Tamperproof Audit Logs

防篡改审计日志

• 批准号: 0415101
• 负责人: Richard Snodgrass
• 金额: $ 33万
• 依托单位: University of Arizona
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2005
• 资助国家: 美国
• 起止时间: 2005-09-01 至 2009-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0415101&HistoricalAwards=false
• 关键词: Tamperproof; Audit; Logs

An audit log enumerates the changes, and often the accesses, that have been applied to a database. Audit logs are considered good practice for business systems, and are required by federal regulations for secure systems, drug approval data, medical information disclosure, financial records, and electronic voting. Given the central role of audit logs, it is critical that they are correct and unalterable.Mechanisms are developed, for implementation within a database management system (DBMS), based on cryptographically strong one-way hash functions, that prevent an intruder, including an auditor or an employee or even an unknown bug within the DBMS itself, from silently corrupting the audit log. The DBMS thus stores additional information in the database to enable a separate audit log validator to examine the database along with this extra information and state conclusively whether the audit log has been compromised, thus supporting tamper detection. Using a secure audit log replication protocol and the validator, tamperproof audit logs result. Good performance is essential: tamperproof audit logs will only realistically be used if their overhead is small.This research will enable an important and highly desirable capability to be added to existing database management systems: tamperproof audit logs. By instituting tamperproof audit logs, US federal regulations in many domains can be more effectively applied, lending confidence to the business leaders, government officials, and citizens who depend on these critical medical, financial, and voting systems. The PI will work closely with vendors to ensure that the approaches are consistent with existing technologies.This work is being developed on the open-source BerkeleyDB and MySQL systems, as an extension of these two systems and updates will be available via the project's Web site (http://www.cs.arizona.edu/tau/Audit/).

审核日志枚举已应用于数据库的更改（通常还包括访问）。审计日志被认为是业务系统的良好实践，并且是安全系统、药品审批数据、医疗信息披露、财务记录和电子投票的联邦法规所要求的。鉴于审计日志的核心作用，它们的正确性和不可更改性至关重要。基于加密的强大单向散列函数，开发了用于在数据库管理系统 (DBMS) 中实现的机制，以防止入侵者，包括审计员或员工，甚至是 DBMS 本身的未知错误，都会悄悄地破坏审计日志。因此，DBMS 在数据库中存储附加信息，以使单独的审核日志验证器能够检查数据库以及这些附加信息，并最终确定审核日志是否已被泄露，从而支持篡改检测。使用安全的审核日志复制协议和验证器，可以生成防篡改的审核日志。良好的性能至关重要：防篡改审计日志只有在开销很小的情况下才会真正被使用。这项研究将使一个重要且非常理想的功能添加到现有的数据库管理系统中：防篡改审计日志。通过建立防篡改审计日志，美国联邦法规在许多领域都可以得到更有效的应用，从而为依赖这些关键医疗、金融和投票系统的商界领袖、政府官员和公民带来信心。 PI 将与供应商密切合作，以确保这些方法与现有技术一致。这项工作正在开源 BerkeleyDB 和 MySQL 系统上开发，作为这两个系统的扩展和更新将通过该项目的网站提供（http://www.cs.arizona.edu/tau/Audit/）。