Call for Paper - January 2023 Edition
IJCA solicits original research papers for the January 2023 Edition. Last date of manuscript submission is December 20, 2022. Read More

A Framework of TPM, SVM and Boot Control for Securing Forensic Logs

Print
PDF
International Journal of Computer Applications
© 2012 by IJCA Journal
Volume 50 - Number 13
Year of Publication: 2012
Authors:
Nazanin Borhan
Ramlan Mahmod
Ali Dehghantanha
10.5120/7831-1042

Nazanin Borhan, Ramlan Mahmod and Ali Dehghantanha. Article: A Framework of TPM, SVM and Boot Control for Securing Forensic Logs. International Journal of Computer Applications 50(13):15-19, July 2012. Full text available. BibTeX

@article{key:article,
	author = {Nazanin Borhan and Ramlan Mahmod and Ali Dehghantanha},
	title = {Article: A Framework of TPM, SVM and Boot Control for Securing Forensic Logs},
	journal = {International Journal of Computer Applications},
	year = {2012},
	volume = {50},
	number = {13},
	pages = {15-19},
	month = {July},
	note = {Full text available}
}

Abstract

Computer logs files contain the crucial information that is stored and can be an important forensics evidence of attacks and actions of a system. Cyber forensics can be one of the important solutions to systematically gather, process, interpret and utilize digital evidence and log of the activities and events of a system is one of the most important resources of analyzing the evidence for researchers, therefore a secure storage of forensic log is our main focus. In this paper, we propose a Trusted Module Platform (TPM)-based solution along with using Secure Virtual Machines (SVM) to secure the storage of forensic logs of the system for cyber forensics investigation. Since TPM provides protection before system boot process, it heavily limits the number of attacks that may bypass. Also SVM provide a secure environment to test software before installing on the client-machine. To ensure a secure logging system, our model will be using a smart combination of TPM, SVM and secure boot control to provide maximum log protection.

References

  • Mohd Taufik Abdullah, Ramlan Mahmod , Abdul Azim Ab. Ghani, Mohd Zain Abdullah, and Abu Bakar Md Sultan. Advances in Computer Forensics. International Journal of Computer Science and Network Security (IJCSNS), VOL. 8 No. 2, pp. 214-219, 2008
  • Ali Dehghantanha, Nur Izura Udzir, Ramlan Mahmoud, "Future Digital Forensics Labs," in the 2011 IEEE International Conference on Computer Applications and Network Security (ICCANS), pp. 27-29, Maldives (Accepted)- IEEE index, 2011
  • J. D. Hietal, "Hardware versus Software", A SANS Whitepaper – September 2007 (Edited May, 2008)
  • Ali Reza Arasteh, M. D. , Assaad Sakha & Mohamed Saleh. Analyzing multiple logs for forensic evidence. Digital Investigation, DFRWS, Elsevier, pp. 82-91, 2007.
  • Mohamed Saleh, A. R. A. , Assaad Sakha & Mourad Debbabi, Forensic analysis of logs: Modeling and verification. Knowledge-Based Systems 20, Sience Direct, Elsevier, pp. 671–682, 2007.
  • Dingbang Xu and Peng Ning, Alert correlation through triggering events and common resources. Tucson, AZ, USA, 2004
  • S. Staniford, J. H. J. M. , Practical automated detection of stealthy portscans. Journal of Computer Security 10(1/2), 2002.
  • Debar, B. M. H. , Correlation of intrusion symptoms: an application of chronicles. In Proceedings of the 6th International Conference on Recent Advances in Intrusion Detection (RAID), 2003.
  • Miege, F. C. A. , Alert correlation in a cooperative intrusion detection framework. In Proceedings of the IEEE Symposium on Security and Privacy, 2002.
  • Jha. , P. B. V. Y. S. , Global intrusion detection in the domino overlay system. In: Pro. of the 11th Annual Network and Distributed System Security Symposium, 2004.
  • Chuvakin, C. P. A. , Security Warrior. O'Reilly, 2004.
  • Heiser, W. K. J. , Computer Forensics: Incident Response Essentials. Addison-Wesley, Boston, MA, 2002.
  • Daniel Le M´etayer, E. M. M. -L. P. , Designing log architectures for legal evidence. Software Engineering and Formal Methods, IEEE Computer Society, pp. 155-165, 2010.
  • Wang, Y. -T. F. S. -J. , Intrusion Investigations with Data-hiding for Computer Log-file Forensics. 978-1-4244-6949-9/10©2010 IEEE, 2010.
  • Chen Lin, L. Z. G. C. , Automated Analysis of Multi-source Logs for Network Forensics. First International Workshop on Education Technology and Computer Science, IEEE Computer Society, pp. 659-664, 2009.
  • Niandong Liao, S. T. T. W. , Network forensics based on fuzzy logic and expert system. Elsevier B. V. , Computer Communications, Vol 32, pp. 1881–1892, 2009.
  • Trusted Computing Group TCG Specification Architecture Overview, Specification Revision 1. 4, 2007.
  • Sadeghi, A. -R. , Trusted Computing —Special Aspects and Challenges. In: Proceeding of SOFSEM, LNCS, 4910:98-117, Springer-Verlag Berlin Heidelberg, 2008.
  • Martin Pirker and Ronald Toegl. Towards a Virtual Trusted Platform. Journal of Universal Computer Science, vol. 16, no. 4, 2010.
  • Eric D. Bryant, Avni Harilal Rambhia, Mikhael J. Atallah, John R. Rice. Software trusted platform module and application security wrapper. United State Patents, Patent number: US 7,870,399 B2. Issuing date: 11 Jan 2011
  • David Challener, K. Y. , Ryan Catherman, David Safford, Leendert Van Doorn. A Practical Guide to Trusted Computing. IBM Published Book- Pearson Education, Inc Rights and Contracts Department ISBN-13: 978-0-13-239842-8, 2007.
  • Muththolib Sidheeq, Ali Dehghantanha, Geetha Kananparan, "Utilizing Trusted Platform Module to Mitigate Botnet Attacks" in International Journal of Advancements in Computing Technology (IJACT), Volume 2 Issue 5, pp. 111-117, 2010- Korea- Scopus index,
  • Yap Tze Tzuen, Ali Dehghantanha, Andy Seddon, and SeyedHossein Mohtasebi, "Greening Digital Forensics: Opportunities and Challenges," In Second International Conference on Recent Trends in Information Processing and Computing (IPC), Vol. 14-15, pp. 35-50, 2011.
  • F. Felacy Silvia, "Security in Virtual Machine is better than Real Machine", International Journal of Computer Science & Communication, 2010.
  • C. N. Chong, Z. Peng, and P. H. Hartel, "Secure audit logging with tamper-resistant hardware," Proceeding in 18th IFIP International Information Security Conference (IFIPSEC), vol. 250. Kluwer Academic Publishers, pp. 73–84, 2002.
  • Benjamin Boeck and David Huemer, A Min Tjoa, Towards more Trustable Log Files for Digital Forensics by Means of "Trusted Computing". 24th IEEE International Conference on Advanced Information Networking and Applications. IEEE Computer Security, pp. 1019-1027, 2010.
  • X. Zhao, K. Borders, and A. Prakash. Svgrid: A secure virtual environment for untrusted grid applications. In CM/IFIP/USENIX 6th International Middleware Conference, France. 2005.
  • K. Fujita, Y. Ashino, T. Uehara and R. Sasaki. Using boot control to preserve the integrity of evidence. Advances in Digital Forensics IV, Springer, pp. 61–74, 2008.