PillarBox: Combating Next-Generation Malware with Fast Forward-Secure Logging
نویسندگان
چکیده
Security analytics is a catchall term for vulnerability assessment and intrusion detection leveraging security logs from a wide array of Security Analytics Sources (SASs), which include firewalls, VPNs, and endpoint instrumentation. Today, nearly all security analytics systems suffer from a lack of even basic data protections. An adversary can eavesdrop on SAS outputs and advanced malware can undetectably suppress or tamper with SAS messages to conceal attacks. We introduce PillarBox, a tool that enforces integrity for SAS data even when such data is buffered on a compromised host within an adversarially controlled network. Additionally, PillarBox (optionally) offers stealth, concealing SAS data and potentially even alerting rules on a compromised host. Using data from a large enterprise and on-host performance measurements, we show experimentally that PillarBox has minimal overhead and is practical for real-world systems.
منابع مشابه
Efficient, Compromise Resilient and Append-Only Cryptographic Schemes for Secure Audit Logging
Due to the forensic value of audit logs, it is vital to provide compromise resiliency and append-only properties in a logging system to prevent active attackers. Unfortunately, existing symmetric secure logging schemes are not publicly verifiable and cannot address applications that require public auditing (e.g., public financial auditing), besides being vulnerable to certain attacks and depend...
متن کاملSecuring the Data in Big Data Security Analytics
Big data security analytics is an emerging approach to intrusion detection at the scale of a large organization. It involves a combination of automated and manual analysis of security logs and alerts from a wide and varying array of sources, often aggregated into a massive (“big”) data repository. Many of these sources are host facilities, such as intrusion-detection systems and syslog, that we...
متن کاملImprovising Forward Stream Integrity for Secure Logging in the Cloud
The need for secure logging is well-understood by the security professionals, together with each researchers and practitioners. The flexibility to the accuracy verifies all (or some) log entries is very important to any application using secure logging techniques. During this paper, we start by examining progressive in secure logging and determine some issues inherent to systems supported trust...
متن کاملEfficient, Compromise Resilient and Append-only Cryptographic Constructions for Digital Forensics
Due to the forensic value of the audit logs, it is vital to provide forwardsecure integrity and append-only properties in a logging system to prevent attackers who have gained control of the system from modifying or selectively deleting log entries generated before they took control. Existing forward-secure logging solutions are either based on symmetric cryptography or public key cryptography ...
متن کاملEven More Practical Secure Logging: Tree-Based Seekable Sequential Key Generators
Computer log files constitute a precious resource for system administrators for discovering and comprehending security breaches. A prerequisite of any meaningful log analysis is that attempts of intruders to cover their traces by modifying log entries are thwarted by storing them in a tamper-resistant manner. Some solutions employ cryptographic authentication when storing log entries locally, a...
متن کامل