ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Logging key assurance indicators in business processes
Full text PdfPdf (717 KB)
Source
ASIAN ACM Symposium on Information, Computer and Communications Security archive
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security table of contents
Sydney, Australia
SESSION: Short papers-I table of contents
Pages 364-367  
Year of Publication: 2009
ISBN:978-1-60558-394-5
Authors
Fabio Massacci  Università di Trento
Gene Tsudik  University of California, Irvine
Artsiom Yautsiukhin  Università di Trento
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 9,   Downloads (12 Months): 61,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1533057.1533105
What is a DOI?

ABSTRACT

Management of a modern enterprise is based on the assumption that executive reports of lower-layer management are faithful to what is actually happening in the field. As some well-publicised major recent disasters (such as Barings, AllFirst-Allied Irish Bank, ENRON, Societé Generale) have shown, this assumption is not well-founded. Intermediate managers can misrepresent the actual state of their systems in order to hide negative events or to "doctor" reports which have been already produced. Existing security approaches which guarantee integrity of logs and related reports do not protect the system against these threats, if they are directly applied to a multi-layered corporate structure. In this paper, we extend existing approaches by constructing a logging scheme which ensures that, at each level, logs are both correct and consistent.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Basel Committee on Banking Supervision, International convergence of capital measurement and capital standards, 2006.
 
2
Mihir Bellare , Sara K. Miner, A Forward-Secure Digital Signature Scheme, Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, p.431-448, August 15-19, 1999
 
3
M. Bellare and B. Yee, Forward integrity for secure audit logs, UCSD Technical Report, University of California at San Diego, 1997.
 
4
C. Chong, Z. Peng and P. Hartel, Secure audit logging with tamper resistant hardware, Technical Report TR-CTIT-02-29, Univ. of Twente, 2002.
 
5
Di Ma , Gene Tsudik, A New Approach to Secure Logging, Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security, July 13-16, 2008, London, UK  [doi>10.1007/978-3-540-70567-3_4]
 
6
Fox Business, Futures trader responsible for $7b fraud. http://www.foxbusiness.com.
 
7
Jason E. Holt, Logcrypt: forward security and public verification for secure audit logs, Proceedings of the 2006 Australasian workshops on Grid computing and e-research, p.203-211, January 16-19, 2006, Hobart, Tasmania, Australia
 
8
ISACA, CobiT, www.isaca.org/cobit/, 2008.
 
9
ISO/IEC. ISO 17799, 2001 IT Governance Institute, IT Control Objectives for BASEL II: The important of Goverance and Risk Management for Complience., 2007. http://www.isaca.org
 
10
IT Governance Institute. IT Control Objectives for BASEL II. The important of Goverance and Risk Management for Complience., 2007. http://www.isaca.org
 
11
J. Kelsey and B. Schneier, Minimizing bandwidth for remote access to cryptographically protected audit logs, RAID'99, 1999.
 
12
Permanent Subcommettee on Inverstigations of the Comittee on Governmental Affairs of the United States Senate, The Role of The Board of Directors in Enron's Collapse, http://news.findlaw.com/hdocs/docs/enron/senpsi70802rpt.pdf, 2002.
 
13
Bruce Schneier , John Kelsey, Cryptographic support for secure logs on untrusted machines, Proceedings of the 7th conference on USENIX Security Symposium, p.4-4, January 26-29, 1998, San Antonio, Texas
14
Bruce Schneier , John Kelsey, Secure audit logs to support computer forensics, ACM Transactions on Information and System Security (TISSEC), v.2 n.2, p.159-176, May 1999  [doi>10.1145/317087.317089]
 
15
United States Districs Court Southern Districs of New York, United States of America vs. Bernard J. Ebbers, http://news.findlaw.com/hdocs/docs/worldcom/usebbers504ind3s.pdf, 2004.
 
16
Wachtell, Lipton, Rosen and Katz, Report to the Board of Allied Irish Banks, p.l.c., Allfirst Financial Inc. and Allfirst Bank Concerning Currency Trading Losses. Available from http://www.aibgroup.com, March 2002.
 
17
B. Waters, D. Balfanz, G. Durfee and D. Smetters, Building an encrypted and searchable audit log, ISOC NDSS'04, 2004.

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.4 System Management
          Subjects: Management audit

Additional Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.7 Database Administration
          Subjects: Logging and recovery; Security, integrity, and protection

  J. Computer Applications
  J.1 ADMINISTRATIVE DATA PROCESSING
      Subjects: Business


General Terms:
Management, Security


Keywords:
auditing, enterprise, logs, tamper-proofed logs

Collaborative Colleagues:
Fabio Massacci: colleagues
Gene Tsudik: colleagues
Artsiom Yautsiukhin: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player