Trusted Logging for Grid Computing

2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference Pub Date : 2008-10-14 DOI:10.1109/APTC.2008.9

J. Huh, A. Martin

{"title":"Trusted Logging for Grid Computing","authors":"J. Huh, A. Martin","doi":"10.1109/APTC.2008.9","DOIUrl":null,"url":null,"abstract":"The rise of many kinds of grid systems, and associated security threats, makes very necessary the provision of trustworthy services for audit and logging. However, existing solutions tend to put little emphasis on the security of logging. We present a number of use cases where the logs have security properties in their own rights, and so the logs themselves are highly privileged: hence, these need to be integrity and confidentiality protected while being generated, accessed, reconciled and analysed with distributed services spanning across multiple administrative domains. We derive a common set of secure logging requirements to address the security gaps which exist between these use cases and existing solutions.From the requirements, we propose a novel logging architecture for the grid based on virtual machine (VM) isolation and trusted computing capabilities: a small number of privileged driver VMs trigger all trusted logging requests and forward them to the secure logging service running within the log security manager. The logging service verifies the integrity of the log data and the security configurations of these driver VMs (log generators) before storing the logs.","PeriodicalId":159186,"journal":{"name":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","volume":"64 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APTC.2008.9","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

Abstract

The rise of many kinds of grid systems, and associated security threats, makes very necessary the provision of trustworthy services for audit and logging. However, existing solutions tend to put little emphasis on the security of logging. We present a number of use cases where the logs have security properties in their own rights, and so the logs themselves are highly privileged: hence, these need to be integrity and confidentiality protected while being generated, accessed, reconciled and analysed with distributed services spanning across multiple administrative domains. We derive a common set of secure logging requirements to address the security gaps which exist between these use cases and existing solutions.From the requirements, we propose a novel logging architecture for the grid based on virtual machine (VM) isolation and trusted computing capabilities: a small number of privileged driver VMs trigger all trusted logging requests and forward them to the secure logging service running within the log security manager. The logging service verifies the integrity of the log data and the security configurations of these driver VMs (log generators) before storing the logs.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

网格计算的可信日志记录

各种网格系统的兴起以及相关的安全威胁，使得为审计和日志记录提供可信的服务变得非常必要。然而，现有的解决方案往往很少强调日志记录的安全性。我们提出了许多用例，其中日志在其自身权限中具有安全属性，因此日志本身具有高度特权:因此，在使用跨多个管理域的分布式服务生成、访问、协调和分析这些日志时，需要保护它们的完整性和机密性。我们导出了一组通用的安全日志记录需求，以解决这些用例和现有解决方案之间存在的安全差距。根据需求，我们提出了一种基于虚拟机隔离和可信计算能力的网格日志架构:少数特权驱动虚拟机触发所有可信日志请求，并将其转发给运行在日志安全管理器中的安全日志服务。日志服务在存储日志之前，会验证日志数据的完整性以及这些驱动虚拟机(日志生成器)的安全配置。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference

自引率

0.00%

发文量