Abstract
Logging is a key mechanism in the security of computer systems. Beyond supporting important forward security properties, it is critical that logging withstands both failures and intentional tampering to prevent subtle attacks leaving the system in an inconsistent state with inconclusive evidence. We propose new techniques combining forward security with crash recovery for secure log data storage. As the support of specifically forward integrity and the online nature of logging prevent the use of conventional coding, we propose and analyze a coding scheme resolving these unique design constraints. Specifically, our coding enables forward integrity, online encoding, and most importantly a constant number of operations per encoding. It adds a new log item by 𝖷𝖮𝖱 ing it to k cells of a table. If up to a certain threshold of cells is modified by the adversary, or lost due to a crash, we still guarantee recovery of all stored log items. The main advantage of the coding scheme is its efficiency and compatibility with forward integrity. The key contribution of the paper is the use of spectral graph theory techniques to prove that k is constant in the number n of all log items ever stored and small in practice, e.g., k = 5. Moreover, we prove that to cope with up to \(\sqrt {n}\) modified or lost log items, storage expansion is constant in n and small in practice. For k = 5, the size of the table is only 12% more than the simple concatenation of all n items. We propose and evaluate original techniques to scale the computation cost of recovery to several GBytes of security logs. We instantiate our scheme into an abstract data structure which allows to either detect adversarial modifications to log items or treat modifications like data loss in a system crash. The data structure can recover lost log items, thereby effectively reverting adversarial modifications.
- [1] . 2022. HARDLOG: Practical tamper-proof system auditing using a novel audit device. In 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22-26, 2022. IEEE, 1791–1807.Google Scholar
- [2] . 2010. Security against covert adversaries: Efficient protocols for realistic adversaries. Journal of Cryptology 23, 2 (2010), 281–343.
ISSN 0933-2790. Google ScholarDigital Library - [3] . 2019. Secure logging with security against adaptive crash attack. In International Symposium on Foundations & Practice of Security. Toulouse, France. https://arxiv.org/abs/1910.14169Google Scholar
- [4] . 1997. Forward Integrity for Secure Audit Logs.
Technical Report . UC San Diego.Google Scholar - [5] . 2003. Forward-security in private-key cryptography. In Topics in Cryptology - CT-RSA 2003, The Cryptographers’ Track at the RSA Conference 2003, San Francisco, CA, USA, April 13-17, 2003, Proceedings. 1–18.Google ScholarCross Ref
- [6] . 2017. Secure logging with crash tolerance. In Conference on Communications and Network Security. Las Vegas, USA, 1–10.Google ScholarCross Ref
- [7] . 2022. Source code for experiments. (2022). https://github.com/dalmayr777/secure-loggingGoogle Scholar
- [8] . 2014. PillarBox: Combating next-generation malware with fast forward-secure logging. In RAID. 46–67.Google Scholar
- [9] . 1996. Dependent sets of constant weight vectors in \(GF(q)\). Random Struct. Algorithms 9, 1-2 (1996), 49–53.Google ScholarDigital Library
- [10] . 1997. Dependent sets of constant weight binary vectors. Combinatorics, Probability & Computing 6, 3 (1997), 263–271.Google ScholarDigital Library
- [11] . 1990. Matrix multiplication via arithmetic progressions. J. Symb. Comput. 9, 3 (1990), 251–280.Google ScholarDigital Library
- [12] . 2006. Elements of Information Theory (Wiley Series in Telecommunications and Signal Processing). Wiley-Interscience.Google ScholarDigital Library
- [13] . 2008. Succinct data structures for retrieval and approximate membership (extended abstract). In ICALP. 385–396.Google Scholar
- [14] . 1960. On the evolution of random graphs. In Publication of the Mathematical Institute of the Hungarian Academy of Sciences. 17–61.Google Scholar
- [15] . 2006. Parameterized Complexity Theory. Springer.Google Scholar
- [16] . 1962. Low-density parity-check codes. IRE Trans. Information Theory 8, 1 (1962), 21–28.Google ScholarCross Ref
- [17] . 2011. Invertible Bloom lookup tables. In Allerton Conference on Communication, Control, and Computing. Monticello, USA, 792–799.Google ScholarCross Ref
- [18] . 2016. Secure audit logs with verifiable excerpts. In CT-RSA (LNCS), Vol. 9610. 183–199.Google Scholar
- [19] . 2022. Faster yet safer: Logging system via fixed-key blockcipher. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 2389–2406. Google Scholar
- [20] . 2006. Logcrypt: forward security and public verification for secure audit logs. In Australasian Symposium on Grid Computing and e-Research. 203–211.Google Scholar
- [21] . 2017. SGX-Log: Securing system logs with SGX. In AsiaCCS. ACM, 19–30.Google Scholar
- [22] . 2003. Backtracking intrusions. In 19th ACM Symposium on Operating Systems Principles, Bolton Landing, NY, USA. 223–236.Google Scholar
- [23] . 2004. Error Control Coding, Second Edition. Prentice-Hall, Inc., USA. Google ScholarDigital Library
- [24] . 2020.
/proc/sys/vm/dirty_expire_centisecs . (2020).Standard value is 30 sec on kernel 5.8, 64 bit , https://www.kernel.org/doc/Documentation/sysctl/vm.txtGoogle Scholar - [25] . 2001. The BSD Syslog Protocol. RFC 3164. (
Aug. 2001). Google ScholarDigital Library - [26] . 2002. LT codes. In IEEE Annual Symposium on Foundations of Computer Science.Google Scholar
- [27] . 2009. A new approach to secure logging. ACM Transactions on Storage 5, 1 (2009).
ISSN: 1553-3077. Google ScholarDigital Library - [28] . 2013. Practical secure logging: Seekable sequential key generators. In ESORICS. 111–128.Google Scholar
- [29] . 2014. Even more practical secure logging: Tree-based seekable sequential key generators. In ESORICS. 37–54.Google Scholar
- [30] . 2020. Custos: Practical tamper-evident auditing of operating systems using trusted execution. In NDSS. The Internet Society.Google Scholar
- [31] . 2020. Logging to the danger zone: Race condition attacks and defenses on system audit frameworks. In Conference on Computer and Communications Security. 1551–1574.Google ScholarDigital Library
- [32] . 2014. Improving the performance of invertible Bloom lookup tables. Inf. Process. Lett. 114, 4 (2014), 185–191.Google ScholarDigital Library
- [33] . 2015. Balloon: A forward-secure append-only persistent authenticated data structure. In ESORICS (LNCS), Vol. 9327. 622–641.Google Scholar
- [34] . 1998. Balls into bins – a simple and tight analysis. In RANDOM’98 (LNCS), Vol. 1518. 159–170.Google Scholar
- [35] . 2001. Efficient encoding of low-density parity-check codes. IEEE Transactions on Information Theory 47, 2 (
Feb. 2001), 638–656.Google ScholarDigital Library - [36] . 2004. Nonce-based symmetric encryption. In Proceedings of FSE. Delhi, India, 348–359.
ISBN 3-540-22171-9. Google ScholarCross Ref - [37] . 1999. Secure audit logs to support computer forensics. ACM Transactions on Information and System Security 2, 2 (1999), 159–176.Google ScholarDigital Library
- [38] . 1990. The auditing facility for a VMM security kernel. In IEEE Symposium on Security and Privacy, Oakland, California, USA. IEEE Computer Society, 262–277.Google Scholar
- [39] . 1948. A mathematical theory of communication. The Bell System Technical Journal 27, 3 (
July 1948), 379–423.Google ScholarCross Ref - [40] . 2004. LDPC Codes: An Introduction.
Coding, Cryptography and Combinatorics , Vol. 23. Birkhäuser, 85–110.ISBN 978-3-0348-9602-3. Google Scholar - [41] . 2006. Raptor codes. IEEE Transactions on Information Theory 52, 6 (2006), 2551–2567.Google ScholarDigital Library
- [42] . 1969. Gaussian elimination is not optimal. Numer. Math. 13, 4 (1969), 354–356. Google ScholarDigital Library
- [43] . 2022. SoK: SGX.Fail: How stuff get exposed. https://sgx.failGoogle Scholar
- [44] . 1986. Solving sparse linear equations over finite fields. IEEE Transactions on Information Theory 32, 1 (
January 1986), 54–62. Google ScholarDigital Library - [45] . 2023. (Incomplete) list of security flaws in XEN allowing to break out of VM. (2023). https://xenbits.xen.org/xsa/advisory-148.html, https://xenbits.xen.org/xsa/advisory-182.html, https://xenbits.xen.org/xsa/advisory-212.html, https://xenbits.xen.org/xsa/advisory-213.html, https://xenbits.xen.org/xsa/advisory-214.html, https://xenbits.xen.org/xsa/advisory-215.htmlGoogle Scholar
- [46] . 2012. BAF and FI-BAF: Efficient and publicly verifiable cryptographic schemes for secure logging in resource-constrained systems. Transactions on Information System Security 15, 2 (2012), 9.
ISSN 1094-9224. Google Scholar - [47] . 2012. Efficient, compromise resilient and append-only cryptographic schemes for secure audit logging. In Financial Cryptography and Data Security (LNCS), Vol. 7397. 148–163.Google Scholar
Index Terms
- Forward Security with Crash Recovery for Secure Logs
Recommendations
Secure Logging with Security Against Adaptive Crash Attack
Foundations and Practice of SecurityAbstractLogging systems are an essential component of security systems and their security has been widely studied. Recently (2017) it was shown that existing secure logging protocols are vulnerable to crash attack in which the adversary modifies the log ...
Concurrent rollback for crash recovery in extended hypercube networks
PAS '95: Proceedings of the First Aizu International Symposium on Parallel Algorithms/Architecture SynthesisRecovering from processor failures is an important problem in the design and development of reliable systems. We present a concurrent rollback algorithm in extended hypercube networks to recover from crash failures which involves small message and time ...
On the Quality of Service of Crash-Recovery Failure Detectors
We model the probabilistic behavior of a system comprising a failure detector and a monitored crash-recovery target. We extend failure detectors to take account of failure recovery in the target system. This involves extending QoS measures to include ...
Comments