Skip to main content
SpringerLink
Log in

Correct Audit Logging: Theory and Practice

  • Conference paper
Principles of Security and Trust (POST 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9635))

Included in the following conference series:

Abstract

Retrospective security has become increasingly important to the theory and practice of cyber security, with auditing a crucial component of it. However, in systems where auditing is used, programs are typically instrumented to generate audit logs using manual, ad-hoc strategies. This is a potential source of error even if log analysis techniques are formal, since the relation of the log itself to program execution is unclear. This paper focuses on provably correct program rewriting algorithms for instrumenting formal logging specifications. Correctness guarantees that the execution of an instrumented program produces sound and complete audit logs, properties defined by an information containment relation between logs and the program’s logging semantics. We also propose a program rewriting approach to instrumentation for audit log generation, in a manner that guarantees correct log generation even for untrusted programs. As a case study, we develop such a tool for OpenMRS, a popular medical records management system, and consider instrumentation of break the glass policies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The proofs of Theorems 1–5 in this text are omitted for brevity, but are available in a related Technical Report [3].

  2. 2.

    We use metavariable \(\mathbf {\mathfrak {p}}\) to range over programs in either the source or target language; it will be clear from context which language is used.

  3. 3.

    While \(\varLambda _{\mathrm {call}}\) expressions and evaluation contexts appear as predicate arguments, their syntax can be written as string literals to conform to typical Datalog or Prolog syntax.

References

  1. Allan, C., Avgustinov, P., Christensen, A.S., Hendren, L.J., Kuzins, S., Lhoták, O., de Moor, O., Sereni, D., Sittampalam, G., Tibble, J.: Adding trace matching with free variables to AspectJ. OOPSLA 2005, 345–364 (2005)

    MATH  Google Scholar 

  2. Amir-Mohammadian, S., Chong, S., Skalka, C.: Retrospective Security Module for OpenMRS (2015). https://github.com/sepehram/retro-security-openmrs

  3. Amir-Mohammadian, S., Chong, S., Skalka, C.: The theory and practice of correct audit logging. Technical report, University of Vermont, October 2015. https://www.uvm.edu/~samirmoh/TR/TR_Audit.pdf

  4. Bauer, L., Ligatti, J., Walker, D.: More enforceable security policies. Technical report TR-649-02, Princeton University, June 2002

    Google Scholar 

  5. Belhajjame, K., B’Far, R., Cheney, J., Coppens, S., Cresswell, S., Gil, Y., Groth, P., Klyne, G., Lebo, T., McCusker, J., Miles, S., Myers, J., Sahoo, S., Tilmes, C.: PROV-DM: the PROV data model. (2013). http://www.w3.org/TR/2013/REC-prov-dm-20130430. Accessed 07 February 2015

  6. Biswas, D., Niemi, V.: Transforming privacy policies to auditing specifications. HASE 2011, 368–375 (2011)

    Google Scholar 

  7. Böck, B., Huemer, D., Tjoa, A.M.: Towards more trustable log files for digital forensics by means of trusted computing. In: AINA 2010, pp. 1020–1027. IEEE Computer Society (2010)

    Google Scholar 

  8. Buneman, P., Chapman, A., Cheney, J.: Provenance management in curated databases. SIGMOD 2006, 539–550 (2006)

    Google Scholar 

  9. Buneman, P., Khanna, S., Tan, W.-C.: Why and where: a characterization of data provenance. In: Bussche, J., Vianu, V. (eds.) ICDT 2001. LNCS, vol. 1973, pp. 316–330. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  10. Cederquist, J.G., Corin, R., Dekker, M.A.C., Etalle, S., den Hartog, J.I., Lenzini, G.: Audit-based compliance control. Int. J. Inf. Secur. 6(2–3), 133–151 (2007)

    Article  Google Scholar 

  11. Ceri, S., Gottlob, G., Tanca, L.: What you always wanted to know about Datalog (and never dared to ask). IEEE Trans. Knowl. Data Eng. 1(1), 146–166 (1989)

    Article  Google Scholar 

  12. Cheney, J.: A formal framework for provenance security. CSF 2011, 281–293 (2011)

    Google Scholar 

  13. Cheney, J.: Semantics of the PROV data model (2013). http://www.w3.org/TR/2013/NOTE-prov-sem-20130430. Accessed 07 February 2015

  14. Chuvakin, A.: Beautiful log handling. In: Oram, A., Viega, J. (eds.) Beautiful security: leading security experts explain how they think. O’Reilly Media Inc. (2009)

    Google Scholar 

  15. Cook, D., Hartnett, J., Manderson, K., Scanlan, J.: Catching spam before it arrives: domain specific dynamic blacklists. In: AusGrid 2006, pp. 193–202. Australian Computer Society, Inc.(2006)

    Google Scholar 

  16. Corin, R., Etalle, S., den Hartog, J.I., Lenzini, G., Staicu, I.: A logic for auditing accountability in decentralized systems. FAST 2004, 187–201 (2004)

    Google Scholar 

  17. CPMC Press Release: Audit finds employee access to patient files without apparent business or treatment purpose (2015). http://www.cpmc.org/about/press/News2015/phi.html. 30 January 2015

  18. Datta, A., Blocki, J., Christin, N., DeYoung, H., Garg, D., Jia, L., Kaynar, D., Sinha, A.: Understanding and protecting privacy: formal semantics and principled audit mechanisms. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 1–27. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  19. DeYoung, H., Garg, D., Jia, L., Kaynar, D., Datta, A.: Privacy policy specification and audit in a fixed-point logic: How to enforce HIPAA, GLBA, and all that. Technical report CMU-CyLab-10-008, Carnegie Mellon University, April 2010

    Google Scholar 

  20. DeYoung, H., Garg, D., Jia, L., Kaynar, D.K., Datta, A.: Experiences in the logical specification of the HIPAA and GLBA privacy laws. WPES 2010, 73–82 (2010)

    Google Scholar 

  21. Erlingsson, Ú.: The inlined reference monitor approach to security policy enforcement. Ph.D. thesis, Cornell University (2003)

    Google Scholar 

  22. Etalle, S., Winsborough, W.H.: A posteriori compliance control. SACMAT 2007, 11–20 (2007)

    Article  Google Scholar 

  23. Fu, Q., Zhu, J., Hu, W., Lou, J., Ding, R., Lin, Q., Zhang, D., Xie, T.: Where do developers log? an empirical study on logging practices in industry. ICSE 2014, 24–33 (2014)

    Google Scholar 

  24. Garg, D., Jia, L., Datta, A.: Policy auditing over incomplete logs: theory, implementation and applications. CCS 2011, 151–162 (2011)

    Google Scholar 

  25. Guts, N., Fournet, C., Zappa Nardelli, F.: Reliable evidence: auditability by typing. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 168–183. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  26. Hasan, R., Sion, R., Winslett, M.: The case of the fake Picasso: preventing history forgery with secures provenance. FAST 2009, 1–14 (2009)

    Google Scholar 

  27. InterProlog Consulting: Logic for your app (2014). http://interprolog.com/. Accessed 27 September 2015

  28. Jagadeesan, R., Jeffrey, A., Pitcher, C., Riely, J.: Towards a theory of accountability and audit. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 152–167. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  29. Kemmerer, R.A., Vigna, G.: Intrusion detection: a brief history and overview. Computer 35(4), 27–30 (2002)

    Article  Google Scholar 

  30. King, J.T., Smith, B., Williams, L.: Modifying without a trace: General audit guidelines are inadequate for open-source electronic health record audit mechanisms. In: IHI 2012, pp. 305–314. ACM (2012)

    Google Scholar 

  31. Kohlas, J.: Information Algebras: Generic Structures For Inference. Discrete mathematics and theoretical computer science. Springer, London (2003)

    Book  MATH  Google Scholar 

  32. Kohlas, J., Schmid, J.: An algebraic theory of information: an introduction and survey. Information 5(2), 219–254 (2014)

    Article  Google Scholar 

  33. Lampson, B.W.: Computer security in the real world. IEEE Computer 37(6), 37–46 (2004)

    Article  Google Scholar 

  34. Martin, M., Livshits, B., Lam, M.S.: Finding application errors and security flaws using PQL: a program query language. In: OOPSLA 2005, pp. 365–383. ACM (2005)

    Google Scholar 

  35. Matthews, P., Gaebel, H.: Break the glass. In: HIE Topic Series. Healthcare Information and Management Systems Society (2009). http://www.himss.org/files/himssorg/content/files/090909breaktheglass.pdf

  36. Povey, D.: Optimistic security: a new access control paradigm. NSPW 1999, 40–45 (1999)

    Google Scholar 

  37. Rizvi, S.Z., Fong, P.W.L., Crampton, J., Sellwood, J.: Relationship-based access control for an open-source medical records system. SACMAT 2015, 113–124 (2015)

    Article  Google Scholar 

  38. Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)

    Article  Google Scholar 

  39. Vaughan, J.A., Jia, L., Mazurak, K., Zdancewic, S.: Evidence-based audit. CSF 2008, 177–191 (2008)

    Google Scholar 

  40. Weitzner, D.J.: Beyond secrecy: new privacy protection strategies for open information spaces. IEEE Internet Comput. 11(5), 94–96 (2007)

    Article  Google Scholar 

  41. Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J.A., Sussman, G.J.: Information accountability. Commun. ACM 51(6), 82–87 (2008)

    Article  Google Scholar 

  42. Zhang, W., Chen, Y., Cybulski, T., Fabbri, D., Gunter, C.A., Lawlor, P., Liebovitz, D.M., Malin, B.: Decide now or decide later? Quantifying the tradeoff between prospective and retrospective access decisions. CCS 2014, 1182–1192 (2014)

    Google Scholar 

  43. Zheng, A.X., Jordan, M.I., Liblit, B., Naik, M., Aiken, A.: Statistical debugging: simultaneous identification of multiple bugs. In: ICML 2006, pp. 1105–1112. ACM (2006)

    Google Scholar 

Download references

Acknowledgement

This work is supported in part by the National Science Foundation under Grant No. 1408801 and Grant No. 1054172, and by the Air Force Office of Scientific Research.

Author information

Authors and Affiliations

  1. University of Vermont, Burlington, USA

    Sepehr Amir-Mohammadian & Christian Skalka

  2. Harvard University, Cambridge, USA

    Stephen Chong

Authors
  1. Sepehr Amir-Mohammadian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stephen Chong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christian Skalka
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sepehr Amir-Mohammadian .

Editor information

Editors and Affiliations

  1. KU Leuven, Leuven, Belgium

    Frank Piessens

  2. King’s College London, London, UK

    Luca Viganò

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Amir-Mohammadian, S., Chong, S., Skalka, C. (2016). Correct Audit Logging: Theory and Practice. In: Piessens, F., Viganò, L. (eds) Principles of Security and Trust. POST 2016. Lecture Notes in Computer Science(), vol 9635. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-49635-0_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-49635-0_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-49634-3

  • Online ISBN: 978-3-662-49635-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation