A secure virtualized logging scheme for digital forensics in comparison with kernel module approach

Bin Hui Chou; Kohei Tatara; Taketoshi Sakuraba; Yoshiaki Hori; Kouichi Sakurai

doi:10.1109/ISA.2008.96

A secure virtualized logging scheme for digital forensics in comparison with kernel module approach

Bin Hui Chou, Kohei Tatara, Taketoshi Sakuraba, Yoshiaki Hori, Kouichi Sakurai

Mathematical Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

Abstract

Digital forensics encompasses the process of identifying the perpetrator and the criminal method by analyzing the logs generated in the computer. Log files record the activities of the computer and by reading them one can know what kind of event happened at a certain time. Therefore, secure logs with the integrity property are essential. In this paper, we discuss two approaches to achieve the integrity of logsthe kernel module and virtualization, and compare them. Although virtualization is more inefficient in performance than the kernel module, it provides more security properties for logs. Thus, we then focus on the virtualization approach with a detailed proposal, which describes ways to preserve logs without tampering and deletion.

Original language	English
Title of host publication	Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008
Pages	421-426
Number of pages	6
DOIs	https://doi.org/10.1109/ISA.2008.96
Publication status	Published - 2008
Event	2nd International Conference on Information Security and Assurance, ISA 2008 - Busan, Korea, Republic of Duration: Apr 24 2008 → Apr 26 2008

Publication series

Name	Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

Other

Other	2nd International Conference on Information Security and Assurance, ISA 2008
Country/Territory	Korea, Republic of
City	Busan
Period	4/24/08 → 4/26/08

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Information Systems and Management
Electrical and Electronic Engineering
Communication

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/ISA.2008.96

Cite this

Chou, B. H., Tatara, K., Sakuraba, T., Hori, Y., & Sakurai, K. (2008). A secure virtualized logging scheme for digital forensics in comparison with kernel module approach. In Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008 (pp. 421-426). [4511604] (Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008). https://doi.org/10.1109/ISA.2008.96

A secure virtualized logging scheme for digital forensics in comparison with kernel module approach. / Chou, Bin Hui; Tatara, Kohei; Sakuraba, Taketoshi et al.
Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008. 2008. p. 421-426 4511604 (Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Chou, BH, Tatara, K, Sakuraba, T, Hori, Y & Sakurai, K 2008, A secure virtualized logging scheme for digital forensics in comparison with kernel module approach. in Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008., 4511604, Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008, pp. 421-426, 2nd International Conference on Information Security and Assurance, ISA 2008, Busan, Korea, Republic of, 4/24/08. https://doi.org/10.1109/ISA.2008.96

Chou BH, Tatara K, Sakuraba T, Hori Y, Sakurai K. A secure virtualized logging scheme for digital forensics in comparison with kernel module approach. In Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008. 2008. p. 421-426. 4511604. (Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008). doi: 10.1109/ISA.2008.96

Chou, Bin Hui ; Tatara, Kohei ; Sakuraba, Taketoshi et al. / A secure virtualized logging scheme for digital forensics in comparison with kernel module approach. Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008. 2008. pp. 421-426 (Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008).

@inproceedings{d0ecc003f45b4a92854277d87e347883,

title = "A secure virtualized logging scheme for digital forensics in comparison with kernel module approach",

abstract = "Digital forensics encompasses the process of identifying the perpetrator and the criminal method by analyzing the logs generated in the computer. Log files record the activities of the computer and by reading them one can know what kind of event happened at a certain time. Therefore, secure logs with the integrity property are essential. In this paper, we discuss two approaches to achieve the integrity of logsthe kernel module and virtualization, and compare them. Although virtualization is more inefficient in performance than the kernel module, it provides more security properties for logs. Thus, we then focus on the virtualization approach with a detailed proposal, which describes ways to preserve logs without tampering and deletion.",

author = "Chou, {Bin Hui} and Kohei Tatara and Taketoshi Sakuraba and Yoshiaki Hori and Kouichi Sakurai",

year = "2008",

doi = "10.1109/ISA.2008.96",

language = "English",

isbn = "9780769531267",

series = "Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008",

pages = "421--426",

booktitle = "Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008",

note = "2nd International Conference on Information Security and Assurance, ISA 2008 ; Conference date: 24-04-2008 Through 26-04-2008",

}

TY - GEN

T1 - A secure virtualized logging scheme for digital forensics in comparison with kernel module approach

AU - Chou, Bin Hui

AU - Tatara, Kohei

AU - Sakuraba, Taketoshi

AU - Hori, Yoshiaki

AU - Sakurai, Kouichi

PY - 2008

Y1 - 2008

N2 - Digital forensics encompasses the process of identifying the perpetrator and the criminal method by analyzing the logs generated in the computer. Log files record the activities of the computer and by reading them one can know what kind of event happened at a certain time. Therefore, secure logs with the integrity property are essential. In this paper, we discuss two approaches to achieve the integrity of logsthe kernel module and virtualization, and compare them. Although virtualization is more inefficient in performance than the kernel module, it provides more security properties for logs. Thus, we then focus on the virtualization approach with a detailed proposal, which describes ways to preserve logs without tampering and deletion.

AB - Digital forensics encompasses the process of identifying the perpetrator and the criminal method by analyzing the logs generated in the computer. Log files record the activities of the computer and by reading them one can know what kind of event happened at a certain time. Therefore, secure logs with the integrity property are essential. In this paper, we discuss two approaches to achieve the integrity of logsthe kernel module and virtualization, and compare them. Although virtualization is more inefficient in performance than the kernel module, it provides more security properties for logs. Thus, we then focus on the virtualization approach with a detailed proposal, which describes ways to preserve logs without tampering and deletion.

UR - http://www.scopus.com/inward/record.url?scp=51349084065&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=51349084065&partnerID=8YFLogxK

U2 - 10.1109/ISA.2008.96

DO - 10.1109/ISA.2008.96

M3 - Conference contribution

AN - SCOPUS:51349084065

SN - 9780769531267

T3 - Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

SP - 421

EP - 426

BT - Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

T2 - 2nd International Conference on Information Security and Assurance, ISA 2008

Y2 - 24 April 2008 through 26 April 2008

ER -

A secure virtualized logging scheme for digital forensics in comparison with kernel module approach

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this