N.A. Quynh and Y. Takefuji (Japan)
Xen virtual machine, Linux, central logging, secured logging 1.
Logging data is a valuable and an important information to reveal the attacker's activities and to recover broken system. Unfortunately, once the attacker successfully penetrates a protected system, he never fails to either modify the logging data, or even worse, delete them to cover his traces. To avoid such a disaster, it is best to keep logging data in another machine by forwarding them to a central logging server. However, this approach has a flaw: while transmitting on network, the data could be illegally sniffed or the traffic might be secretly redirected to a malicious machine. This paper proposes a novel method named Xenlog to secure logging data for systems run on Xen virtual machine: the solution does not use network stack to send data. Experimental and resulted tool proves that this approach is more secure than the traditional solution, while logging process is far more effective (nearly 21 times faster) and more reliable.
Important Links:
Go Back