Applying The Biba Integrity Model to Evidence Management
This paper describes the design of an integrity-aware Forensic Evidence Management System (FEMS). The well-known Biba integrity model is employed to preserve and reason about the integrity of stored evidence. Casey’s certainty scale provides the integrity classification scheme needed to apply the Biba model. The paper also discusses the benefits of using an integrity-aware system for managing digital evidence.
KeywordsEvidence management Biba integrity model Casey’s certainty scale
- AccessData, Forensic Toolkit (FTK) (http://www.accessdata.com).
- Aprisma, Event correlation in Spectrum and other commercial products (http://www.aprisma.com/literature/white-papers/wp0551.pdf), 2000.
- L. Burns, J. Hellerstein, S. Ma, C. Perng, D. Rabenhorst and D. Taylor, Towards discovery of event correlation rules, Proceedings of the IEEE/IFIP International Symposium on Integrated Network Management, pp. 345–359, 2001.Google Scholar
- E. Casey, Error, uncertainty and loss in digital evidence, International Journal of Digital Evidence, vol. 1(2), 2002.Google Scholar
- H. Doernemann, Tool-based risk management made practical, Proceedings of the IEEE Joint Conference on Requirements Engineering, p. 192, 2002.Google Scholar
- D. Forte, The art of log correlation: Tools and techniques for correlating events and log files, Computer Fraud and Security, pp. 7–11, June 2004.Google Scholar
- L. Gordon, M. Loeb, W. Lucyshyn and R. Richardson, 2006 CSI/FBI Computer Crime and Security Survey, Computer Security Institute (http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI2006.pdf), 2006.
- S. Harris, CISSP Certification, McGraw-Hill Osborne, Emeryville, California, 2005.Google Scholar
- C. Hosmer, Proving the integrity of digital evidence with time, International Journal of Digital Evidence, vol. 1(1), pp. 1–7, 2002.Google Scholar
- R. Morris, Options in computer forensic tools, Computer Fraud and Security, pp. 8–11, November 2002.Google Scholar
- A. Muscat, A log-analysis-based intrusion detection system for the creation of a specification-based intrusion prevention system, Proceedings of the University of Malta Annual Computer Science Research Workshop, 2003.Google Scholar
- National Institute of Standards and Technology (NIST), National Software Reference Library (http://www.nsrl.nist.gov).
- C. Pfleeger and S. Lawrence-Pfleeger, Security in Computing, Prentice Hall, Upper Saddle River, New Jersey, 2003.Google Scholar
- B. Smith, Thinking about security monitoring and event correlation (http://www.lurhq.com/confarticle.htm).
- H. Tipton, Integrity models (http://www.ccert.edu.cn/education/cissp/hism/023-026.html).
- J. Tudor, Information Security Architecture: An Integrated Approach to Security in the Organization, Auerbach/CRC Press, Boca Raton, Florida, 2001.Google Scholar