Design and formal verification of a cloud compliant secure logging mechanism

Mehmet Tahir Sandıkkaya; Tolga Ovatman; Ali Emre Harmancı

Design and formal verification of a cloud compliant secure logging mechanism

View Fulltext

Author(s): Mehmet Tahir Sandıkkaya ¹ ; Tolga Ovatman ¹ ; Ali Emre Harmancı ¹
- Affiliations: 1: Computer Engineering Department, Istanbul Technical University, Istanbul, Turkey
Source: Volume 10, Issue 4, July 2016, p. 203 – 214
DOI: 10.1049/iet-ifs.2014.0625 , Print ISSN 1751-8709, Online ISSN 1751-8717

Received 17/12/2014, Accepted 26/10/2015, Revised 04/09/2015, Published 01/07/2016

Security concerns are still retarding cloud adoption. While the research community work on clearing these concerns, an optimistic fair cloud compliant logging scheme may ease the cloud to spread. This study proposes a secure logging mechanism. The mechanism employs an online bulletin board as a public write-only storage for the log records. The bulletin board also acts as a trusted third party during conflict resolution. The secure logging protocol describes how the log records are distributed to the stakeholders. The protocol's security is verified with model checking tools and no security threats could be found.

References

1. 1)
  - 35. Chevalier, Y., Vigneron, L.: ‘Automated unbounded verification of security protocols’. 14th Int. Conf. on Computer Aided Verification, July 2002, vol. 2404, pp. 324–337.
2. 2)
  - 26. Zawoad, S., Dutta, A.K., Hasan, R.: ‘SecLaaS: secure logging-as-a-service for cloud forensics’. Proc. of the 8th ACM SIGSAC Symp. on Information, Computer and Communications Security, ser. ASIA CCS ‘13, May 2013, pp. 219–230.
3. 3)
  - 21. Dierks, T., Rescorla, E.: ‘The transport layer security (TLS) protocol version 1.2’, Internet Engineering Task Force, Request for Comments 5246, August 2008.
4. 4)
  - 32. Drielsma, P.H., Mödersheim, S.: ‘The ASW protocol revisited: a unified view’, Electron. Notes Theor. Comput. Sci., 2005, 125, (1), pp. 145–161 (doi: 10.1016/j.entcs.2004.05.024).
5. 5)
  - 11. Lonvick, C.: ‘The BSD syslog protocol’, Internet Engineering Task Force, Request for Comments 3164, August 2001.
6. 6)
  - 34. Basin, D., Mödersheim, S., Viganó, L.: ‘OFMC: A symbolic model checker for security protocols’, Int. J. Inf. Secur., 2005, 4, (3), pp. 181–208 (doi: 10.1007/s10207-004-0055-7).
7. 7)
  - 9. Holt, J.E.: ‘Logcrypt: forward security and public verification for secure audit logs’. Proc. of the 2006 Australasian Workshops on Grid Computing and e-Research, January 2006, vol. 54, pp. 203–211.
8. 8)
  - 18. Kelsey, J., Callas, J., Clemm, A.: ‘Signed syslog messages’, Internet Engineering Task Force, Request for Comments 5848, May 2010.
9. 9)
  - 8. Schneier, B., Kelsey, J.: ‘Secure audit logs to support computer forensics’, ACM Trans. Inf. Syst. Secur. (TISSEC), 1999, 2, (2), pp. 159–176 (doi: 10.1145/317087.317089).
10. 10)
  - 33. Asokan, N., Shoup, V., Waidner, M.: ‘Asynchronous protocols for optimistic fair exchange’. Proc. of 1998 IEEE Symp. on Security and Privacy, May 1998, pp. 86–99.
11. 11)
  - 38. Lin, F.J., Chu, P.M., Liu, M.T.: ‘Protocol verification using reachability analysis: the state space explosion problem and relief strategies’, ACM SIGCOMM Comput. Commun. Rev., 1987, 17, (5), pp. 126–135 (doi: 10.1145/55483.55496).
12. 12)
  - 40. Moedersheim, Sebastian Alexander: [Avispa-users] Help please, May 2006, http://www.avispa-project.org/avispa-users-old/2006-May/000236.html, accessed July 2014..
13. 13)
  - 4. Brand, S.L.: ‘Department of Defense Trusted Computer System Evaluation Criteria’, U.S. Department of Defense, Department of Defense Standard DoD 5200.28-STD, December 1985.
14. 14)
  - 15. New, D., Rose, M.T.: ‘Reliable delivery for syslog’, Internet Engineering Task Force, Request for Comments 3195, November 2001.
15. 15)
  - 31. Dingledine, R., Mathewson, N., Syverson, P.: ‘Tor: the second-generation onion router’. 13th USENIX Security Symp., August 2004, pp. 303–320.
16. 16)
  - 30. von Ahn, L., Blum, M., Hopper, N.J., et al: ‘CAPTCHA: using hard AI problems for security’, in Biham, E. (Ed.): ‘Advances in Cryptology – EURO-CRYPT 2003’, ser. Lecture Notes in Computer Science (Springer Berlin Heidelberg, 2003), vol. 2656, pp. 294–311.
17. 17)
  - 27. Asokan, N., Schunter, M., Waidner, M.: ‘Optimistic protocols for fair exchange’. Proc. of the 4th ACM Conf. on Computer and Communications Security, ser. CCS ‘97, April 1997, pp. 7–17.
18. 18)
  - 28. Sandıkkaya, M.T., Harmancı, A.E.: ‘Security problems of platform-asa-service (PaaS) clouds and practical solutions to the problems’. IEEE 31st Symp. on Reliable Distributed Systems (SRDS) 2012, October 2012, pp. 463–468.
19. 19)
  - 2. Gens, F.: ‘New IDC IT cloud services survey: top benefits and challenges’. Tech. Rep., International Data Corporation, December 2009, http://www.blogs.idc.com/ie/?p=730.
20. 20)
  - 22. Rescorla, E., Modadugu, N.: ‘Datagram Transport Layer Security’, Internet Engineering Task Force, Request for Comments 4347, April 2006.
21. 21)
  - 10. Ma, D., Tsudik, G.: ‘A new approach to secure logging’, ACM Trans. Storage (TOS), 2009, 5, (1), pp. 2:1–2:21.
22. 22)
  - 17. Postel, J.: ‘Transmission control protocol’, Internet Engineering Task Force, Request for Comments 793, September 1981.
23. 23)
  - 6. Bellare, M., Yee, B.S.: ‘Forward integrity for secure audit logs’. Tech. Rep., Computer Science and Engineering Department, University of California at San Diego, November 1997.
24. 24)
  - 13. Gerhards, R.: ‘The Syslog Protocol’, Internet Engineering Task Force, Request for Comments 5424, March 2009.
25. 25)
  - 14. Okmianski, A.: ‘Transmission of syslog messages over UDP’, Internet Engineering Task Force, Request for Comments 5426, March 2009.
26. 26)
  - 37. Lowe, G.: ‘A hierarchy of authentication specifications’. Proc. of 10th Computer Security Foundations Workshop, June 1997, pp. 31–43.
27. 27)
  - 24. Accorsi, R.: ‘BBox: a distributed secure log architecture’. 8th European Workshop on Public Key Infrastructures, Services and Applications, September 2011, vol. 6711, pp. 109–124.
28. 28)
  - 7. Yavuz, A.A., Ning, P., Reiter, M.K.: ‘Efficient, compromise resilient and append-only cryptographic schemes for secure audit logging’. 16th Int. Conf. on Financial Cryptography and Data Security, March 2012, vol. 7397, pp. 148–163.
29. 29)
  - 20. Salowey, J., Petch, T., Gerhards, R., et al: ‘Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog’, Internet Engineering Task Force, Request for Comments 6012, October 2010.
30. 30)
  - 25. Ray, I., Belyaev, K., Strizhov, M., et al: ‘Secure logging as a service – delegating log management to the cloud’, IEEE Syst. J., 2013, 7, (2), pp. 323–334 (doi: 10.1109/JSYST.2012.2221958).
31. 31)
  - 5. Armando, A., Basin, D., Boichut, Y., et al: ‘The AVISPA tool for the automated validation of internet security protocols and applications’. 17th Int. Conf. on Computer Aided Verification, July 2005, vol. 3576, pp. 281–285.
32. 32)
  - 1. Gens, F.: ‘IT Cloud Services User Survey, pt.2: Top Benefits & Challenges’. Tech. Rep., International Data Corporation, October 2008, http://www.blogs.idc.com/ie/?p=210.
33. 33)
  - 3. Swanson, M., Guttman, B.: ‘Generally accepted principles and practices for securing information technology systems’. Tech. Rep., NIST 800-14, U.S. Department of Commerce, National Institute of Standards and Technology, Technology Administration, September 1996.
34. 34)
  - 36. The AVISPA team, HLPSL Tutorial A Beginners Guide to Modelling and Analysing Internet Security Protocols, 1.1 ed., The AVISPA project, June 2006, http://www.avispa-project.org/package/tutorial.pdf.
35. 35)
  - 39. Pelánek, R.: ‘Fighting state space explosion: review and evaluation’. 13th Int. Workshop on Formal Methods for Industrial Critical Systems, September 2009, vol. 5596, pp. 37–52.
36. 36)
  - 29. Dolev, D., Yao, A.C.: ‘On the security of public key protocols’, IEEE Trans. Inf. Theory, 1983, 29, (2), pp. 198–208 (doi: 10.1109/TIT.1983.1056650).
37. 37)
  - 23. Chong, C.N., Peng, Z., Hartel, P.H.: ‘Secure audit logging with tamper-resistant hardware’, in Gritzalis, D., De Capitani di Vimercati, S., Samarati, P., et al (Eds.): ‘Security and privacy in the age of uncertainty’, ser. IFIP – The International Federation for Information Processing (Springer US, 2003), vol. 122, pp. 73–84.
38. 38)
  - 12. Postel, J.: ‘User Datagram Protocol’, Internet Engineering Task Force, Request for Comments 768, August 1980.
39. 39)
  - 19. Miao, F., Ma, Y., Salowey, J.: ‘Transport layer security (TLS) transport mapping for Syslog’, Internet Engineering Task Force, Request for Comments 5425, March 2009.
40. 40)
  - 16. Gerhards, R., Lonvick, C.: ‘Transmission of Syslog Messages over TCP’, Internet Engineering Task Force, Request for Comments 6587, April 2012.

Login

Not registered yet?

Share

Tools

Login to add to favourites

Key

Design and formal verification of a cloud compliant secure logging mechanism

References

Related content