Secure Logging for Auditable File System using Separate Virtual Machines

摘要

Auditable file system is used to track the usage of the file system including the operations like read and write. Auditable file system keeps the trails of users' action and the trails are kept faithfully for future auditing. However, as the logs are still kept within the same file system, it will be quite vulnerable to be exposed as malware penetrating the system. Even with the file system hiding the logs, the skillful attacker can still analyze the on-disk structure to get and modify the logs. Thus the logs should be kept separate from the working system. Virtual machines can provide such separation as virtual machines can hold the whole operating system while still keep the system apart from the metal hardware. We propose a method of secure logging for auditable file system using a logging virtual machine. The logs are kept in another virtual machine safely. Even the working virtual machine is broken; the logs are not exposed to the outside. By the isolation provided by virtual machines, the logs can be kept safe and valid. The high privileged user can not modify the logs contents, or forge the logs and data to keep consistency, or pretend to be another user for doing un-authorized actions. We have done several works as well as a prototype system to show the feasibility of such approach. Experiments show that the logging virtual machine will not bring too much overhead.