SecSyslog: an Approach to Secure Logging Based on Covert Channels

S
SADFE
2005
First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05)
Abstract - SecSyslog: an Approach to Secure Logging Based on Covert Channels

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Dario V. Forte Articles by Cristiano Maruti Articles by Michele R. Vetturi Articles by Michele Zambelli

First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05)

Taipei, Taiwan

November 07-November 09

ISBN: 0-7695-2478-8

	ASCII Text	x
	Dario V. Forte, Cristiano Maruti, Michele R. Vetturi, Michele Zambelli, "SecSyslog: an Approach to Secure Logging Based on Covert Channels," Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on, pp. 248-263, First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05), 2005.

	BibTex	x
	@article{ 10.1109/SADFE.2005.21, author = {Dario V. Forte and Cristiano Maruti and Michele R. Vetturi and Michele Zambelli}, title = {SecSyslog: an Approach to Secure Logging Based on Covert Channels}, journal ={Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on}, volume = {0}, year = {2005}, isbn = {0-7695-2478-8}, pages = {248-263}, doi = {http://doi.ieeecomputersociety.org/10.1109/SADFE.2005.21}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on TI - SecSyslog: an Approach to Secure Logging Based on Covert Channels SN - 0-7695-2478-8 SP248 EP263 A1 - Dario V. Forte, A1 - Cristiano Maruti, A1 - Michele R. Vetturi, A1 - Michele Zambelli, PY - 2005 KW - Log analysis KW - Forensic KW - Log Correlation KW - Log Integrity KW - Covert Channel KW - Spyware. VL - 0 JA - Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on ER -

Dario V. Forte, University of Milano at Crema

Cristiano Maruti, IRItaly (Incident Response Italy) project

Michele R. Vetturi, IRItaly (Incident Response Italy) project

Michele Zambelli, IRItaly (Incident Response Italy) project

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SADFE.2005.21

Today log traces are widely used to identify and prevent violations of corporate information systems. The most recent logging trend is to manage most level 3 ISO/OSI traffic via pcapcompatibile output. But use of syslog is still very widespread, as are the security issues it entails, especially in its 'pure' version. This paper outlines the basic syslog problems as foreseen in the RFCs, examines the 'secure' alternatives to the protocol (and relative implementations) and proposes a transmission approach based on covert channels which, applied on the LINUX platform, might answer some of the intrinsic reliability problems which undermine its effectiveness as a digital forensic tool.

Index Terms:

Log analysis, Forensic, Log Correlation, Log Integrity, Covert Channel, Spyware.

Citation:

Dario V. Forte, Cristiano Maruti, Michele R. Vetturi, Michele Zambelli, "SecSyslog: an Approach to Secure Logging Based on Covert Channels," sadfe, pp.248-263, First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.