New solution for secure centralised log collection
2019-03-18Guaranteeing that information does not leak is one of the challenges of centralising logs. Researchers at Karlstad University have now developed a technical solution for transporting logs via cloud services in a simple, secure way.
“There are different techniques for protecting logs when they are centralised. One could for example encrypt them, verify that nobody has changed them, and verify that the logs come from a specific device. These are well-known logging techniques, but what is new is that we have combined all these services in the same package,” says Rasmus Dahlberg, doctoral student in Computer Science at Karlstad University.
Secure logging is crucial, because logs show what happens in computer systems when they are run. Logs include sensitive information and one has to be certain that they are correct and have not been manipulated. Logs are often saved in files on computer hard drives, but companies handling large amounts of data may benefit from using cloud services for analysis and storage.
“Transporting logs via cloud services may pose a security risk. But with our new system, these logs are secure. We can guarantee that the logs have not disappeared through sabotage, and that they have not been leaked or changed, because they were protected all the way”. Another important aspect is that we can demonstrate to a third party that the logs originate from a specific device,” says Rasmus Dahlberg.
Rasmus Dahlberg and Tobias Pulls, senior lecturer in Computer Science at Karlstad University, developed the solution in close cooperation with companies as part of the HITS project (High Quality Networked Services in a Mobile World). After examining the specifications, the researchers developed a mathematical model of the logging system to better understand the security features. Thereafter the system was implemented and tested to assess performance.
“We found that the system to be very quick and it fulfils all the specified security requirements. The result is a simple, secure solution that all companies that want to obtain an overview of their computer system logs will benefit from,” says Rasmus Dahlberg.
Read more about HITS here.