Continuous Tamper-Proof Logging Using TPM 2.0

  • Arunesh Sinha
  • Limin Jia
  • Paul England
  • Jacob R. Lorch
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8564)

Abstract

Auditing system logs is an important means of ensuring systems’ security in situations where run-time security mechanisms are not sufficient to completely prevent potentially malicious activities. A fundamental requirement for reliable auditing is the integrity of the log entries. This paper presents an infrastructure for secure logging that is capable of detecting the tampering of logs by powerful adversaries residing on the device where logs are generated. We rely on novel features of trusted hardware (TPM) to ensure the continuity of the logging infrastructure across power cycles without help from a remote server. Our infrastructure also addresses practical concerns including how to handle high-frequency log updates, how to conserve disk space for storing logs, and how to efficiently verify an arbitrary subset of the log. Importantly, we formally state the tamper-proofness guarantee of our infrastructure and verify that our basic secure logging protocol provides the desired guarantee. To demonstrate that our infrastructure is practical, we implement a prototype and evaluate its performance.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Arunesh Sinha
    • 1
  • Limin Jia
    • 1
  • Paul England
    • 2
  • Jacob R. Lorch
    • 2
  1. 1.Carnegie Mellon UniversityPittsburghUSA
  2. 2.Microsoft ResearchRedmondUSA

Personalised recommendations