Title: A Proposal and Evaluation of User Centric Trusted Log Archival Architecture

Issue Number: Vol. 4, No. 3
Year of Publication: May - 2015
Page Numbers: 442-452
Authors: Takashi Shitamichi, Ryoichi Sasaki
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P001678


Internet services of numerous types are widely implemented at countless sites in today’s worldwide computing environment, which is on-premises or cloud computing, and the generated system and application service logs they produce are important for assuring such systems work correctly. When the owners of such logs are auditors or system managers, it has been thought that from the standpoint of manageability, it is better to accumulate logs at one site rather than multiple sites. However, when the owner of a log generated by an application service is a system user, he or she might want to express a preference from the available log archival sites. Furthermore, there are often cases when a service site is located far away from the log archival site. It should also be mentioned that if sites providing services do so in a cloud computing environment, it is particularly necessary to use a secure and fast messaging method between the service and log archival sites. In this paper, we define a “user centric log archival architecture” concept, examine related works and technical specifications, and propose a new trusted model via both abstract and practical methods. By extending the Simple Object Access protocol (SOAP) based Security Assertion Markup Language (SAML), and using SAML assertions, we show how log messages can be exchanged with confidentiality, integrity, and availability, before they are written securely to storage devices. In order to verify the effectiveness of the proposed architecture, the latencies of a XML messages that contain a SAML assertion and a XML signature are measured and considered in a cloud computing environment.