Finding the Evidence in Tamper-Evident Logs
| dc.contributor.author | Sandler, Daniel | en_US |
| dc.contributor.author | Derr, Kyle | en_US |
| dc.contributor.author | Crosby, Scott A. | en_US |
| dc.contributor.author | Wallach, Dan S. | en_US |
| dc.date.accessioned | 2017-08-02T22:03:05Z | en_US |
| dc.date.available | 2017-08-02T22:03:05Z | en_US |
| dc.date.issued | 2008-01-23 | en_US |
| dc.date.note | January 23, 2008 | en_US |
| dc.description.abstract | Secure logs are powerful tools for building systems that must resist forgery, prove temporal relationships, and stand up to forensic scrutiny. The proofs of order and integrity encoded in these tamper-evident chronological records, typically built using hash chaining, may be used by applications to enforce operating constraints or sound alarms at suspicious activity. However, the problem of how to automatically detect violations remains open. Low-level inconsistencies, such as gaps in the hash chain, are detectable without knowledge about the application, but existing research stops short of extracting or verifying application-specific log properties. In this paper we contribute the design and implementation of a system for discovering this kind of evidence. We first propose a logical language for applications to express concisely the constraints that apply to their logs and the evidence that can be extracted from them. We offer several algorithms for efficiently and incrementally evaluating these rules. Finally, we present QUERIFIER, a log analysis package that implements our proposed techniques. It can be used offline as an analyzer for static logs, or online during the runtime of a logging application. Given validity rules and available log data, it presents evidence of correctness and offers counterexamples if desired. We describe QUERIFIER's implementation and offer early performance results: for a rule set developed for a distributed voting application, we observed that our system could incrementally verify a realistic election-day log at 50 events per second. | en_US |
| dc.format.extent | 18 pp | en_US |
| dc.identifier.citation | Sandler, Daniel, Derr, Kyle, Crosby, Scott A., et al.. "Finding the Evidence in Tamper-Evident Logs." (2008) https://hdl.handle.net/1911/96364. | en_US |
| dc.identifier.digital | TR08-01 | en_US |
| dc.identifier.uri | https://hdl.handle.net/1911/96364 | en_US |
| dc.language.iso | eng | en_US |
| dc.rights | You are granted permission for the noncommercial reproduction, distribution, display, and performance of this technical report in any format, but this permission is only for a period of forty-five (45) days from the most recent time that you verified that this technical report is still available from the Computer Science Department of Rice University under terms that include this permission. All other rights are reserved by the author(s). | en_US |
| dc.title | Finding the Evidence in Tamper-Evident Logs | en_US |
| dc.type | Technical report | en_US |
| dc.type.dcmi | Text | en_US |
Files
Original bundle
1 - 1 of 1