计算机应用 ›› 2005, Vol. 25 ›› Issue (04): 867-869.DOI: 10.3724/SP.J.1087.2005.0867

• 信息安全 • 上一篇    下一篇

一个日志完整性检测方法

陈黎明1,2,俞研1,2,黄皓1,2   

  1. 1. 南京大学计算机科学与技术系; 2.计算机软件新技术国家重点实验室
  • 出版日期:2005-04-01 发布日期:2005-04-01

Method for verifying log integrity

CHEN Li-ming1,2,YU Yan1,2,HUANG Hao1,2   

  1. 1.Department of Computer Science and Technology,Nanjing University,Nanjing Jiangsu 210093,China; 2.State Key Laboratory for Novel Software Technology,Nanjing University,Nanjing Jiangsu 210093,China
  • Online:2005-04-01 Published:2005-04-01

摘要:

通常入侵者在成功控制系统后会试图更改日志文件以消除入侵痕迹,隐藏入侵行为。为 了防止入侵者隐藏其入侵行为,提出了一个日志完整性检测方法,对日志的完整性进行检测,使得入 侵者不能不被发现地更改系统被其控制以前在日志文件中写入的记录,进而提供保护。并在日志完 整性受到破坏时,给出一个可信任日志记录集合以供其他程序使用。

关键词: 日志完整性, 单向哈希函数, 报文鉴别码

Abstract:

All kinds of system events are stored in logs. After a successful intrusion, the intruder will try to modify the logs to conceal the intrusion. A method for verifying and protecting log integrity was described to make all log entries generated prior to the logging system’s compromise impossible for the attacker to undetectably modify. A set of trusted log entries was provided to other programs when damages are made to log integrity.

Key words: log integrity, one-way hash, MAC

中图分类号: