Download now Free registration required
In this paper, the authors examine logging security in the environment of electronic communication providers. They review existing security threat models for system logging and they extend these to a new security model especially suited for communication network providers, which also considers internal modification attacks. They also propose a framework for secure log management in public communication networks as well as an implementation design, in order to provide traceability under the extended security model. A key role to the proposed framework is given to an independent Regulatory Authority, which is responsible to maintain log integrity proofs in a remote environment and verify the integrity of the provider's log files during security audits.
- Format: PDF
- Size: 453.88 KB