skip to main content
10.1145/3589608.3595080acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
poster

Poster: Non-repudiable Secure Logging System for the Web

Published: 24 May 2023 Publication History

Abstract

To resolve disputes between servicers providing web services and their users, non-repudiable evidence is crucial because it allows one party to dismiss the denial of facts or false allegations. We propose a logger that securely records web requests and responses in a Trusted Execution Environment (TEE) to generate non-repudiable evidence for web services, which we call LogNEWT: Logger for Non-rEpudiation of Web with TEE. LogNEWT solves security issues in deploying LibSEAL to practical web services, i.e., logger-bypassing, undefined user management, and complex logger verification. In addition, LogNEWT can be transparently deployed to the existing web services.

References

[1]
[n. d.] Amazon.com. spend less. smile more. (Accessed on 03/10/2023). https://www.amazon.com/.
[2]
Roy Arends, Rob Austein, Matt Larson, Dan Massey, and Scott Rose. 2005. Rfc 4035: protocol modifications for the dns security extensions. (2005).
[3]
Pierre-Louis Aublin et al. 2018. Libseal: revealing service integrity violations using trusted execution. In Proceedings of the Thirteenth EuroSys Conference, 1--15.
[4]
Robert Biddle, Paul C Van Oorschot, Andrew S Patrick, Jennifer Sobey, and Tara Whalen. 2009. Browser interfaces and extended validation ssl certificates: an empirical study. In Proceedings of the 2009 ACM workshop on Cloud computing security, 19--30.
[5]
[n. d.] Certificate authority - mdn web docs glossary: definitions of web-related terms | mdn. (Accessed on 03/11/2023). https://developer.mozilla.org/en-US/docs/Glossary/Certificate_authority.
[6]
Federal Trade Commision. 2022. Consumer Sentinel Network Data Book 2022.
[7]
[n. d.] Docusign | #1 in electronic signature and agreement cloud. (Accessed on 04/08/2023). https://www.docusign.com/.
[8]
[n. d.] Douglas v. u.s. dist. cou | 495 f.3d 1062 (2007) | 3d106211554 | leagle.com. (Accessed on 04/09/2023).
[9]
Ben Laurie. 2014. Certificate transparency. Communications of the ACM, 57, 10, 40--46.
[10]
Antonio Sartori Mike West. 2023. Content security policy level 3. (2023). https://www.w3.org/TR/CSP3/.
[11]
P. Wouters, Ed., Aiven,D. Huigens, Proton AG, J. Winter, Sequoia-PGP, Y. Niibe, FSIJ. 2023. Draft-ietf-openpgp-crypto-refresh-07. (Accessed on 03/11/2023). https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh.
[12]
Mohamed Sabt, Mohammed Achemlal, and Abdelmadjid Bouabdallah. 2015. Trusted execution environment: what it is, and what it is not. In 2015 IEEE Trustcom/BigDataSE/Ispa. Vol. 1. IEEE, 57--64.
[13]
[n. d.] web-platform-tests dashboard. (Accessed on 03/11/2023). https://wpt.fyi/results/secure-payment-confirmation?label=experimental&label=master&aligned.
[14]
[n. d.] What is Chargeback Fraud - CardinalCommerce. (Accessed on 03/10/2023). https://www.cardinalcommerce.com/fraud/chargebacks/what-is-chargeback-fraud.

Index Terms

  1. Poster: Non-repudiable Secure Logging System for the Web

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SACMAT '23: Proceedings of the 28th ACM Symposium on Access Control Models and Technologies
    May 2023
    218 pages
    ISBN:9798400701733
    DOI:10.1145/3589608
    Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 24 May 2023

    Check for updates

    Author Tags

    1. non-repudiation
    2. trusted execution environment
    3. web security

    Qualifiers

    • Poster

    Conference

    SACMAT '23
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 177 of 597 submissions, 30%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 111
      Total Downloads
    • Downloads (Last 12 months)17
    • Downloads (Last 6 weeks)2
    Reflects downloads up to 20 Jan 2025

    Other Metrics

    Citations

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media