Verifiable audit trails for a versioning file system

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Verifiable audit trails for a versioning file system

Full text

Pdf (154 KB)

Source

Workshop On Storage Security And Survivability archive
Proceedings of the 2005 ACM workshop on Storage security and survivability table of contents

Fairfax, VA, USA

SESSION: Short papers -- storage survivability table of contents

Pages: 44 - 50

Year of Publication: 2005

ISBN:1-59593-233-X

Authors

Randal Burns	Johns Hopkins University, Baltimore, MD
Zachary Peterson	Johns Hopkins University, Baltimore, MD
Giuseppe Ateniese	Johns Hopkins University, Baltimore, MD
Stephen Bono	Johns Hopkins University, Baltimore, MD

Sponsors

ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 7, Downloads (12 Months): 76, Citation Count: 1

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTex EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1103780.1103787 What is a DOI?

ABSTRACT

We present constructs that create, manage, and verify digital audit trails for versioning file systems. Based upon a small amount of data published to a third party, a file system commits to a version history. At a later date, an auditor uses the published data to verify the contents of the file system at any point in time. Audit trails create an analog of the paper audit process for file data, helping to meet the requirements of electronic record legislation, such as Sarbanes-Oxley. Our techniques address the I/O and computational efficiency of generating and verifying audit trails, the aggregation of audit information in directory hierarchies, and constructing verifiable audit trails in the presence of lost data.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	C. Adams, P. Cain, D. Pinkas, and R. Zuccherato. Internet X.509 public key infrastructure time-stamp protocol. RFC 3161 - Internet Engineering Task Force, 2001.
	2	Mihir Bellare , Oded Goldreich , Shafi Goldwasser, Incremental cryptography and application to virus protection, Proceedings of the twenty-seventh annual ACM symposium on Theory of computing, p.45-56, May 29-June 01, 1995, Las Vegas, Nevada, United States [doi>10.1145/225058.225080]
	3	Mihir Bellare , Roch Guérin , Phillip Rogaway, XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions, Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology, p.15-28, August 27-31, 1995
	4	John Black , Phillip Rogaway, A Block-Cipher Mode of Operation for Parallelizable Message Authentication, Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology, p.384-397, May 02, 2002
	5	United States Congress. The Health Insurance Portability and Accountability Act of 1996, 1996.
	6	United States Congress. Sarbanes-Oxley Act of 2002, 2002.
	7	G. Di Crescenzo, R. Graveman, R. Ge, and G. Arce. Approximate message authentication and biometric entity authentication. In Proceedings of Financial Cryptography and Data Security, 2005.
	8	Frank Dabek , M. Frans Kaashoek , David Karger , Robert Morris , Ion Stoica, Wide-area cooperative storage with CFS, Proceedings of the eighteenth ACM symposium on Operating systems principles, October 21-24, 2001, Banff, Alberta, Canada
	9	Dan Farmer , Wietse Venema, Forensic Discovery, Addison Wesley Professional, 2004
	10	Kevin Fu , M. Frans Kaashoek , David Mazières, Fast and secure distributed read-only file system, ACM Transactions on Computer Systems (TOCS), v.20 n.1, p.1-24, February 2002 [doi>10.1145/505452.505453]
	11	J. Hagerty. Sarbanes-Oxley compliance spending will exceed $5B in 2004. AMR Research Outlook, Dec 2004.
	12	E. Haubert, J. Tucek, L. Brumbaugh, and W. Yurcik. Tamper-resistant storage techniques for multimedia systems. In International Symposium Electronic Imaging Storage and Retrieval Methods and Applications for Multimedia (EI121), 2005.
	13	Mahesh Kallahalla , Erik Riedel , Ram Swaminathan , Qian Wang , Kevin Fu, Plutus: Scalable Secure File Sharing on Untrusted Storage, Proceedings of the 2nd USENIX Conference on File and Storage Technologies, March 31-31, 2003, San Francisco, CA
	14	John Kubiatowicz , David Bindel , Yan Chen , Steven Czerwinski , Patrick Eaton , Dennis Geels , Ramakrishna Gummadi , Sean Rhea , Hakim Weatherspoon , Chris Wells , Ben Zhao, OceanStore: an architecture for global-scale persistent storage, Proceedings of the ninth international conference on Architectural support for programming languages and operating systems, p.190-201, November 2000, Cambridge, Massachusetts, United States
	15	Leslie Lamport, Password authentication with insecure communication, Communications of the ACM, v.24 n.11, p.770-772, Nov. 1981 [doi>10.1145/358790.358797]
	16	Petros Maniatis , Mary Baker, Enabling the Archival Storage of Signed Documents, Proceedings of the Conference on File and Storage Technologies, p.31-45, January 28-30, 2002
	17	S. Micali. Efficient certificate revocation. In Proceedings of RSA and US Patent 5,666,416, 1997.
	18	J. Monroe. Emerging solutions for content storage. Presentation at PlanetStorage, 2004.
	19	M. Naor , M. Yung, Universal one-way hash functions and their cryptographic applications, Proceedings of the twenty-first annual ACM symposium on Theory of computing, p.33-43, May 14-17, 1989, Seattle, Washington, United States [doi>10.1145/73007.73011]
	20	Swapnil Patil , Anand Kashyap , Gopalan Sivathanu , Erez Zadok, FS: An In-Kernel Integrity Checker and Intrusion Detection File System, Proceedings of the 18th USENIX conference on System administration, November 14-19, 2004, Atlanta, GA
	21	Zachary Peterson , Randal Burns, Ext3cow: a time-shifting file system for regulatory compliance, ACM Transactions on Storage (TOS), v.1 n.2, p.190-212, May 2005 [doi>10.1145/1063786.1063789]
	22	Z. N. J. Peterson, R. Burns, and A. Stubblefield. Limiting liability in a federally compliant file system. In Proceedings of the PORTIA Workshop on Sensitive Data in Medical, Financial, and Content Distribution Systems, 2004.
	23	Ronald L. Rivest , Adi Shamir, PayWord and MicroMint: Two Simple Micropayment Schemes, Proceedings of the International Workshop on Security Protocols, p.69-87, April 10-12, 1996
	24	Bruce Schneier , John Kelsey, Secure audit logs to support computer forensics, ACM Transactions on Information and System Security (TISSEC), v.2 n.2, p.159-176, May 1999 [doi>10.1145/317087.317089]
	25	Richard Thomas Snodgrass, The TSQL2 Temporal Query Language, Kluwer Academic Publishers, Norwell, MA, 1995
	26	Craig A. N. Soules , Garth R. Goodson , John D. Strunk , Gregory R. Ganger, Metadata Efficiency in Versioning File Systems, Proceedings of the 2nd USENIX Conference on File and Storage Technologies, March 31-31, 2003, San Francisco, CA
	27	M. Waldman, A. D. Rubin, and L. F. Cranor. Publius: A robust, tamper-evident, censorship-resistant, Web publishing system. In Proceedings of the USENIX Security Symposium, 2000.
	28	H. Weatherspoon, C. Wells, and J. Kubiatowicz. Naming and integrity: Self-verifying data in peer-to-peer systems. In Proceedings of the Workshop on Future Directions in Distributed Computing, 2002.