Trusted Logging for Grid Computing
The rise of many kinds of grid systems, and associated security threats, makes very necessary the provision of trustworthy services for audit and logging. However, existing solutions tend to put little emphasis on the security of logging. We present a number of use cases where the logs have security properties in their own rights, and so the logs themselves are highly privileged: hence, these need to be integrity and confidentiality protected while being generated, accessed, reconciled and analysed with distributed services spanning across multiple administrative domains. We derive a common set of secure logging requirements to address the security gaps which exist between these use cases and existing solutions.From the requirements, we propose a novel logging architecture for the grid based on Virtual Machine (VM) isolation and trusted computing capabilities: a small number of privileged driver VMs trigger all trusted logging requests and forward them to the secure logging service running within the log security manager. The logging service verifies the integrity of the log data and the security configurations of these driver VMs (log generators) before storing the logs.
Jun Ho Huh Andrew Martin
Oxford University Computing Laboratory Wolfson Building, Parks Road Oxford, OX1 3QD
国际会议
Third Asia-Pacific Trusted Infrastructure Technologies Conference(第三届亚太地区可信基础架构技术大会)(APTC 2008)
武汉
英文
30-42
2008-10-14(万方平台首次上网日期,不代表论文的发表时间)