Tamper Detection in Audit Logs

Richard T. Snodgrass; Shilong Stanley Yao; Christian Collberg

doi:10.1016/B978-012088469-8.50046-2

Tamper Detection in Audit Logs

Richard T. Snodgrass, Shilong Stanley Yao, Christian Collberg

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Chapter

98 Scopus citations

Abstract

This chapter illustrates the tamper detection in audit logs. These logs are considered good practice for business systems, and are required by federal regulations for secure systems, drug approval data, medical information disclosure, financial records, and electronic voting. Given the central role of audit logs, it is critical that they are correct and inalterable. The chapter proposes mechanisms within a Database Management System (DBMS) based on cryptographically strong one-way hash functions that prevent an intruder, including an auditor or an employee or even an unknown bug within the DBMS itself, from silently corrupting the audit log. It also proposes that the DBMS store additional information in the database to enable a separate audit log validator to examine the database along with this extra information and state conclusively whether the audit log has been compromised.

Original language	English (US)
Title of host publication	Proceedings 2004 VLDB Conference
Subtitle of host publication	The 30th International Conference on Very Large Databases (VLDB)
Publisher	Elsevier
Pages	504-515
Number of pages	12
ISBN (Electronic)	9780120884698
DOIs	https://doi.org/10.1016/B978-012088469-8.50046-2
State	Published - Jan 1 2004

ASJC Scopus subject areas

General Computer Science

Access to Document

10.1016/B978-012088469-8.50046-2

Cite this

@inbook{fccb0fcc990443de89545db90de2b126,

title = "Tamper Detection in Audit Logs",

abstract = "This chapter illustrates the tamper detection in audit logs. These logs are considered good practice for business systems, and are required by federal regulations for secure systems, drug approval data, medical information disclosure, financial records, and electronic voting. Given the central role of audit logs, it is critical that they are correct and inalterable. The chapter proposes mechanisms within a Database Management System (DBMS) based on cryptographically strong one-way hash functions that prevent an intruder, including an auditor or an employee or even an unknown bug within the DBMS itself, from silently corrupting the audit log. It also proposes that the DBMS store additional information in the database to enable a separate audit log validator to examine the database along with this extra information and state conclusively whether the audit log has been compromised.",

author = "Snodgrass, {Richard T.} and Yao, {Shilong Stanley} and Christian Collberg",

year = "2004",

month = jan,

day = "1",

doi = "10.1016/B978-012088469-8.50046-2",

language = "English (US)",

pages = "504--515",

booktitle = "Proceedings 2004 VLDB Conference",

publisher = "Elsevier",

}

TY - CHAP

T1 - Tamper Detection in Audit Logs

AU - Snodgrass, Richard T.

AU - Yao, Shilong Stanley

AU - Collberg, Christian

PY - 2004/1/1

Y1 - 2004/1/1

N2 - This chapter illustrates the tamper detection in audit logs. These logs are considered good practice for business systems, and are required by federal regulations for secure systems, drug approval data, medical information disclosure, financial records, and electronic voting. Given the central role of audit logs, it is critical that they are correct and inalterable. The chapter proposes mechanisms within a Database Management System (DBMS) based on cryptographically strong one-way hash functions that prevent an intruder, including an auditor or an employee or even an unknown bug within the DBMS itself, from silently corrupting the audit log. It also proposes that the DBMS store additional information in the database to enable a separate audit log validator to examine the database along with this extra information and state conclusively whether the audit log has been compromised.

AB - This chapter illustrates the tamper detection in audit logs. These logs are considered good practice for business systems, and are required by federal regulations for secure systems, drug approval data, medical information disclosure, financial records, and electronic voting. Given the central role of audit logs, it is critical that they are correct and inalterable. The chapter proposes mechanisms within a Database Management System (DBMS) based on cryptographically strong one-way hash functions that prevent an intruder, including an auditor or an employee or even an unknown bug within the DBMS itself, from silently corrupting the audit log. It also proposes that the DBMS store additional information in the database to enable a separate audit log validator to examine the database along with this extra information and state conclusively whether the audit log has been compromised.

UR - http://www.scopus.com/inward/record.url?scp=85054455230&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85054455230&partnerID=8YFLogxK

U2 - 10.1016/B978-012088469-8.50046-2

DO - 10.1016/B978-012088469-8.50046-2

M3 - Chapter

AN - SCOPUS:85054455230

SP - 504

EP - 515

BT - Proceedings 2004 VLDB Conference

PB - Elsevier

ER -

Tamper Detection in Audit Logs

Abstract

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this