A Novel Approach to Secured and Central Logging Data

摘要

Logging data is valuable and important information to reveal the attacker's activities and recover broken system. Unfortunately, once the attacker successfully penetrates a protected system, he never fails to either modify the logging data, or even worse, delete them to cover his traces. To avoid such a tragedy, it is best to keep logging data in another machine by forwarding them to a central logging server. However, this approach has a flaw: while transmitting on network, data could be illegally sniffed or the traffic might be secretly redirected to a malicious machine. This paper proposes a novel method named Xenlog to secure logging data for systems run on Xen virtual machine: the solution does not use network stack to send data. Experimental and resulted tool proves that this approach is more secure than the traditional solution, while logging process is far more effective (nearly 24 times faster) and more reliable.