A novel approach to secured and central logging data

Nguyen Anh Quynh; Yoshiyasu Takefuji

A novel approach to secured and central logging data

Nguyen Anh Quynh, Yoshiyasu Takefuji

Research output: Contribution to journal › Article › peer-review

Abstract

Logging data is valuable and important information to reveal the attacker's activities and recover broken system. Unfortunately, once the attacker successfully penetrates a protected system, he never fails to either modify the logging data, or even worse, delete them to cover his traces. To avoid such a disaster, it is best to keep logging data in another machine by forwarding them to a central logging server. However, this approach has a flaw: while transmitting on network, data could be illegally sniffed or the traffic might be secretly redirected to a malicious machine. This paper proposes a novel method named Xenlog to secure logging data for systems run on Xen virtual machine: the solution does not use network stack to send data. Experimental and resulted tool proves that this approach is more secure than the traditional solution, while logging process is far more effective (nearly 24 times faster) and more reliable.

Original language	English
Pages (from-to)	201-208
Number of pages	8
Journal	WSEAS Transactions on Computers
Volume	5
Issue number	1
Publication status	Published - 2006 Jan
Externally published	Yes

Keywords

Central logging
Forensic analysis
Linux
Secured logging
Security attack
Xen

ASJC Scopus subject areas

Computer Science(all)

Cite this

@article{7fbc1fe92fa0470b8f611f277955429e,

title = "A novel approach to secured and central logging data",

abstract = "Logging data is valuable and important information to reveal the attacker's activities and recover broken system. Unfortunately, once the attacker successfully penetrates a protected system, he never fails to either modify the logging data, or even worse, delete them to cover his traces. To avoid such a disaster, it is best to keep logging data in another machine by forwarding them to a central logging server. However, this approach has a flaw: while transmitting on network, data could be illegally sniffed or the traffic might be secretly redirected to a malicious machine. This paper proposes a novel method named Xenlog to secure logging data for systems run on Xen virtual machine: the solution does not use network stack to send data. Experimental and resulted tool proves that this approach is more secure than the traditional solution, while logging process is far more effective (nearly 24 times faster) and more reliable.",

keywords = "Central logging, Forensic analysis, Linux, Secured logging, Security attack, Xen",

author = "Quynh, {Nguyen Anh} and Yoshiyasu Takefuji",

year = "2006",

month = jan,

language = "English",

volume = "5",

pages = "201--208",

journal = "WSEAS Transactions on Computers",

issn = "1109-2750",

publisher = "World Scientific and Engineering Academy and Society",

number = "1",

}

TY - JOUR

T1 - A novel approach to secured and central logging data

AU - Quynh, Nguyen Anh

AU - Takefuji, Yoshiyasu

PY - 2006/1

Y1 - 2006/1

N2 - Logging data is valuable and important information to reveal the attacker's activities and recover broken system. Unfortunately, once the attacker successfully penetrates a protected system, he never fails to either modify the logging data, or even worse, delete them to cover his traces. To avoid such a disaster, it is best to keep logging data in another machine by forwarding them to a central logging server. However, this approach has a flaw: while transmitting on network, data could be illegally sniffed or the traffic might be secretly redirected to a malicious machine. This paper proposes a novel method named Xenlog to secure logging data for systems run on Xen virtual machine: the solution does not use network stack to send data. Experimental and resulted tool proves that this approach is more secure than the traditional solution, while logging process is far more effective (nearly 24 times faster) and more reliable.

AB - Logging data is valuable and important information to reveal the attacker's activities and recover broken system. Unfortunately, once the attacker successfully penetrates a protected system, he never fails to either modify the logging data, or even worse, delete them to cover his traces. To avoid such a disaster, it is best to keep logging data in another machine by forwarding them to a central logging server. However, this approach has a flaw: while transmitting on network, data could be illegally sniffed or the traffic might be secretly redirected to a malicious machine. This paper proposes a novel method named Xenlog to secure logging data for systems run on Xen virtual machine: the solution does not use network stack to send data. Experimental and resulted tool proves that this approach is more secure than the traditional solution, while logging process is far more effective (nearly 24 times faster) and more reliable.

KW - Central logging

KW - Forensic analysis

KW - Linux

KW - Secured logging

KW - Security attack

KW - Xen

UR - http://www.scopus.com/inward/record.url?scp=30644456782&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=30644456782&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:30644456782

SN - 1109-2750

VL - 5

SP - 201

EP - 208

JO - WSEAS Transactions on Computers

JF - WSEAS Transactions on Computers

IS - 1

ER -

A novel approach to secured and central logging data

Abstract

Keywords

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this