海报:不可否认的网络安全日志系统

Proceedings of the 28th ACM Symposium on Access Control Models and Technologies Pub Date : 2023-05-24 DOI:10.1145/3589608.3595080

Kosei Akama, Seki Makino, Masaaki Sato, K. Uehara

{"title":"海报:不可否认的网络安全日志系统","authors":"Kosei Akama, Seki Makino, Masaaki Sato, K. Uehara","doi":"10.1145/3589608.3595080","DOIUrl":null,"url":null,"abstract":"To resolve disputes between servicers providing web services and their users, non-repudiable evidence is crucial because it allows one party to dismiss the denial of facts or false allegations. We propose a logger that securely records web requests and responses in a Trusted Execution Environment (TEE) to generate non-repudiable evidence for web services, which we call LogNEWT: Logger for Non-rEpudiation of Web with TEE. LogNEWT solves security issues in deploying LibSEAL to practical web services, i.e., logger-bypassing, undefined user management, and complex logger verification. In addition, LogNEWT can be transparently deployed to the existing web services.","PeriodicalId":124020,"journal":{"name":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Poster: Non-repudiable Secure Logging System for the Web\",\"authors\":\"Kosei Akama, Seki Makino, Masaaki Sato, K. Uehara\",\"doi\":\"10.1145/3589608.3595080\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To resolve disputes between servicers providing web services and their users, non-repudiable evidence is crucial because it allows one party to dismiss the denial of facts or false allegations. We propose a logger that securely records web requests and responses in a Trusted Execution Environment (TEE) to generate non-repudiable evidence for web services, which we call LogNEWT: Logger for Non-rEpudiation of Web with TEE. LogNEWT solves security issues in deploying LibSEAL to practical web services, i.e., logger-bypassing, undefined user management, and complex logger verification. In addition, LogNEWT can be transparently deployed to the existing web services.\",\"PeriodicalId\":124020,\"journal\":{\"name\":\"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies\",\"volume\":\"31 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-05-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3589608.3595080\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3589608.3595080","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

要解决提供web服务的服务提供商与其用户之间的纠纷，不可否认的证据至关重要，因为它允许一方驳回对事实的否认或虚假指控。我们提出了一个日志记录器，它在可信执行环境(TEE)中安全地记录web请求和响应，为web服务生成不可否认的证据，我们称之为LogNEWT:具有TEE的web不可否认记录器。LogNEWT解决了将LibSEAL部署到实际web服务中的安全问题，例如，绕过记录器、未定义的用户管理和复杂的记录器验证。此外，LogNEWT可以透明地部署到现有的web服务中。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Poster: Non-repudiable Secure Logging System for the Web

To resolve disputes between servicers providing web services and their users, non-repudiable evidence is crucial because it allows one party to dismiss the denial of facts or false allegations. We propose a logger that securely records web requests and responses in a Trusted Execution Environment (TEE) to generate non-repudiable evidence for web services, which we call LogNEWT: Logger for Non-rEpudiation of Web with TEE. LogNEWT solves security issues in deploying LibSEAL to practical web services, i.e., logger-bypassing, undefined user management, and complex logger verification. In addition, LogNEWT can be transparently deployed to the existing web services.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 28th ACM Symposium on Access Control Models and Technologies

自引率

0.00%

发文量