Pseudonymizing Unix Log Files
Unix systems in many cases record personal data in log files. We present tools that help in practice to retrofit privacy protection into existing Unix audit systems. Our tools are based on an approach to pseudonymizing Unix log files while balancing user requirements for anonymity and the service provider’s requirements for accountability. By pseudonymizing identifying data in log files the association between the data and the real persons is hidden. Only upon good cause shown, such as a proceeding attack scenario, the identifying data behind the pseudonyms can be revealed. We develop a trust model as well as an architecture that integrates seamlessly with existing Unix systems. Finally, we provide performance measurements demonstrating that the tools are sufficiently fast for use at large sites.
Unable to display preview. Download preview PDF.
- Ulrich Flegel. Pseudonymizing Unix log files. Technical report, Dept. of Computer Science, Chair VI Information Systems and Security, University of Dortmund, D-44221 Dortmund, May 2002. Extended version of this paper. http://ls6-www.cs.uni-dortmund.de/issi/archive/literature/2002/Flegel:2002a.ps.gz.
- Joachim Biskup and Ulrich Flegel. On pseudonymization of audit data for intrusion detection. In Hannes Federrath, editor, Proceedings of the international Workshop on Design Issues in Anonymity and Unobservability, number 2009 in LNCS, pages 161–180, Berkeley, California, July 2000. ICSI, Springer.Google Scholar
- Joachim Biskup and Ulrich Flegel. Transaction-based pseudonyms in audit data for privacy respecting intrusion detection. In Hervé Debar, Ludovic Mé, and S. Felix Wu, editors, Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection (RAID 2000), number 1907 in LNCS, pages 28–48, Toulouse, France, October 2000. Springer.Google Scholar
- Joachim Biskup and Ulrich Flegel. Threshold-based identity recovery for privacy enhanced applications. In Sushil Jajodia and Pierangela Samarati, editors, Proceedings of the 7th ACM Conference on Computer and Communications Security, pages 71–79, Athens, Greece, November 2000. ACM SIGSAC, ACM Press.Google Scholar
- Louis Harris & Associates Inc. IBM multi-national consumer privacy survey. Technical Report 938568, IBM Global Services, 1999.Google Scholar
- Jarek Rossignac et al. GVU’s 10thWWW User Survey, December 1998. http://www.cc.gatech.edu/gvu/user surveys/survey-1998-10/graphs/graphs.html#privacy.
- Steven R. Johnston. The impact of privacy and data protection legislation on the sharing of intrusion detection information. In Lee et al. , pages 150–171.Google Scholar
- National Computer Security Center. US DoD Standard: Department of Defense Trusted Computer System Evaluation Criteria. DOD 5200.28-STD, Supercedes CSC-STD-001-83, dtd 15 Aug 83, Library No. S225,711, December 1985. http://csrc.ncsl.nist.gov/secpubs/rainbow/std001.txt.
- National Computer Security Center. Audit in trusted systems. NCSC-TG-001, Library No. S-228,470, July 1987. http://csrc.ncsl.nist.gov/secpubs/rainbow/tg001.txt.
- Common Criteria Implementation Board. Common Criteria for Information Technology Security Evaluation — Part 2: Security functional requirements, Version 2.1. Number CCIMB-99-032. National Institute of Standards and Technology, August 1999. http://csrc.ncsl.nist.gov/cc/ccv20/p2-v21.pdf.
- C. Lonvick. RFC 3164: The BSD syslog Protocol, August 2001. http://www.ietf.org/rfc/rfc3164.txt.
- Martin Roesch. Snort-lightweight intrusion detection for networks. In Proceedings of LISA’99: 13th Systems Administration Conference, pages 229–238, Seattle, Washington, November 1999. The Usenix Association, Usenix.Google Scholar
- Giovanno Vigna, Richard A. Kemmerer, and Per Blix. Designing a web of highly-configurable intrusion detection sensors. In Lee et al. , pages 69–84.Google Scholar
- Torbjörn Granlund. The GNU Multiple Precision Arithmetic Library. GNU, 3.1.1 edition, September 2000. http://www.gnu.org/manual/gmp/index.html.
- Claudia Eckert and Alexander Pircher. Internet anonymity: Problems and solutions. In Michel Dupuy and Pierre Paradinas, editors, Proceedings of the IFIP TC11 16th International Conference on Information Security (IFIP/Sec’01), pages 35–50, Paris, France, June 2001. IFIP, Kluwer Academic Publishers.Google Scholar
- Oliver Berthold, Hannes Federrath, and Marit Köhntopp. Project “Anonymity and unobservability in the internet”. In Proceedings of the Workshop on Freedom and Privacy by Design / Conference on Freedom and Privacy, pages 57–65, Toronto, Canada, April 2000. ACM.Google Scholar
- Michael Sobirey, Simone Fischer-Hübner, and Kai Rannenberg. Pseudonymous audit for privacy enhanced intrusion detection. In L. Yngström and J. Carlsen, editors, Proceedings of the IFIP TC11 13th International Conference on Information Security (SEC’97), pages 151–163, Copenhagen, Denmark, May 1997. IFIP, Chapman & Hall, London.Google Scholar
- Roland Büschkes and Dogan Kesdogan. Privacy enhanced intrusion detection. In Günter Müller and Kai Rannenberg, editors, Multilateral Security in Communications, Information Security, pages 187–204. Addison Wesley, 1999.Google Scholar
- George Davida, Yair Frankel, Yiannis Tsiounis, and Moti Yung. Anonymity control in e-cashsystems. In R. Hirschfeld, editor, Proceedings of the First International Conference on Financial Cryptography (FC’97), number 1318 in Lecture Notes in Computer Science, pages 1–16, Anguilla, British West Indies, February 1997. Springer.Google Scholar
- Jaques Traoré. Group signatures and their relevance to privacy-protecting offline electronic cashsystems. In J. Pieprzyk, R. Safavi-Naini, and J. Seberry, editors, Proceedings of the 4th Australasian Conference on Information Security and Privacy (ACISP’99), number 1587 in Lecture Notes in Computer Science, pages 228–243, Wollongong, NSW, Australia, April 1999. Springer.Google Scholar
- Wenke Lee, Ludovic Mé, and Andreas Wespi, editors. Proceedings of the Fourth International Workshop on Recent Advances in Intrusion Detection (RAID 2001), number 2212 in LNCS, Davis, California, October 2001. Springer.Google Scholar