Skip to main content
Kent Academic Repository

A PKI Based Secure Audit Web Server

Xu, Wensheng, Chadwick, David W., Otenko, Sassa (2005) A PKI Based Secure Audit Web Server. In: IASTED Communications, Network and Information and CNIS. . , Phoenix, USA (KAR id:14230)

Abstract

For many applications, access control and other business related information of all user transactions should be kept in secure log files for intrusion and misuse detection or system audit purposes. Because the log files may be stored on or moved to an untrusted machine and may attract attackers because of the large amounts of potentially sensitive information contained in them, we would like to guarantee that in the event an attacker gains access to this machine, we can limit his ability to corrupt the log files and we are able to detect any compromises afterwards. We also may want to ensure that he can gain little or no information from the log files. In this paper we propose a secure audit web service (SAWS) which can provide a secure audit trail service for multiple clients. The secure audit trail generated by SAWS can be stored on any untrusted machine and it is impossible to be modified or destroyed without detection, and its integrity can be validated by any client. Optionally, the audit file can be encrypted, making it impossible for unauthorised parties to read its contents.

Item Type: Conference or workshop item (Paper)
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Mark Wheadon
Date Deposited: 24 Nov 2008 18:02 UTC
Last Modified: 16 Nov 2021 09:52 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/14230 (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.