Abstract | ||
---|---|---|
In this paper we examine logging security in the environment of electronic communication providers. We review existing security threat models for system logging and we extend these to a new security model especially suited for communication network providers, which also considers internal modification attacks. We also propose a framework for secure log management in public communication networks as well as an implementation design, in order to provide traceability under the extended security model. A key role to the proposed framework is given to an independent Regulatory Authority, which is responsible to maintain log integrity proofs in a remote environment and verify the integrity of the provider's log files during security audits. |
Year | DOI | Venue |
---|---|---|
2008 | 10.1016/j.cose.2008.07.010 | Computers & Security |
Keywords | Field | DocType |
internal attacks,network providers,digital signatures,system logging,integrity,security model,digital signature | Internet privacy,Audit,Computer science,Computer security,Threat model,Digital signature,Security service,Log management,Security information and event management,Traceability,Computer security model | Journal |
Volume | Issue | ISSN |
27 | 7-8 | Computers & Security |
Citations | PageRank | References |
4 | 0.58 | 12 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Vassilios Stathopoulos | 1 | 355 | 16.41 |
panayiotis kotzanikolaou | 2 | 363 | 28.70 |
Emmanouil Magkos | 3 | 217 | 24.01 |