Trustworthy Log Reconciliation for Distributed Virtual Organisations

  • Jun Ho Huh
  • John Lyle
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5471)

Abstract

Secure management of logs in an organisational grid environment is often considered a task of low priority. However, it must be rapidly upgraded when the logs have security properties in their own right. We present several use cases where log integrity and confidentiality are essential, and propose a log reconciliation architecture in which both are ensured. We use a combination of trusted computing and virtualization to enable blind log analysis, allowing users to see the results of legitimate queries, while still withholding access to privileged raw data.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Trusted computing group backgrounder (October 2006), https://www.trustedcomputinggroup.org/about/
  2. 2.
    Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T.: Xen and the art of virtualization. Technical report, University of Cambridge, Computer Laboratory (2003)Google Scholar
  3. 3.
    Byrom, R., Cordenonsi, R., Cornwall, L., Craig, M., Djaoui, A., Duncan, A., Fisher, S.: Apel: An implementation of grid accounting using r-gma. Technical report, CCLRC - Rutherford Appleton Laboratory, Queen Mary - University of London (2005)Google Scholar
  4. 4.
    Cooper, A., Martin, A.: Trusted delegation for grid computing. In: The Second Workshop on Advances in Trusted Computing (2006)Google Scholar
  5. 5.
    de Alfonso, C., Caballer, M., Carrión, J.V., Hernández, V.: Distributed general logging architecture for grid environments. In: Daydé, M., Palma, J.M.L.M., Coutinho, Á.L.G.A., Pacitti, E., Lopes, J.C. (eds.) VECPAR 2006. LNCS, vol. 4395, pp. 589–600. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    England, P.: Practical techniques for operating system attestation. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 1–13. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Grawrock, D.: The Intel Safer Computing Initiative, pp. 3–31. Intel Press (2006)Google Scholar
  8. 8.
    Huh, J.H., Martin, A.: Trusted logging for grid computing. In: 3rd Asia-Pacific Trusted Infrastructure Technologies Conference, China (2008)Google Scholar
  9. 9.
    Lincoln, P., Porras, P., Shmatikov, V.: Privacy-preserving sharing and correction of security alerts. In: 13th conference on USENIX Security Symposium, p. 17 (2004)Google Scholar
  10. 10.
    Maguire, T., Snelling, D.: Web services service group 1.2 (ws-servicegroup). Technical report, OASIS Open (June 2004)Google Scholar
  11. 11.
    Ng, H.-K., Ho, Q.-T., Lee, B.-S., Lim, D., Ong, Y.-S., Cai, W.: Nanyang campus inter-organization grid monitoring system. Technical report, Grid Operation and Training Center, School of Computer Engineering - Nanyang Technological University (2005)Google Scholar
  12. 12.
    Pang, R.: A high-level programming environment for packet trace anonymization and transformation. In: ACM SIGCOMM Conference, Germany (2003)Google Scholar
  13. 13.
    Piro, R.M.: Datagrid accounting system - basic concepts and current status. Workshop on e-Infrastructures (May 2005)Google Scholar
  14. 14.
    Piro, R.M., Guarise, A., Werbrouck, A.: An economy-based accounting infrastructure for the datagrid. In: Fourth International Workshop on Grid Computing (2003)Google Scholar
  15. 15.
    Power, D.J., Politou, E.A., Slaymaker, M.A., Simpson, A.C.: Towards secure grid-enabled healthcare. Software Practice And Experience (2002)Google Scholar
  16. 16.
    Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: Caring about properties, not mechanisms. In: NSPW 2004: Proceedings of the 2004 workshop on New security paradigms. ACM Press, New York (2004)Google Scholar
  17. 17.
    Simpson, A., Power, D., Slaymaker, M.: On tracker attacks in health grids. In: 2006 ACM Symposium on Applied Computing, pp. 209–216 (2006)Google Scholar
  18. 18.
    Skene, J., Skene, A., Crampton, J., Emmerich, W.: The monitorability of service-level agreements for application-service provision. In: 6th International Workshop on Software and Performance, pp. 3–14 (2007)Google Scholar
  19. 19.
    Slagell, A., Lakkaraju, K., Luo, K.: Flaim: A multi-level anonymization framework for computer and network logs. In: 20th Large Installation System Administration Conference (2006)Google Scholar
  20. 20.
    Tierney, B., Gunter, D.: Netlogger: A toolkit for distributed system performance tuning and debugging. Technical report, Lawrence Berkeley National Laboratory (December 2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Jun Ho Huh
    • 1
  • John Lyle
    • 1
  1. 1.Computing LaboratoryOxford UniversityOxfordUK

Personalised recommendations