Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
456196 | Computers & Security | 2008 | 11 Pages |
Abstract
In this paper we examine logging security in the environment of electronic communication providers. We review existing security threat models for system logging and we extend these to a new security model especially suited for communication network providers, which also considers internal modification attacks. We also propose a framework for secure log management in public communication networks as well as an implementation design, in order to provide traceability under the extended security model. A key role to the proposed framework is given to an independent Regulatory Authority, which is responsible to maintain log integrity proofs in a remote environment and verify the integrity of the provider's log files during security audits.
Keywords
Related Topics
Physical Sciences and Engineering
Computer Science
Computer Networks and Communications
Authors
Vassilios Stathopoulos, Panayiotis Kotzanikolaou, Emmanouil Magkos,