Secure audit logs to support computer forensics
ACM Transactions on Information and System Security (TISSEC)
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Secure implementation of channel abstractions
Information and Computation
Using Replication and Partitioning to Build Secure Distributed Systems
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Audit-based compliance control
International Journal of Information Security
Enforcing Semantic Integrity on Untrusted Clients in Networked Virtual Environments
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
A posteriori compliance control
Proceedings of the 12th ACM symposium on Access control models and technologies
Secure Implementations for Typed Session Abstractions
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Secret-Ballot Receipts: True Voter-Verifiable Elections
IEEE Security and Privacy
Analysing the Vulnerability of Protocols to Produce Known-pair and Chosen-text Attacks
Electronic Notes in Theoretical Computer Science (ENTCS)
Securing data accountability in decentralized systems
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I
Ott: Effective tool support for the working semanticist
Journal of Functional Programming
Towards a theory of accountability and audit
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Reliable evidence: auditability by typing
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Purpose control: did you process the data for the intended purpose?
SDM'11 Proceedings of the 8th VLDB international conference on Secure data management
| Hi-index | 0.00 |
In an optimistic approach to security, one can often simplify protocol design by relying on audit logs, which can be analyzed a posteriori. Such auditing is widely used in practice, but no formal studies guarantee that the log information suffices to reconstruct past runs of the protocol, in order to reliably detect (and provide evidence of) any cheating. We formalize audit logs for a sample optimistic scheme, the value commitment. It is specified in a pi calculus extended with committable locations, and compiled using standard cryptography to implement secure logs. We show that our distributed implementation either respects the abstract semantics of commitments or, using information stored in the logs, detects cheating by a hostile environment.