[Security_sig] Paper about secure logs

Gé Weijers Ge.Weijers at Sun.COM
Thu Nov 11 12:56:37 PST 2004

Here it is.

"ABSTRACT: In many real-world applications, sensitive information must 
be kept in log files on an untrusted machine. In the event that an 
attacker captures this machine, we would like to guarantee that he will 
gain little or no information from the log files and to limit his 
ability to corrupt the log files. We describe a computationally cheap 
method for making all log entries generated prior to the logging 
machine's compromise impossible for the attacker to read, and also 
impossible to undetectably modify or destroy."


Also interesting:


Gé Weijers                          mailto:ge.weijers at sun.com
Linux Software Engineering          Direct/Fax: (877)240-7611
Sun Microsystems, Inc.              x69536 (Sun)
=== Expressed opinions are my own, I do not speak for Sun ===

More information about the security_sig mailing list