By Topic

SecSyslog: an approach to secure logging based on covert channels

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
D. V. Forte ; Incident Response Italy Project, Univ. of Milano, Crema, Italy ; C. Maruti ; M. R. Vetturi ; M. Zambelli

Today log traces are widely used to identify and prevent violations of corporate information systems. The most recent logging trend is to manage most level 3 ISO/OSI traffic via pcap-compatible output. But use of syslog is still very widespread, as are the security issues it entails, especially in its 'pure' version. This paper outlines the basic syslog problems as foreseen in the RFCs, examines the 'secure' alternatives to the protocol (and relative implementations) and proposes a transmission approach based on covert channels which, applied on the LINUX platform, might answer some of the intrinsic reliability problems which undermine its effectiveness as a digital forensic tool.

Published in:

First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05)

Date of Conference:

7-9 Nov. 2005