[cgl_discussion] some info updates on PoCs of secure syslog

Zhao, Forrest forrest.zhao at intel.com
Sat Jun 21 02:32:53 PDT 2003


Last week I did some evaluation work for 

1 ID 7.4.1 "Logs integrity and origin authentication of logs"

2 ID 7.4.2 "Confidentiality of log information"

 

Here I'll give some information update on PoCs of these two requirement.
Just for your reference.

Since these two requirements have some PoCs overlapped, so I summarized
above two requirements into the following four specific requirement
entries:

 

a)         Log file integrity: CGL shall provide a mechanism to check
log files to ensure that they have not been tampered with          

b)         Origin authentication: CGL shall provide a mechanism to
verify the source of a log message received

c)         Log message transport integrity: CGL should provide log
message integrity over any transport

d)         Log message transport confidentiality: CGL should provide log
message confidentiality over any transport

 

Then the following is the current status of PoC projects:

-------------------------------------------------------------

                      |  a    |   b   |  c  |    d

|    SDSC-syslog      |  N    |   N   |  N  |    N

|    Secure Audit     |  Y    |   Y   |  Y  |    Y

|    Syslog-ng+SSL    |  N    |   Y   |  Y  |    Y

|    Msyslog          |  Y    |   N   |  N  |    N

|------------------------------------------------------------

 

Y: represent having been implemented

N: represent having not been implemented

Note: 

1 It's no wonder that SDSC-syslog   has  implement  none of the
requirement

entries, it only implement the "reliable" transport of log message over

network in the latest release. The "reliable" transport means the TCP
transport which supersede the traditional UDP transport of log message
on port 514.

2 Syslog-ng+SSL   is the most stable solution, the other three are not
very stable and reliable.

 

Thanks for your comments!

Forrest

 

**These views are not necessarily those of my employer.** 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux-foundation.org/pipermail/cgl_discussion/attachments/20030621/e387d070/attachment-0001.htm


More information about the cgl_discussion mailing list