Daniel Sandler, Kyle Derr, Scott A. Crosby, D. Wallach
{"title":"在可篡改日志中查找证据","authors":"Daniel Sandler, Kyle Derr, Scott A. Crosby, D. Wallach","doi":"10.1109/SADFE.2008.22","DOIUrl":null,"url":null,"abstract":"Secure logs are powerful tools for building systems that must resist forgery, prove temporal relationships, and stand up to forensic scrutiny. The proofs of order and integrity encoded in these tamper-evident chronological records, typically built using hash chaining, may be used by applications to enforce operating constraints or sound alarms at suspicious activity. However, existing research stops short of discussing how one might go about automatically determining whether a given secure log satisfies a given set of constraints on its records. In this paper, we discuss our work on Querifier, a tool that accomplishes this. It can be used offline as an analyzer for static logs, or online during the runtime of a logging application. Querifier rules are written in a flexible pattern-matching language that adapts to arbitrary log structures; given a set of rules and available log data, Querifier presents evidence of correctness and offers counterexamples if desired. We describe Querfier's implementation and offer early performance results.","PeriodicalId":391486,"journal":{"name":"2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Finding the Evidence in Tamper-Evident Logs\",\"authors\":\"Daniel Sandler, Kyle Derr, Scott A. Crosby, D. Wallach\",\"doi\":\"10.1109/SADFE.2008.22\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Secure logs are powerful tools for building systems that must resist forgery, prove temporal relationships, and stand up to forensic scrutiny. The proofs of order and integrity encoded in these tamper-evident chronological records, typically built using hash chaining, may be used by applications to enforce operating constraints or sound alarms at suspicious activity. However, existing research stops short of discussing how one might go about automatically determining whether a given secure log satisfies a given set of constraints on its records. In this paper, we discuss our work on Querifier, a tool that accomplishes this. It can be used offline as an analyzer for static logs, or online during the runtime of a logging application. Querifier rules are written in a flexible pattern-matching language that adapts to arbitrary log structures; given a set of rules and available log data, Querifier presents evidence of correctness and offers counterexamples if desired. We describe Querfier's implementation and offer early performance results.\",\"PeriodicalId\":391486,\"journal\":{\"name\":\"2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering\",\"volume\":\"21 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-05-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SADFE.2008.22\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SADFE.2008.22","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Secure logs are powerful tools for building systems that must resist forgery, prove temporal relationships, and stand up to forensic scrutiny. The proofs of order and integrity encoded in these tamper-evident chronological records, typically built using hash chaining, may be used by applications to enforce operating constraints or sound alarms at suspicious activity. However, existing research stops short of discussing how one might go about automatically determining whether a given secure log satisfies a given set of constraints on its records. In this paper, we discuss our work on Querifier, a tool that accomplishes this. It can be used offline as an analyzer for static logs, or online during the runtime of a logging application. Querifier rules are written in a flexible pattern-matching language that adapts to arbitrary log structures; given a set of rules and available log data, Querifier presents evidence of correctness and offers counterexamples if desired. We describe Querfier's implementation and offer early performance results.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
