Show simple item record

dc.contributor.authorSandler, Daniel
Derr, Kyle
Crosby, Scott A.
Wallach, Dan S.
dc.date.accessioned 2017-08-02T22:03:05Z
dc.date.available 2017-08-02T22:03:05Z
dc.date.issued 2008-01-23
dc.identifier.urihttps://hdl.handle.net/1911/96364
dc.description.abstract Secure logs are powerful tools for building systems that must resist forgery, prove temporal relationships, and stand up to forensic scrutiny. The proofs of order and integrity encoded in these tamper-evident chronological records, typically built using hash chaining, may be used by applications to enforce operating constraints or sound alarms at suspicious activity. However, the problem of how to automatically detect violations remains open. Low-level inconsistencies, such as gaps in the hash chain, are detectable without knowledge about the application, but existing research stops short of extracting or verifying application-specific log properties. In this paper we contribute the design and implementation of a system for discovering this kind of evidence. We first propose a logical language for applications to express concisely the constraints that apply to their logs and the evidence that can be extracted from them. We offer several algorithms for efficiently and incrementally evaluating these rules. Finally, we present QUERIFIER, a log analysis package that implements our proposed techniques. It can be used offline as an analyzer for static logs, or online during the runtime of a logging application. Given validity rules and available log data, it presents evidence of correctness and offers counterexamples if desired. We describe QUERIFIER's implementation and offer early performance results: for a rule set developed for a distributed voting application, we observed that our system could incrementally verify a realistic election-day log at 50 events per second.
dc.format.extent 18 pp
dc.language.iso eng
dc.rights You are granted permission for the noncommercial reproduction, distribution, display, and performance of this technical report in any format, but this permission is only for a period of forty-five (45) days from the most recent time that you verified that this technical report is still available from the Computer Science Department of Rice University under terms that include this permission. All other rights are reserved by the author(s).
dc.title Finding the Evidence in Tamper-Evident Logs
dc.type Technical report
dc.date.note January 23, 2008
dc.identifier.digital TR08-01
dc.type.dcmi Text
dc.identifier.citation Sandler, Daniel, Derr, Kyle, Crosby, Scott A., et al.. "Finding the Evidence in Tamper-Evident Logs." (2008) https://hdl.handle.net/1911/96364.


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record