TY - GEN
T1 - A central and secured logging data solution for Xen virtual machine
AU - Quynh, Nguyen Anh
AU - Takefuji, Yoshiyasu
PY - 2006
Y1 - 2006
N2 - Logging data is a valuable and an important information to reveal the attacker's activities and to recover broken system. Unfortunately, once the attacker successfully penetrates a protected system, he never fails to either modify the logging data, or even worse, delete them to cover his traces. To avoid such a disaster, it is best to keep logging data in another machine by forwarding them to a central logging server. However, this approach has a flaw: while transmitting on network, the data could be illegally sniffed or the traffic might be secretly redirected to a malicious machine. This paper proposes a novel method named Xenlog to secure logging data for systems run on Xen virtual machine: the solution does not use network stack to send data. Experimental and resulted tool proves that this approach is more secure than the traditional solution, while logging process is far more effective (nearly 21 times faster) and more reliable.
AB - Logging data is a valuable and an important information to reveal the attacker's activities and to recover broken system. Unfortunately, once the attacker successfully penetrates a protected system, he never fails to either modify the logging data, or even worse, delete them to cover his traces. To avoid such a disaster, it is best to keep logging data in another machine by forwarding them to a central logging server. However, this approach has a flaw: while transmitting on network, the data could be illegally sniffed or the traffic might be secretly redirected to a malicious machine. This paper proposes a novel method named Xenlog to secure logging data for systems run on Xen virtual machine: the solution does not use network stack to send data. Experimental and resulted tool proves that this approach is more secure than the traditional solution, while logging process is far more effective (nearly 21 times faster) and more reliable.
KW - Central logging
KW - Linux
KW - Secured logging
KW - Xen virtual machine
UR - http://www.scopus.com/inward/record.url?scp=34047143797&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34047143797&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:34047143797
SN - 0889865701
SN - 9780889865709
T3 - Proceedings of the IASTED International Conference on Parallel and Distributed Computing and Networks, as part of the 24th IASTED International Multi-Conference on APPLIED INFORMATICS
SP - 218
EP - 224
BT - Proceedings of the IASTED International Conference on Parallel and Distributed Computing and Networks, as part of the 24th IASTED International Multi-Conference on APPLIED INFORMATICS
T2 - IASTED International Conference on Parallel and Distributed Computing and Networks, as part of the 24th IASTED International Multi-Conference on APPLIED INFORMATICS
Y2 - 14 February 2006 through 16 February 2006
ER -