Sciweavers

SADFE
2008
IEEE

Finding the Evidence in Tamper-Evident Logs

14 years 6 months ago
Finding the Evidence in Tamper-Evident Logs
Secure logs are powerful tools for building systems that must resist forgery, prove temporal relationships, and stand up to forensic scrutiny. The proofs of order and integrity encoded in these tamper-evident chronological records, typically built using hash chaining, may be used by applications to enforce operating constraints or sound alarms at suspicious activity. However, existing research stops short of discussing how one might go about automatically determining whether a given secure log satisfies a given set of constraints on its records. In this paper, we discuss our work on Q, a tool that accomplishes this. It can be used offline as an analyzer for static logs, or online during the runtime of a logging application. Q rules are written in a flexible pattern-matching language that adapts to arbitrary log structures; given a set of rules and available log data, Q presents evidence of correctness and offer...
Daniel Sandler, Kyle Derr, Scott A. Crosby, Dan S.
Added 01 Jun 2010
Updated 01 Jun 2010
Type Conference
Year 2008
Where SADFE
Authors Daniel Sandler, Kyle Derr, Scott A. Crosby, Dan S. Wallach
Comments (0)