Hardware-Assisted Log Protection Devices And Systems
Author(s)
Advisor(s)
Editor(s)
Collections
Supplementary to:
Permanent Link
Abstract
A hardware-assisted technique may protect a system log from attackers, regardless of an attacker's acquired privileges at the host system. In some embodiments, the technique may employ specialized hardware, e.g., in the form of an add-on peripheral card. The hardware may be connected to a commodity server through a standard bus. Said hardware may stores log files from a host system while permitting only read and append operations from the host system. Thus, even if the attacker obtains root privileges at the host system, removal through the host system of logs may be prevented because the asymmetric interface does not support such commands from the host system. In some embodiments, an existing log file storage path at the host system may be maintained, reducing the required change to implement the disclosed techniques within existing server setups. Further, any performance degradation due to the techniques may be small to negligible.
Sponsor
Date
1/30/2018