TY - GEN
T1 - Evidence of log integrity in policy-based security monitoring
AU - Montanari, Mirko
AU - Huh, Jun Ho
AU - Dagit, Derek
AU - Bobba, Rakesh B.
AU - Campbell, Roy H.
PY - 2012/12/1
Y1 - 2012/12/1
N2 - Monitoring systems are commonly used by many organizations to collect information about their system and network operations. Typically, SNMP, IDS, or software agents generate log data and store them in a centralized monitoring system for analysis. However, malicious employees, attackers, or even organizations themselves can modify such data to hide malicious activities or to avoid expensive non-compliance fines. This paper proposes a cloud-based framework for verifying the trustworthiness of the logs based on a small amount of evidence data. A simple Cloud Security Monitoring (CSM) API, made available on the cloud services, allows organizations operating on the cloud to collect additional 'evidence' about their systems. Such evidence is used to verify system compliance against the policies set by security managers or regulatory authorities. We present a strategy for randomly auditing and verifying resource compliance, and propose an architecture that allows the organizations to prove compliance to an external auditing agency.
AB - Monitoring systems are commonly used by many organizations to collect information about their system and network operations. Typically, SNMP, IDS, or software agents generate log data and store them in a centralized monitoring system for analysis. However, malicious employees, attackers, or even organizations themselves can modify such data to hide malicious activities or to avoid expensive non-compliance fines. This paper proposes a cloud-based framework for verifying the trustworthiness of the logs based on a small amount of evidence data. A simple Cloud Security Monitoring (CSM) API, made available on the cloud services, allows organizations operating on the cloud to collect additional 'evidence' about their systems. Such evidence is used to verify system compliance against the policies set by security managers or regulatory authorities. We present a strategy for randomly auditing and verifying resource compliance, and propose an architecture that allows the organizations to prove compliance to an external auditing agency.
UR - http://www.scopus.com/inward/record.url?scp=84880910442&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84880910442&partnerID=8YFLogxK
U2 - 10.1109/DSNW.2012.6264693
DO - 10.1109/DSNW.2012.6264693
M3 - Conference contribution
AN - SCOPUS:84880910442
SN - 9781467322645
T3 - Proceedings of the International Conference on Dependable Systems and Networks
BT - 2012 IEEE/IFIP 42nd International Conference on Dependable Systems and Networks Workshops, DSN-W 2012
T2 - 2012 IEEE/IFIP 42nd International Conference on Dependable Systems and Networks Workshops, DSN-W 2012
Y2 - 25 June 2012 through 28 June 2012
ER -