Secure log management for privacy assurance in electronic communications

Secure log management for privacy assurance in electronic communications

In this paper we examine logging security in the environment of electronic communication providers. We review existing security threat models for system logging and we extend these to a new security model especially suited for communication network providers, which also considers internal modificati...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2008-12, Vol.27 (7), p.298-308
Hauptverfasser: Stathopoulos, Vassilios, Kotzanikolaou, Panayiotis, Magkos, Emmanouil
Format: Artikel
Sprache:eng
Schlagworte:
Communication
Communications networks
Data integrity
Digital signatures
Integrity
Internal attacks
Network providers
Network security
Privacy
Studies
System logging
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper we examine logging security in the environment of electronic communication providers. We review existing security threat models for system logging and we extend these to a new security model especially suited for communication network providers, which also considers internal modification attacks. We also propose a framework for secure log management in public communication networks as well as an implementation design, in order to provide traceability under the extended security model. A key role to the proposed framework is given to an independent Regulatory Authority, which is responsible to maintain log integrity proofs in a remote environment and verify the integrity of the provider's log files during security audits.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2008.07.010