Fabio Massacci
Gene Tsudik
ABSTRACT
Management of a modern enterprise is based on the assumption that executive reports of lower-layer management are faithful to what is actually happening in the field. As some well-publicised major recent disasters (such as Barings, AllFirst-Allied Irish Bank, ENRON, Societé Generale) have shown, this assumption is not well-founded. Intermediate managers can misrepresent the actual state of their systems in order to hide negative events or to "doctor" reports which have been already produced. Existing security approaches which guarantee integrity of logs and related reports do not protect the system against these threats, if they are directly applied to a multi-layered corporate structure. In this paper, we extend existing approaches by constructing a logging scheme which ensures that, at each level, logs are both correct and consistent.
- Basel Committee on Banking Supervision, International convergence of capital measurement and capital standards, 2006.Google Scholar
- M. Bellare and S. Miner, A forward-secure digital signature scheme, CRYPTO'99, 1999. Google ScholarDigital Library
- M. Bellare and B. Yee, Forward integrity for secure audit logs, UCSD Technical Report, University of California at San Diego, 1997.Google Scholar
- C. Chong, Z. Peng and P. Hartel, Secure audit logging with tamper resistant hardware, Technical Report TR-CTIT-02-29, Univ. of Twente, 2002.Google Scholar
- D. Ma and G. Tsudik, A new approach to secure logging, IFIP DBSEC'08, 2008. Google ScholarDigital Library
- Fox Business, Futures trader responsible for $7b fraud. http://www.foxbusiness.com.Google Scholar
- J. Holt, Logcrypt: forward security and public verification for secure audit logs, AusGrid'06, 2006. Google ScholarDigital Library
- ISACA, CobiT, www.isaca.org/cobit/, 2008.Google Scholar
- ISO/IEC. ISO 17799, 2001 IT Governance Institute, IT Control Objectives for BASEL II: The important of Goverance and Risk Management for Complience., 2007. http://www.isaca.org Google ScholarDigital Library
- IT Governance Institute. IT Control Objectives for BASEL II. The important of Goverance and Risk Management for Complience., 2007. http://www.isaca.org Google ScholarDigital Library
- J. Kelsey and B. Schneier, Minimizing bandwidth for remote access to cryptographically protected audit logs, RAID'99, 1999.Google Scholar
- Permanent Subcommettee on Inverstigations of the Comittee on Governmental Affairs of the United States Senate, The Role of The Board of Directors in Enron's Collapse, http://news.findlaw.com/hdocs/docs/enron/senpsi70802rpt.pdf, 2002.Google Scholar
- B. Schneier and J. Kelsey, Cryptographic support for secure logs on untrusted machines, USENIX Security Symposium, 1998. Google ScholarDigital Library
- B. Schneier and J. Kelsy, Secure audit logs to support computer forensics, ACM TISSEC, Vol. 2, No. 2, pp. 159--176, May 1999. Google ScholarDigital Library
- United States Districs Court Southern Districs of New York, United States of America vs. Bernard J. Ebbers, http://news.findlaw.com/hdocs/docs/worldcom/usebbers504ind3s.pdf, 2004.Google Scholar
- Wachtell, Lipton, Rosen and Katz, Report to the Board of Allied Irish Banks, p.l.c., Allfirst Financial Inc. and Allfirst Bank Concerning Currency Trading Losses. Available from http://www.aibgroup.com, March 2002.Google Scholar
- B. Waters, D. Balfanz, G. Durfee and D. Smetters, Building an encrypted and searchable audit log, ISOC NDSS'04, 2004.Google Scholar
Index Terms
- Logging key assurance indicators in business processes
Recommendations
Teaching E-business with enterprise Javabeans
E-business is a hot new topic being taught today in Computer Science departments. E-business is a broad subject that includes e-commerce, but covers more than just the selling of goods. E-business can be a difficult course to teach, in that both ...
Key performance indicators for business models: a systematic review and catalog
AbstractOrganizations continuously adapt and innovate their business models to remain competitive. To support the management of business models throughout their lifecycle, Key Performance Indicators (KPIs) related to business models play an important ...
Comments