A Forensic Logging System Based on a Secure OS

نویسندگان

  • Ilkyeun Ra
  • Tae-Kyou Park
چکیده

This paper describes a forensic logging system that collects fine-grained trace evidence from target servers and networks. To provide a more reliable and efficient forensic logging system, we developed a dedicated network processor that collects network traffic and a hardened TCSEC-B1 level secure operating system. The system also is capable of defending servers from malicious attacks as well as allowing system security managers to obtain forensic evidence from the forensic logging system when the target system is assaulted by malicious attacks from the internet. We present the structure of the system and discuss the benchmark test results of our prototype system.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Efficient, Compromise Resilient and Append-only Cryptographic Constructions for Digital Forensics

Due to the forensic value of the audit logs, it is vital to provide forwardsecure integrity and append-only properties in a logging system to prevent attackers who have gained control of the system from modifying or selectively deleting log entries generated before they took control. Existing forward-secure logging solutions are either based on symmetric cryptography or public key cryptography ...

متن کامل

Efficient, Compromise Resilient and Append-Only Cryptographic Schemes for Secure Audit Logging

Due to the forensic value of audit logs, it is vital to provide compromise resiliency and append-only properties in a logging system to prevent active attackers. Unfortunately, existing symmetric secure logging schemes are not publicly verifiable and cannot address applications that require public auditing (e.g., public financial auditing), besides being vulnerable to certain attacks and depend...

متن کامل

Making the Most Out of OS Virtual Machine Technology

OS Virtual Machines (OS VMs) were introduced in the 1960s to enable time-sharing of expensive hardware. In spite of rapidly falling hardware prices, OS VMs are still popular today. What makes them particularly interesting and useful is the capability to perform fine granular and secure logging of system execution. I claim that this is a fundamental property of OS VMs that real systems do not po...

متن کامل

BAFi: a practical cryptographic secure audit logging scheme for digital forensics

Audit logs provide information about historical states of computer systems. They also contain highly valuable data that can be used by law enforcement in forensic investigations. Thus, ensuring the authenticity and integrity of audit logs is of vital importance. An ideal security mechanism for audit logging must also satisfy security properties such as forwardsecurity (compromise resiliency), c...

متن کامل

EmLog: Tamper-Resistant System Logging for Constrained Devices with TEEs

Remote mobile and embedded devices are used to deliver increasingly impactful services, such as medical rehabilitation and assistive technologies. Secure system logging is beneficial in these scenarios to aid audit and forensic investigations particularly if devices bring harm to end-users. Logs should be tamper-resistant in storage, during execution, and when retrieved by a trusted remote veri...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:
  • IJCSA

دوره 6  شماره 

صفحات  -

تاریخ انتشار 2009