Secure logging as a service-delegating log management to the cloud

IEEE Systems Journal

Volumn 7, Issue 2, 2013, Pages 323-334

  Ray, Indrajit ^a   Belyaev, Kirill ^a   Strizhov, Mikhail ^a   Mulamba, Dieudonne ^a   Rajaram, Mariappan ^b  

^a Colorado State University   (United States)

^b Quality Program Management   (United States)

Author keywords

Cloud computing; logging; privacy; security

Indexed keywords

CAPITAL EXPENSE; CLOUD-BASED; COST SAVING; LOG MANAGEMENTS; LOGGING PROCESS; SECURE LOGGINGS; SECURITY; SENSITIVE INFORMATIONS;

CLOUD COMPUTING; DATA PRIVACY; LOGGING (FORESTRY); SYSTEMS SCIENCE;

ELECTRICAL ENGINEERING;

EID: 84876811768     PISSN: 19328184     EISSN: 19379234     Source Type: Journal    
DOI: 10.1109/JSYST.2012.2221958     Document Type: Article

References (29)

1. K. Kent and M. Souppaya. (1992). Guide to Computer Security Log Management, NIST Special Publication 800-92 [Online]. Available: http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf
2. U.S. Department of Health and Human Services. (2011, Sep.). HIPAA-General Information [Online]. Available: https://www.cms.gov/hipaageninfo
3. PCI Security Standards Council. (2006, Sep.) Payment Card Industry (PCI) Data Security Standard-Security Audit Procedures Version 1.1 [Online]. Available: https://www.pcisecuritystandards.org/pdfs/pci?audit?procedures?v1-1. pdf
4. Sarbanes-Oxley Act 2002. (2002, Sep.). A Guide to the Sarbanes-Oxley Act [Online]. Available: http://www.soxlaw.com/
5. C. Lonvick, The BSD Syslog Protocol, Request for Comment RFC 3164, Internet Engineering Task Force, Network Working Group, Aug. 2001.
6. D. New and M. Rose, Reliable Delivery for Syslog, Request for Comment RFC 3195, Internet Engineering Task Force, Network Working Group, Nov. 2001.
7. M. Bellare and B. S. Yee, "Forward integrity for secure audit logs," Dept. Comput. Sci., Univ. California, San Diego, Tech. Rep., Nov. 1997.
8. BalaBit IT Security (2011, Sep.). Syslog-ng-Multiplatform Syslog Server and Logging Daemon [Online]. Available: http://www.balabit. com/network- security/syslog-ng
9. J. Kelsey, J. Callas, and A. Clemm, Signed Syslog Messages, Request for Comment RFC 5848, Internet Engineering Task Force, Network Working Group, May 2010.
10. D. Ma and G. Tsudik, "A new approach to secure logging," ACM Trans. Storage, vol. 5, no. 1, pp. 21-221, Mar. 2009.
11. U. Flegel, "Pseudonymizing unix log file," in Proc. Int. Conf. Infrastruture Security, LNCS 2437. Oct. 2002, pp. 162-179.
12. C. Eckert and A. Pircher, "Internet anonymity: Problems and solutions," in Proc. 16th IFIP TC-11 Int. Conf. Inform. Security, 2001, pp. 35-50 .
13. M. Rose, The Blocks Extensible Exchange Protocol Core, Request for Comment RFC 3080, Internet Engineering Task Force, Network Working Group, Mar. 2001.
14. B. Schneier and J. Kelsey, "Security audit logs to support computer forensics," ACM Trans. Inform. Syst. Security, vol. 2, no. 2, pp. 159-176, May 1999.
15. J. E. Holt, "Logcrypt: Forward security and public verification for secure audit logs," in Proc. 4th Australasian Inform. Security Workshop, 2006, pp. 203-211.
16. R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The secondgeneration onion router," in Proc. 12th Ann. USENIX Security Symp., Aug. 2004, pp. 21-21.
17. The Tor Project, Inc. (2011, Sep.) Tor: Anonymity Online [Online]. Available: http://www.torproject.org
18. D. Dolev and A. Yao, "On the security of public key protocols," IEEE Trans. Inform. Theory, vol. 29, no. 2, pp. 198-208, Mar. 1983.
19. A. Shamir, "How to share a secret," Commun. ACM, vol. 22, no. 11, pp. 612-613, Nov. 1979.
20. G. R. Blakley, "Safeguarding cryptographic keys," in Proc. Nat. Comput. Conf., Jun. 1979, p. 313.
21. R. Ostrovsky and M. Yung, "How to withstand mobile virus attack," in Proc. 10th Ann. ACM Symp. Principles Distributed Comput., Aug. 1991, pp. 51-59.
22. A. Herzberg, S. Jarecki, H. Krawczyk, and M. Yung, "Proactive secret sharing or: How to cope with perpetual leakage," in Proc. 15th Ann. Int. Cryptology Conf., Aug. 1995, pp. 339-352.
23. I. Teranishi, J. Furukawa, and K. Sako, "k-times anonymous authentication (extended abstract)," in Proc. 10th Int. Conf. Theor. Appl. Cryptology Inform. Security, LNCS 3329. 2004, pp. 308-322. (Pubitemid 39747762)
24. D. L. Wells, J. A. Blakeley, and C. W. Thompson, "Architecture of an open object-oriented database management system," IEEE Comput., vol. 25, no. 10, pp. 74-82, Oct. 1992.
25. K. Nørv°ag, O. Sandst°a, and K. Bratbergsengen, "Concurrency control in distributed object oriented database systems," in Proc. 1st East-Eur. Symp. Adv. Databases Inform. Syst., Sep. 1997, pp. 32-32.
26. R. Droms, Dynamic Host Configuration Protocol, Request for Comment RFC 2131, Internet Engineering Task Force, Network Working Group, Mar. 1991.
27. Project: AN.ON-Anonymity Online. (2012, Mar.). JAP Anonymity and Privacy [Online]. Available: http://anon.inf.tu-dresden.de/index?en.html
28. Ultrareach Internet Corporation. (2012, Mar.). Ultrasurf-Privacy, Security, Freedom [Online]. Available: http://ultrasurf.us/index.html
29. Global Internet Freedom Consortium. (2012, Mar.). FreeGate [Online]. Available: http://www.internetfreedom.org/FreeGate