadayoshi Kohno,et al.  Privacy-Preserving Location Tracking of Lost or Stolen Devices: Cryptographic Techniques and Replacing Trusted Third Parties with DHTs , 2008, USENIX Security Symposium.

[4]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[5]  Moti Yung,et al.  Funkspiel schemes: an alternative to conventional tamper resistance , 2000, CCS.

[6]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[7]  Peng Ning,et al.  BAF: An Efficient Publicly Verifiable Secure Audit Logging Scheme for Distributed Systems , 2009, 2009 Annual Computer Security Applications Conference.

[8]  Wenke Lee,et al.  Secure in-VM monitoring using hardware virtualization , 2009, CCS.

[9]  Corporate,et al.  The handbook of information security , 1991 .

[10]  Brent Waters,et al.  Building an Encrypted and Searchable Audit Log , 2004, NDSS.

[11]  Mihir Bellare,et al.  Forward-Security in Private-Key Cryptography , 2003, CT-RSA.

[12]  Anton Okmianski Transmission of Syslog Messages over UDP , 2009, RFC.

[13]  Marc Joye,et al.  Topics in Cryptology — CT-RSA 2003 , 2003 .

[14]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[15]  Peng Ning,et al.  Efficient, Compromise Resilient and Append-Only Cryptographic Schemes for Secure Audit Logging , 2012, Financial Cryptography.

[16]  Bruce Schneier,et al.  Minimizing Bandwidth for Remote Access to Cryptographically Protected Audit Logs , 1999, Recent Advances in Intrusion Detection.

[17]  Bruce Schneier,et al.  Cryptographic Support for Secure Logs on Untrusted Machines , 1998, USENIX Security Symposium.

[18]  Hugo Krawczyk,et al.  Simple forward-secure signatures from any signature scheme , 2000, IACR Cryptol. ePrint Arch..

[19]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[20]  Elise Jones Left to Right , 2001 .

[21]  Gene Tsudik,et al.  A new approach to secure logging , 2008, TOS.

[22]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[23]  Dan S. Wallach,et al.  Efficient Data Structures For Tamper-Evident Logging , 2009, USENIX Security Symposium.

[24]  Sushil Jajodia,et al.  Computer Security – ESORICS 2013 , 2013, Lecture Notes in Computer Science.

[25]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[26]  Bertram Poettering,et al.  Practical Secure Logging: Seekable Sequential Key Generators , 2013, ESORICS.

[27]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[28]  Hossein Bidgoli Handbook of Information Security , 2005 .