VMBLS: virtual machine based logging scheme for prevention of tampering and loss
ARES'11 Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
| Hi-index | 0.00 |
Trustable log data is essential in digital forensic investigations in order to allow reliable reconstruction of events. Existing solutions do not provide adequate protection, exposing the log-producing application to software-based attacks. In this paper we provide a solution based on Trusted Computing using a Trusted Platform Module (TPM) and AMD’s Secure Virtual Machine technology (SVM). While current solutions only protect against manipulation of existing logs, we go one step further by establishing hardware-based trust in the log producing application. Our solution ensures confidentiality, integrity and non-repudiation during creation, storage and transmission of log data.