http://iet.metastore.ingenta.com
1887

Design and formal verification of a cloud compliant secure logging mechanism

Design and formal verification of a cloud compliant secure logging mechanism

For access to this article, please select a purchase option:

Buy article PDF
$19.95
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Security concerns are still retarding cloud adoption. While the research community work on clearing these concerns, an optimistic fair cloud compliant logging scheme may ease the cloud to spread. This study proposes a secure logging mechanism. The mechanism employs an online bulletin board as a public write-only storage for the log records. The bulletin board also acts as a trusted third party during conflict resolution. The secure logging protocol describes how the log records are distributed to the stakeholders. The protocol's security is verified with model checking tools and no security threats could be found.

References

    1. 1)
      • 1. Gens, F.: ‘IT Cloud Services User Survey, pt.2: Top Benefits & Challenges’. Tech. Rep., International Data Corporation, October 2008, http://www.blogs.idc.com/ie/?p=210.
    2. 2)
      • 2. Gens, F.: ‘New IDC IT cloud services survey: top benefits and challenges’. Tech. Rep., International Data Corporation, December 2009, http://www.blogs.idc.com/ie/?p=730.
    3. 3)
      • 3. Swanson, M., Guttman, B.: ‘Generally accepted principles and practices for securing information technology systems’. Tech. Rep., NIST 800-14, U.S. Department of Commerce, National Institute of Standards and Technology, Technology Administration, September 1996.
    4. 4)
      • 4. Brand, S.L.: ‘Department of Defense Trusted Computer System Evaluation Criteria’, U.S. Department of Defense, Department of Defense Standard DoD 5200.28-STD, December 1985.
    5. 5)
      • 5. Armando, A., Basin, D., Boichut, Y., et al: ‘The AVISPA tool for the automated validation of internet security protocols and applications’. 17th Int. Conf. on Computer Aided Verification, July 2005, vol. 3576, pp. 281285.
    6. 6)
      • 6. Bellare, M., Yee, B.S.: ‘Forward integrity for secure audit logs’. Tech. Rep., Computer Science and Engineering Department, University of California at San Diego, November 1997.
    7. 7)
      • 7. Yavuz, A.A., Ning, P., Reiter, M.K.: ‘Efficient, compromise resilient and append-only cryptographic schemes for secure audit logging’. 16th Int. Conf. on Financial Cryptography and Data Security, March 2012, vol. 7397, pp. 148163.
    8. 8)
    9. 9)
      • 9. Holt, J.E.: ‘Logcrypt: forward security and public verification for secure audit logs’. Proc. of the 2006 Australasian Workshops on Grid Computing and e-Research, January 2006, vol. 54, pp. 203211.
    10. 10)
      • 10. Ma, D., Tsudik, G.: ‘A new approach to secure logging’, ACM Trans. Storage (TOS), 2009, 5, (1), pp. 2:12:21.
    11. 11)
      • 11. Lonvick, C.: ‘The BSD syslog protocol’, Internet Engineering Task Force, Request for Comments 3164, August 2001.
    12. 12)
      • 12. Postel, J.: ‘User Datagram Protocol’, Internet Engineering Task Force, Request for Comments 768, August 1980.
    13. 13)
      • 13. Gerhards, R.: ‘The Syslog Protocol’, Internet Engineering Task Force, Request for Comments 5424, March 2009.
    14. 14)
      • 14. Okmianski, A.: ‘Transmission of syslog messages over UDP’, Internet Engineering Task Force, Request for Comments 5426, March 2009.
    15. 15)
      • 15. New, D., Rose, M.T.: ‘Reliable delivery for syslog’, Internet Engineering Task Force, Request for Comments 3195, November 2001.
    16. 16)
      • 16. Gerhards, R., Lonvick, C.: ‘Transmission of Syslog Messages over TCP’, Internet Engineering Task Force, Request for Comments 6587, April 2012.
    17. 17)
      • 17. Postel, J.: ‘Transmission control protocol’, Internet Engineering Task Force, Request for Comments 793, September 1981.
    18. 18)
      • 18. Kelsey, J., Callas, J., Clemm, A.: ‘Signed syslog messages’, Internet Engineering Task Force, Request for Comments 5848, May 2010.
    19. 19)
      • 19. Miao, F., Ma, Y., Salowey, J.: ‘Transport layer security (TLS) transport mapping for Syslog’, Internet Engineering Task Force, Request for Comments 5425, March 2009.
    20. 20)
      • 20. Salowey, J., Petch, T., Gerhards, R., et al: ‘Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog’, Internet Engineering Task Force, Request for Comments 6012, October 2010.
    21. 21)
      • 21. Dierks, T., Rescorla, E.: ‘The transport layer security (TLS) protocol version 1.2’, Internet Engineering Task Force, Request for Comments 5246, August 2008.
    22. 22)
      • 22. Rescorla, E., Modadugu, N.: ‘Datagram Transport Layer Security’, Internet Engineering Task Force, Request for Comments 4347, April 2006.
    23. 23)
      • 23. Chong, C.N., Peng, Z., Hartel, P.H.: ‘Secure audit logging with tamper-resistant hardware’, in Gritzalis, D., De Capitani di Vimercati, S., Samarati, P., et al (Eds.): ‘Security and privacy in the age of uncertainty’, ser. IFIP – The International Federation for Information Processing (Springer US, 2003), vol. 122, pp. 7384.
    24. 24)
      • 24. Accorsi, R.: ‘BBox: a distributed secure log architecture’. 8th European Workshop on Public Key Infrastructures, Services and Applications, September 2011, vol. 6711, pp. 109124.
    25. 25)
    26. 26)
      • 26. Zawoad, S., Dutta, A.K., Hasan, R.: ‘SecLaaS: secure logging-as-a-service for cloud forensics’. Proc. of the 8th ACM SIGSAC Symp. on Information, Computer and Communications Security, ser. ASIA CCS ‘13, May 2013, pp. 219230.
    27. 27)
      • 27. Asokan, N., Schunter, M., Waidner, M.: ‘Optimistic protocols for fair exchange’. Proc. of the 4th ACM Conf. on Computer and Communications Security, ser. CCS ‘97, April 1997, pp. 717.
    28. 28)
      • 28. Sandıkkaya, M.T., Harmancı, A.E.: ‘Security problems of platform-asa-service (PaaS) clouds and practical solutions to the problems’. IEEE 31st Symp. on Reliable Distributed Systems (SRDS) 2012, October 2012, pp. 463468.
    29. 29)
    30. 30)
      • 30. von Ahn, L., Blum, M., Hopper, N.J., et al: ‘CAPTCHA: using hard AI problems for security’, in Biham, E. (Ed.): ‘Advances in Cryptology – EURO-CRYPT 2003’, ser. Lecture Notes in Computer Science (Springer Berlin Heidelberg, 2003), vol. 2656, pp. 294311.
    31. 31)
      • 31. Dingledine, R., Mathewson, N., Syverson, P.: ‘Tor: the second-generation onion router’. 13th USENIX Security Symp., August 2004, pp. 303320.
    32. 32)
    33. 33)
      • 33. Asokan, N., Shoup, V., Waidner, M.: ‘Asynchronous protocols for optimistic fair exchange’. Proc. of 1998 IEEE Symp. on Security and Privacy, May 1998, pp. 8699.
    34. 34)
    35. 35)
      • 35. Chevalier, Y., Vigneron, L.: ‘Automated unbounded verification of security protocols’. 14th Int. Conf. on Computer Aided Verification, July 2002, vol. 2404, pp. 324337.
    36. 36)
      • 36. The AVISPA team, HLPSL Tutorial A Beginners Guide to Modelling and Analysing Internet Security Protocols, 1.1 ed., The AVISPA project, June 2006, http://www.avispa-project.org/package/tutorial.pdf.
    37. 37)
      • 37. Lowe, G.: ‘A hierarchy of authentication specifications’. Proc. of 10th Computer Security Foundations Workshop, June 1997, pp. 3143.
    38. 38)
    39. 39)
      • 39. Pelánek, R.: ‘Fighting state space explosion: review and evaluation’. 13th Int. Workshop on Formal Methods for Industrial Critical Systems, September 2009, vol. 5596, pp. 3752.
    40. 40)
      • 40. Moedersheim, Sebastian Alexander: [Avispa-users] Help please, May 2006, http://www.avispa-project.org/avispa-users-old/2006-May/000236.html, accessed July 2014..
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2014.0625
Loading

Related content

content/journals/10.1049/iet-ifs.2014.0625
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address