secure audit logging systems secure audit logging systems
play

Secure Audit Logging Systems Secure Audit Logging Systems Richard - PowerPoint PPT Presentation

Mar 16, 2024 •182 likes •701 views

Secure Audit Logging Systems Secure Audit Logging Systems Richard Kramer, Member IEEE Oregon State University 1 How does someone know they have been HACKED!? and WHO did it!? HACKED!? and WHO did it!? 2 Audit Logs in the News!

  1. Secure Audit Logging Systems Secure Audit Logging Systems Richard Kramer, Member IEEE – Oregon State University 1

  2. How does someone know they have been HACKED!?… and WHO did it!? HACKED!?… and WHO did it!? 2

  3. Audit Logs in the News! Audit Logs in the News! “An audit trail that was maintained by the database company NGP VAN appears to show that four Sanders staffers conducted 25 specialized searches of the Clinton campaign's data, including queries for "turnout" and "primary priority" in a 40-minute window.” i d ” 3 Secure Audit Logging Systems with Privacy Preserving - Richard Kramer – Oregon State University

  4. Audit Logs in the News! Audit Logs in the News! “The incident was discovered after the hospital conducted an EHR [Electronic Health Record] audit back in October 2014 When it was first discovered only 14 Health Record] audit back in October 2014. When it was first discovered only 14 individuals had had their PHI compromised.” 4 Secure Audit Logging Systems with Privacy Preserving - Richard Kramer – Oregon State University

  5. Contributions / Agenda: Contributions / Agenda: Provide a survey of Secure Audit Logging and review some important foundational  work: Schneier [3] Crosby [4] Goyal [5] Schneier [3], Crosby [4], Goyal [5],   Provide a detailed review of recent key publications:  Privacy preserving security - Gunnar Hartung, “Secure Audit Logs with Verifiable Privacy preserving security Gunnar Hartung, Secure Audit Logs with Verifiable   Excerpts – Full Version”, ACM, International Association for Cryptologic Research, 2016 [6,7] Multi-level user security with privacy preserving - Se Eun Oh, et al., “ Privacy- M l i l l i i h i i S E Oh l “ P i  preserving audit for broker-based health exchange” , ACM, Proceedings of the 4th ACM conference on data and application security and privacy, 2014 [8,9] Identify potential Future Work and applications for the benefit of Audit Logging for  EHR (Electronic Health Records) related events Provide an up-to-date list of Audit Logging tools and systems… some of them are  FREE! [10] 5 Secure Audit Logging Systems with Privacy Preserving - Richard Kramer – Oregon State University

  6. What is an Audit Log? What is an Audit Log? Secure Audit Logs … are logs that securely store security related … are logs that securely store security related information and events. Audit Logs are required by the government: Examples include [ 1 ]: • Healthcare (HIPAA) • Financial  Reading critical files • Legal  Account changes  Account changes • Privacy Regulations Privacy Regulations  OS changes  Major application changes  Remote access  Application transactions such as recording the sender / recipients of emails 6 Secure Audit Logging Systems with Privacy Preserving - Richard Kramer – Oregon State University

  7. What Generates an Audit Log? What Generates an Audit Log?  Audit Logs are generated from a wide variety of aggregated sources including antivirus software, firewalls, aggregated sources including antivirus software, firewalls, intrusion detection systems , policy making systems [8], and the like. Example [2]: 7 Secure Audit Logging Systems with Privacy Preserving - Richard Kramer – Oregon State University

  8. It’s not enough to simply have an Audit Log It s not enough to simply have an Audit Log The Audit Log needs to be secure. Securing Audit Logs is of the utmost importance because Securing Audit Logs is of the utmost importance because “Bad guys” seek to cover up their malicious activity. Ideally - y 1) We can prevent alteration of the logs 2) We can verify, via analysis that the logs have not been ) fy y g changed 3) We only decrypt portions of the log to preserve privacy The objective of Secure Audit Logging Systems is to protect Audit Logs from being compromised Audit Logs from being compromised. 8 Secure Audit Logging Systems with Privacy Preserving - Richard Kramer – Oregon State University

  9. Overview of the Art Overview of the Art Historically, a number of foundational papers have considered various systems to ensure the privacy and security of Audit i h i d i f A di Logs:  Schneier (1999), “ Secure Audit Logs to Support Computer Forensics ” – Provides methods and systems for protecting an Audit Log such that the Audit Log is secure, even if the server that the Audit Log resides on, is compromised [3]. g , p [ ]  Crosby et al (2009) – “Efficient Data Structures for Tamper-Evident Logging”. In short, Crosby introduced efficient data structures for tamper-evident logging [5] - only parts of the data is exposed [4], thus protecting private information. h i i i f i  Goyal et al (2006), “ Attribute-based Encryption for fine-grained access control of encrypted data”. Protects privacy of the information in the Audit Log based on attributes and user access information in the Audit Log based on attributes and user access levels [5]. 9 Secure Audit Logging Systems with Privacy Preserving - Richard Kramer – Oregon State University

  10. Overview of the Art - Securing Audit Logs Overview of the Art Securing Audit Logs Schneier uses a “Hash Chain”, where new entries added to the log are hashed on top of previously hashed log entries [3]. g p p y g [ ]  Thus if a “bad guy” that took over a log server at some time, Y j , he could not go back and alter the log at time Y not go back and alter the log at time Y j-1 and before and before Time j-1 Time j 10 Secure Audit Logging Systems with Privacy Preserving - Richard Kramer – Oregon State University

  11. Overview of the Art - Securing Audit Logs Overview of the Art Securing Audit Logs Schneier “Hash Chain”: Y j = H(Y j-1 , E Kj (D j ), W j ), where Y j-1 is based on Y j -1 = H(Y j-2, E Kj-1 (D j-1 ), W j-1 ) and so on. Where: W = log entry type (e g File Accessed W log entry type (e.g., File Accessed, Permissions changed, etc.) D = log entry data Y = hash chain entry Z = MAC (Message Authentication Code) Time 11 Secure Audit Logging Systems with Privacy Preserving - Richard Kramer – Oregon State University

  12. Overview of the Art - Detecting Tampering of an Audit Log of an Audit Log Crosby et al (2009) – “Efficient Audit Logs with Verifiable Excerpts” [4]. In short, Crosby introduced efficient data structures for tamper-evident logging [4].  Crosby taught that it was pointless to have tamper resistant logs, if nobody ever looks at the logs to determine if they have been tampered with. Thus Crosby developed “ tamper evident logs ” Thus:  Crosby introduced the notion of a “ commitment ” which he calls a “ snap shots ” of the Audit Log up to a certain point in time shots of the Audit Log up to a certain point in time  Crosby assumes an “ untrusted logger ”, where he used the clients to verify that the “commitments” being provided by the logger are true t at t e co t e ts be g p ov e by t e ogge a e t ue 12 Secure Audit Logging Systems with Privacy Preserving - Richard Kramer – Oregon State University

  13. Overview of the Art - Detecting Tampering of an Audit Log of an Audit Log Crosby method in a nutshell:  The “tamper evident log” is based on Merkle trees where the  The tamper evident log is based on Merkle trees , where the leaves represented the data (events), and the roots contain hashes Tree (or part of it) = a tamper evident summary of the data Merkle/Hash Time T Tree Hashes H h New Logged Data Logged Data CLIENT compares from its CLIENT Requests to validate history versus the pruned log history branch branch Take new tree, delete nodes and rebuild – Do old (saved) and rebuilt hashes match? [4] 13 Secure Audit Logging Systems with Privacy Preserving - Richard Kramer – Oregon State University

  14. Overview of the Art - Detecting Tampering of an Audit Log of an Audit Log Crosby method in a nutshell:  The Merkle Tree nodes are essentially a series of one-time  The Merkle Tree nodes are essentially a series of one time signatures (i.e., Lamport, etc.)  Only data from “pruned trees” that contain the portion of the tree structure and related hashes being checked needs to be sent/checked Crosby further provides:  Privacy preserving (“Private” search) by Audit Logging and exposing attributes about an event , but not the entire event contents itself entire event contents itself 14 Secure Audit Logging Systems with Privacy Preserving - Richard Kramer – Oregon State University

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Audit Principles and Practices Logging and auditing are two of the most unpleasant

Security Audit Principles and Practices Logging and auditing are two of the most unpleasant

Security Audit Principles and Practices Logging and auditing are two of the most unpleasant chores facing information security professionals. Chapter 11 tedious, time-consuming, boring Lecturer: Pei-yih Ting 1 Overview Configuring Logging

401 views • 7 slides
Electronic Logging Devices (ELDs) Reviewing the capabilities of an ELD for use during an audit

Electronic Logging Devices (ELDs) Reviewing the capabilities of an ELD for use during an audit

Electronic Logging Devices (ELDs) Reviewing the capabilities of an ELD for use during an audit Presenter: Soona Lee What well cover today 1. A quick recap on the ELD mandate 2. The key differences between ELD and IFTA record keeping

413 views • 16 slides
ALMA Common Software Basic Track Logging and Error Systems Logging system conceptual overview

ALMA Common Software Basic Track Logging and Error Systems Logging system conceptual overview

ALMA Common Software Basic Track Logging and Error Systems Logging system conceptual overview Logging system The logging system provide status and diagnostic information historical archive filtering capabilities by

305 views • 11 slides
Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows Shiqing Ma , Kyu

Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows Shiqing Ma , Kyu

Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows Shiqing Ma , Kyu Hyung Lee, Chung Hwan Kim, Junghwan Rhee, Xiangyu Zhang, Dongyan Xu Advanced Cyber Attacks (e.g. APTs): What can we do? Defense! Firewall

257 views • 21 slides
Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows Shiqing Ma, Kyu

Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows Shiqing Ma, Kyu

Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows Shiqing Ma, Kyu Hyung Lee, Chung Hwan Kim, Junghwan Rhee, Xiangyu Zhang, Dongyan Xu (ACSAC 15) Presented by Noor Michael CS 563 (Fall 2018) Motivation

399 views • 19 slides
Forensic Audit Logging for PostgreSQL Moshe Jacobson http://cyanaudit.neadwerx.com The Situation

Forensic Audit Logging for PostgreSQL Moshe Jacobson http://cyanaudit.neadwerx.com The Situation

Forensic Audit Logging for PostgreSQL Moshe Jacobson http://cyanaudit.neadwerx.com The Situation Data is mysteriously wrong/missing Legal is asking for records Who, when, how? How to respond? CYA with proof! Application-Level

977 views • 61 slides
Logging and Recovery Module 6, Lectures 3 and 4 If you are going to be in the logging business,

Logging and Recovery Module 6, Lectures 3 and 4 If you are going to be in the logging business,

Logging and Recovery Module 6, Lectures 3 and 4 If you are going to be in the logging business, one of the things that you have to do is to learn about heavy equipment. Robert VanNatta, Logging History of Columbia County Database Management

534 views • 26 slides
CS411 Concurrency control Database Systems Recovery Logging Redo 13: Logging

CS411 Concurrency control Database Systems Recovery Logging Redo 13: Logging

Outline Transaction Atomicity CS411 Concurrency control Database Systems Recovery Logging Redo 13: Logging and Recovery Undo Redo/undo Kazuhiro Minami Users and DB Programs Transaction DB

424 views • 13 slides
RPC / failure 1 last time redo logging (fjnish) (weird?) choice not to use redo logging for

RPC / failure 1 last time redo logging (fjnish) (weird?) choice not to use redo logging for

RPC / failure 1 last time redo logging (fjnish) (weird?) choice not to use redo logging for everything reasons to use distributed systems mailbox and connnection models names versus addresses domain name system distributed, hierarchical

873 views • 75 slides
Secure Systems Engineering Chester Rebeiro Indian Institute of Technology Madras Secure Systems

Secure Systems Engineering Chester Rebeiro Indian Institute of Technology Madras Secure Systems

Secure Systems Engineering Chester Rebeiro Indian Institute of Technology Madras Secure Systems Computer systems can be considered a closed box. Informa8on in the box is safe as long as nothing enters or leaves the box. Systems S8ll

206 views • 16 slides
Secure logging syslog-ng w i t h F o r w a r d i n t e g r i t y a n d c

Secure logging syslog-ng w i t h F o r w a r d i n t e g r i t y a n d c

Secure logging syslog-ng w i t h F o r w a r d i n t e g r i t y a n d c o n f i d e n t i a l i t y o f s y s t e m l o g s S t e p h a n M a r w e d e l F O S D E M 2 0 2

412 views • 16 slides
Logging Por$ons courtesy Ellen Liu CSE/ISE 311: Systems

Logging Por$ons courtesy Ellen Liu CSE/ISE 311: Systems

CSE/ISE 311: Systems Administra5on Logging Por$ons courtesy Ellen Liu CSE/ISE 311: Systems Administra5on Outline Introduc$on Finding log files Syslog:

547 views • 21 slides
Debugging & Logging Java Logging Java has built-in support for logging Logs contain

Debugging & Logging Java Logging Java has built-in support for logging Logs contain

Debugging & Logging Java Logging Java has built-in support for logging Logs contain messages that provide information to Software developers (e.g., debugging) System administrators Customer support agents Programs send

254 views • 10 slides
TomskGAZPROMgeofjzika Company Profjle { Logging while drilling { Production logging for reservoir

TomskGAZPROMgeofjzika Company Profjle { Logging while drilling { Production logging for reservoir

TomskGAZPROMgeofjzika Geophysical Services We provide full range of well logging and mud logging op- erations, cement quality control, MWD and well engineering services throughout Western and Eastern Siberia. Over 15 years of top quality

554 views • 31 slides
Transaction Logging Unleashed with NVRAM Tianzheng Wang Ryan Johnson No, Im not talking

Transaction Logging Unleashed with NVRAM Tianzheng Wang Ryan Johnson No, Im not talking

Transaction Logging Unleashed with NVRAM Tianzheng Wang Ryan Johnson No, Im not talking about the syslog 1 Write-ahead logging Used by most transactional systems Databases , file systems Reliability Everything goes to

452 views • 23 slides
LHC LOGGING Timeline of t he proj ect , resources Cont ext : where does logging f it in? Basic

LHC LOGGING Timeline of t he proj ect , resources Cont ext : where does logging f it in? Basic

Outline Launching of t he LHC Logging proj ect Mandat e, scope and obj ect ives LHC LOGGING Timeline of t he proj ect , resources Cont ext : where does logging f it in? Basic f unct ionalit ies Filt ering of dat a I nt erf acing t o ot

667 views • 3 slides
Utica Community Schools Board Presentation Utica Community Schools 2 Key Audit Highlights:

Utica Community Schools Board Presentation Utica Community Schools 2 Key Audit Highlights:

Utica Community Schools Board Presentation Utica Community Schools 2 Key Audit Highlights: 2016-2017 Audit Results Rating of Excellent 14 th straight year receiving an Unmodified Opinion with no findings Uniform Budgeting Act

368 views • 12 slides
and Acco countab untability ility Require uireme ments nts Association of Florida

and Acco countab untability ility Require uireme ments nts Association of Florida

An Overview view of Special cial Dist strict rict Basics ics and Acco countab untability ility Require uireme ments nts Association of Florida Conservation Districts Jack Gaskins ns Jr., Special District Accountability Program July

628 views • 35 slides
Results of 2018 19 Audits: Local Government Tabled 27 November 2019 This presentation

Results of 2018 19 Audits: Local Government Tabled 27 November 2019 This presentation

Slide 1 Results of 2018 19 Audits: Local Government Tabled 27 November 2019 This presentation provides an overview of the Auditor-Generals report on the Results of 2018-19 Audits for Local Government. Slide 2 Overview Results of our 2018

539 views • 12 slides
OVERVIEW Background on Canadian standard setting and audit inspection regimes Impact of

OVERVIEW Background on Canadian standard setting and audit inspection regimes Impact of

OVERVIEW Background on Canadian standard setting and audit inspection regimes Impact of 2008-2009 credit crisis in Canada What we are doing in Canada 1 BACK GROUND ON CANADIAN STANDARD SETTING AND AUDIT INSPECTION REGIMES ISAs

546 views • 15 slides
48 th Annual Meeting Best Practices in Handling Audits and Appeals Mark Holcomb Curtis Osterloh

48 th Annual Meeting Best Practices in Handling Audits and Appeals Mark Holcomb Curtis Osterloh

48 th Annual Meeting Best Practices in Handling Audits and Appeals Mark Holcomb Curtis Osterloh John Trippier Dean Mead Scott Douglass Zaino Hall Tallahassee, FL Austin, TX Columbus, OH Council On State Taxation LEARNING OUTCOMES

807 views • 48 slides
to Green Mountain Care Board October 17, 2018 Mike Smith, President & Chief Executive Officer

to Green Mountain Care Board October 17, 2018 Mike Smith, President & Chief Executive Officer

VITL Presentation to Green Mountain Care Board October 17, 2018 Mike Smith, President & Chief Executive Officer Robert Turnau, Chief Financial Officer Frank Harris, Strategic Technology Advisor Kristina Choquette, Chief Operating Officer

192 views • 18 slides
INSIGHT TO GET IT RIGHT: PREPARING FOR 2017 AUDIT & TAX FILINGS June 13, 2017 Nick Wallace,

INSIGHT TO GET IT RIGHT: PREPARING FOR 2017 AUDIT & TAX FILINGS June 13, 2017 Nick Wallace,

6/12/2017 INSIGHT TO GET IT RIGHT: PREPARING FOR 2017 AUDIT & TAX FILINGS June 13, 2017 Nick Wallace, CPA Nicole Fishback, CPA Director Director nwallace@bkd.com nfishback@bkd.com 1 6/12/2017 TO RECEIVE CPE CREDIT Participate in

454 views • 32 slides
Web Application Incident Response & Forensics: A Whole New Ball Game! Chuck Willis

Web Application Incident Response & Forensics: A Whole New Ball Game! Chuck Willis

Web Application Incident Response & Forensics: A Whole New Ball Game! Chuck Willis chuck.willis@mandiant.com Rohyt Belani rohyt.belani@intrepidusgroup.com Black Hat Briefings DC 2007 February 28, 2007 Company Overviews MANDIANT

1.38k views • 69 slides

More recommend