Uncorrupted log files are the critical system component for computer forensics in case of intrusion and for real time system monitoring and auditing. Protection from tampering with information can be achieved using cryptographic functions that provide authenticity, integrity, and confidentiality. However, they cannot provide the prerequisite for any further information processing, i.e., information availability. In this case, fault tolerant strategies can be of great help improving information availability in case of accidental or deliberate deletion.In this paper we propose a system that increases log files availability in case of software deletion by reliably and efficiently distributing the logs on multiple independent machines. The proposed scheme is more efficient than simple replication, both from the storage space and the network bandwidth points of view. The proposed system has been implemented and its impact on performance has been measured. Since it operates as a postprocessor after log generation, the proposed system can be easily integrated with logging systems that provide various cryptographic functions for forensic purposes.

Adding availability to log services of untrusted machines / A. Arona, D. Bruschi, E. Rosti - In: Proceedings : 15. annual Computer security applications conference : (ACSAC '99) : December 6-10, 1999, Phoenix, ArizonaLos Alamitos : IEEE Computer Society, 1999 Dec. - ISBN 0769503462. - pp. 199-206 (( convegno Annual Computer security applications conference (ACSAC) tenutosi a Phoenix nel 1999 [10.1109/CSAC.1999.816028].

Adding availability to log services of untrusted machines

A. Arona
Primo
;
D. Bruschi
Secondo
;
E. Rosti
Ultimo
1999

Abstract

Uncorrupted log files are the critical system component for computer forensics in case of intrusion and for real time system monitoring and auditing. Protection from tampering with information can be achieved using cryptographic functions that provide authenticity, integrity, and confidentiality. However, they cannot provide the prerequisite for any further information processing, i.e., information availability. In this case, fault tolerant strategies can be of great help improving information availability in case of accidental or deliberate deletion.In this paper we propose a system that increases log files availability in case of software deletion by reliably and efficiently distributing the logs on multiple independent machines. The proposed scheme is more efficient than simple replication, both from the storage space and the network bandwidth points of view. The proposed system has been implemented and its impact on performance has been measured. Since it operates as a postprocessor after log generation, the proposed system can be easily integrated with logging systems that provide various cryptographic functions for forensic purposes.
availability; security; fault-tolerance; log files
Settore INF/01 - Informatica
Applied Computer Security associatesSpecial Interest Group on Security, Audit, and Control
Book Part (author)
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/258836
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 5
  • ???jsp.display-item.citation.isi??? ND
social impact