Continuous Tamper-proof Logging using TPM2.0

Abstract

Auditing system logs is an important means of ensuring systems' security in situations where run-time security mechanisms are not sufficient to completely prevent potentially malicious activities. A fundamental requirement for reliable auditing is the integrity of the log entries. This paper presents an infrastructure for secure logging that is capable of detecting the tampering of logs by powerful adversaries residing on the device where logs are generated. We rely on novel features of trusted hardware (TPM) to ensure the continuity of the logging infrastructure across power cycles without help from a remote server. Our infrastructure also addresses practical concerns including how to handle high-frequency log updates, how to conserve disk space for storing logs, and how to efficiently verify an arbitrary subset of the log. Importantly, we formally state the tamper-proofness guarantee of our infrastructure and verify that our basic secure logging protocol provides the desired guarantee. To demonstrate that our infrastructure is practical, we implement a prototype and evaluate its performance.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 16, 2014
Accession Number
ADA609110

Entities

People

  • Arunesh Sinha
  • Jacob R. Lorch
  • Limin Jia
  • Paul England

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Auditing
  • Computer Access Control
  • Computer Science
  • Computers
  • Continuity
  • Cybersecurity
  • Failure Mode And Effect Analysis
  • Frequency
  • Guarantees
  • Kernels (Operating System)
  • Language
  • Malware
  • Models
  • Operating Systems
  • Prototypes
  • Security
  • System Software

Fields of Study

  • Computer science
  • Mathematics

Readers

  • Cybersecurity.
  • Parallel and Distributed Computing.
  • Systems Analysis and Design

Technology Areas

  • Space