Docstoc

Sai

Document Sample
Sai Powered By Docstoc
					Secure Audit-Logs for Computer Forensics

             Internet Security Principles
               Midterm Project Status
                   Sai Kumaar. V
                  Savenkat@syr.edu
Project Description

 In an untrusted machine, sensitive information
 should be kept in log files. We should ensure
 that an attacker would gain little or no
 information form the log files and we should
 limit his ability to corrupt the log files. The aim
 of this project is to device a computationally
 cheap method for making all log entries
 generated prior to the logging machine’s
 compromise impossible for the attacker to
 read, and also impossible to undetectably
 modify or destroy.
Project Team Members & Role
 Sai Kumaar. V
* Spokesperson and I will be doing all
  work in this project
* Research & Web search
* Writing
* Documenting the project status
Description of the Problem
 We have an untrusted machine, that
 is not physically secure to guarantee
 that it cannot be taken over by some
 attacker. However, this machine
 needs to be able to build and
 maintain a file of audit log entries of
 some processes, measurements,
 events, or tasks.
Should work on a audit mechanism
that must survive the attacker’s
attempt at undetectable manipulation

This need not be a system to prevent
all possible manipulations of the audit
log; but should be able to detect such
manipulations after the test
Example
Cont.
 date,time,level,message 2000-08-09,10:21:16,Info,Log file started 2000-08-
 09,10:21:16,Info,Filter name: winfiles processing 2000-08-09,10:21:16,Info,Job started
 by [SCarter] 2000-08-09,10:21:16,Info,Input file: [D:\saved
 websites\winfiles.cnet.com\apps\98\calc-convert.html] Size: 166,305 bytes 2000-08-
 09,10:21:40,Info,1076 replace(s) performed for exact match [</b>] 2000-08-
 09,10:21:40,Info,1007 replace(s) performed for exact match [<b>] 2000-08-
 09,10:21:40,Info,1111 replace(s) performed for pattern match [<font[^>]*>] 2000-08-
 09,10:21:40,Info,1111 replace(s) performed for exact match [</font>] 2000-08-
 09,10:21:40,Info,70 replace(s) performed for exact match [ ] 2000-08-
 09,10:21:40,Info,139 replace(s) performed for pattern match [<table[^>]*>] 2000-08-
 09,10:21:40,Info,1175 replace(s) performed for pattern match [<td[^>]*>]
Progress
•   Gathered information from the
    Internet
•   Reviewed Books
Research

Application of our protocol to Computer
Forensics
Bottlenecks
•   Not a broad subject to get
    information in devising an efficient
    mechanism
Proposed Outline

Introduction
Description of the method
Using the Audit Log as a tool for Computer
Forensics
Other Applications
Conclusion

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:30
posted:3/1/2012
language:Latin
pages:11