WO2023112170A1 - ログ出力装置、ログ出力方法およびログ出力プログラム - Google Patents

ログ出力装置、ログ出力方法およびログ出力プログラム Download PDF

Info

Publication number
WO2023112170A1
WO2023112170A1 PCT/JP2021/046125 JP2021046125W WO2023112170A1 WO 2023112170 A1 WO2023112170 A1 WO 2023112170A1 JP 2021046125 W JP2021046125 W JP 2021046125W WO 2023112170 A1 WO2023112170 A1 WO 2023112170A1
Authority
WO
WIPO (PCT)
Prior art keywords
log
hash value
log output
file
output device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2021/046125
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
友貴 山中
浩義 瀧口
正紀 篠原
智大 永井
泰典 和田
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NTT Inc
Original Assignee
Nippon Telegraph and Telephone Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nippon Telegraph and Telephone Corp filed Critical Nippon Telegraph and Telephone Corp
Priority to EP21968087.3A priority Critical patent/EP4435633A4/en
Priority to CN202180104958.3A priority patent/CN118382862A/zh
Priority to PCT/JP2021/046125 priority patent/WO2023112170A1/ja
Priority to JP2023567357A priority patent/JP7800561B2/ja
Priority to US18/719,274 priority patent/US20250132924A1/en
Priority to AU2021477953A priority patent/AU2021477953A1/en
Publication of WO2023112170A1 publication Critical patent/WO2023112170A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • the present invention relates to a log output device, a log output method, and a log output program.
  • a log file output by a server device, etc. is a record of events that occurred within the device in chronological order, and contains information such as OS (Operating System) and application failures, defects, and warnings. .
  • OS Operating System
  • application failures defects, and warnings.
  • traces of the attack are often recorded in log files, and it is an important security issue to protect the log files from being tampered with by attackers.
  • Forward security is the concept of ensuring that even if a device is infected at some point, the integrity of log files output before that point is not affected.
  • a digest with a digital signature for that log is sequentially generated within the TEE (Trusted Execution Environment) and stored together with the log file so that integrity can be verified later. There is a technique for doing this (see, for example, Non-Patent Document 1).
  • a log output device executes a hook for a predetermined event related to a log message, and calculates a hash value from the log message for each hook.
  • an attachment unit for attaching an encrypted digital signature to the hash value; and an output unit for outputting the log message and the hash value to which the digital signature is attached.
  • a log output method is a log output method executed by a log output device, in which a hook of a predetermined event related to a log message is executed, and a hash value is calculated from the log message each time the hook is executed. an adding step of adding an encrypted digital signature to the hash value; and an outputting step of outputting the log message and the hash value to which the digital signature is added.
  • a log output program includes a calculation procedure for executing a hook of a predetermined event related to a log message, calculating a hash value from the log message each time the hook is executed, and encrypting the hash value. and an output procedure for outputting the log message and the hash value to which the digital signature is attached.
  • the present invention enables effective log file output while maintaining the security level.
  • FIG. 1 is a diagram showing a configuration example of a log output system according to the first embodiment.
  • FIG. 2 is a diagram showing an outline of a conventional log output system.
  • FIG. 3 is a block diagram illustrating a configuration example of a log output device according to the first embodiment;
  • FIG. 4 is a diagram illustrating a specific example 1 of log output processing according to the first embodiment.
  • FIG. 5 is a diagram illustrating a specific example 2 of log output processing according to the first embodiment.
  • FIG. 6 is a diagram illustrating a specific example 2 of log output processing according to the first embodiment.
  • FIG. 7 is a flowchart illustrating an example of the flow of log output processing according to the first embodiment.
  • FIG. 8 is a diagram showing a computer that executes a program.
  • FIG. 1 is a diagram showing a configuration example of a log output system according to the first embodiment. An example of the overall configuration of the log output system 100 will be shown below, and the log message generation processing, event hook processing, digest generation processing, digital signature attachment processing, log file storage processing, and log file verification processing will be described in this order.
  • log output system 100 has a log output device 10 .
  • log output system 100 includes log file 20, digest 30, digital signature 40, digest with digital signature 50, and private key 60 as data related to log output system 100.
  • FIG. The log output system 100 also includes a log output application, a TEE, and a storage unit 12 within the log output device 10 . Each configuration of the log output system 100 will be described below.
  • the log output device 10 is an information processing device realized by a server device, a cloud system, or the like, but is not particularly limited as long as it can execute the log output processing according to the present embodiment.
  • the log output device 10 may be a PC (Personal Computer) owned by a user of a general network, a smart phone, a tablet terminal, or the like.
  • the log output system 100 shown in FIG. 1 may include a plurality of log output devices 10 .
  • log file 20 The log file 20 is a data file containing M log messages (entries written to the log file 20) of log messages 20a.
  • the digest 30 is a hash value generated from the log file 20 containing log messages 20a and the like.
  • Digital Signature 40 Digital Signature 40 is data encrypted with private key 60 . It should be noted that it is also simply written as “signature” as appropriate.
  • a digitally signed digest 50 is a digest 30 to which a digital signature 40 is attached.
  • Private key 60 is data used to encrypt digital signature 40 .
  • the log output application is, for example, an audit application that outputs a log such as auditd, but is not particularly limited as long as it is an application that outputs a log.
  • TEE Transactional Environment
  • normal world normal execution environment
  • TPM Trusted Platform Module
  • the storage unit 12 is a storage medium (storage) in which the log file 20 and the digitally signed digest 50 are stored. Although the storage unit 12 is installed inside the log output device 10 in the example of FIG. 1 , it may be installed outside the log output device 10 . For details of the storage unit 12, see [3. Configuration of log output device 10].
  • the log output device 10 uses a log output application to generate a log file 20 including a log message 20a (see FIG. 1(1)).
  • the log file 20 is a file in which information about events that occur in the log output device 10 (OS and application failures, defects, warnings, etc.) are recorded in chronological order.
  • the log output device 10 hooks the file event (see FIG. 1(2)).
  • the log output device 10 hooks a file open event or a file modification event such as file appending.
  • the log output device 10 uses an OS interface (suitable for “virtual file system description interface”) capable of describing a virtual file system such as FUSE (Filesystem in Userspace), and a file system event log such as fanotify. hooks the above file events using a system call that monitors the .
  • FUSE Filesystem in Userspace
  • fanotify file system event log
  • the log output device 10 generates a digest 30 within the TEE based on the message file 20 including the message 20a etc. (see FIG. 1(3)). For example, the log output device 10 sequentially updates hash values using log messages. In the example of FIG. 1, the log output device 10 includes M log messages recorded in chronological order, and therefore performs M updates (hashing). Then, the log output device 10 executes the update using the block ID, which is the identification information of the block of the log, and generates the digest 30 . At this time, the log output device 10 advances the block ID by one. In the example of FIG. 1, the log output device 10 generates the digest 30 using the block ID "e", which is an arbitrary number, and performs processing to count up the block ID to "e+1".
  • the log output device 10 uses the private key 60 to generate a digital signature 40 within the TEE, and attaches the digital signature 40 to the digest 30 (see FIG. 1(4)).
  • the log output device 10 generates a digital signature 40 by encrypting the digest 30 using a private key 60 held within the TEE, and then appends the digital signature 40 to the digest 30.
  • a digest 50 with is generated.
  • the log output device 10 adds the digest 50 with a digital signature to the log file 20, and stores the log file 20 in the storage unit 12 (see (5) in FIG. 1). At this time, the log output device 10 may store the log file 20 and the digitally signed digest 50 in a database (not shown).
  • the log output device 10 can also verify the integrity of the log file 20, the log message 20a, and the like. At this time, the log output device 10 first verifies the hash value using a public key (not shown) corresponding to the private key 60 used for the digital signature 40, and then generates a hash value from the log file 20. Finally, the integrity of the log file 20 is verified by verifying whether or not it matches the verified hash value.
  • FIG. 2 is a diagram showing an outline of a conventional log output system. Descriptions of the same configuration and processing as those of the log output system 100 described above will be omitted.
  • a conventional log output system 100-P has a log output device 10-P.
  • the process of generating the digest 30 is executed in a secure environment such as TEE or TPM directly incorporated in the log output application.
  • the log output device 10-P generates a log file 20 containing log messages 20a and the like in a log output application such as auditd (see FIG. 2(1)), and executes the contents on a secure element such as TEE.
  • the file is transferred to a secure environment, and a digest 30, which is a hash value corresponding to the log file 20, is generated within the environment (see FIG. 2(2)).
  • the log output device 10-P applies a digital signature 40 to the digest 30 with a secret key 60 that is safely stored in a TEE or the like, and returns it to the log output application (see (3) in FIG. 2).
  • the log output device 10-P outputs the digitally signed digest 50 together with the log file 20 to the storage unit 12-P, which is a storage, for storage (see (4) in FIG. 2).
  • the log generation process (Fig. 2 (1) ) and the digest generation process (see (2) in FIG. 2) are indivisible (atomic). That is, the log output device 10-P executes the process of generating the digest 30 and the like in a secure environment such as TEE or TPM that is directly incorporated into a log output application such as auditd. For this reason, the conventional log output system 100-P cannot use any log output application, so there is a problem of low versatility.
  • the conventional log output system 100-P can guarantee the same level of security as This is because, in order to prevent the above hook, it is necessary to block the operation of applications that operate with root privileges such as FUSE and fanotify. This is because the cost of taking over is no different.
  • FIG. 3 is a block diagram illustrating a configuration example of a log output device according to the first embodiment;
  • the log output device 10 has a communication section 11 , a storage section 12 and a control section 13 .
  • the log output device 10 has an input unit (for example, keyboard, mouse, etc.) for receiving various operations from the administrator of the log output device 10, and a display unit (for example, liquid crystal display, etc.) for displaying various information. You may
  • the communication unit 11 manages data communication with other devices. For example, the communication unit 11 performs data communication with each communication device. Further, the communication unit 11 can perform data communication with an operator's terminal (not shown).
  • the storage unit 12 stores various information referred to when the control unit 13 operates and various information acquired when the control unit 13 operates.
  • the storage unit 12 has a log storage unit 12a, a digest storage unit 12b, and a log/digest storage unit 12c.
  • the storage unit 12 is, for example, a RAM (Random Access Memory), a semiconductor memory device such as a flash memory, or a storage device such as a hard disk or an optical disk.
  • the storage unit 12 is installed inside the log output device 10 in the example of FIG. good.
  • the log storage unit 12a stores a log file 20.
  • the log storage unit 11a stores a log file 20 including log messages 20a generated by the generation unit 13a of the control unit 13 and the like.
  • the digest storage unit 12b stores the digest 30.
  • FIG. For example, the digest storage unit 12b stores the digest 30, which is a hash value calculated by the calculation unit 13b of the control unit 13.
  • FIG. 12b is a hash value calculated by the calculation unit 13b of the control unit 13.
  • the log/digest storage unit 12c stores the log file 20 and the digest 50 with a digital signature.
  • the log/digest storage unit 12c stores the log file 20 and the digitally signed digest 50 output by the output 13d of the control unit 13 .
  • the control unit 13 controls the entire log output device 10 .
  • the control unit 13 has a generation unit 13a, a calculation unit 13b, an addition unit 13c, an output unit 13d, and a verification unit 13e.
  • the control unit 15 is, for example, an electronic circuit such as a CPU (Central Processing Unit) or an MPU (Micro Processing Unit), or an integrated circuit such as an ASIC (Application Specific Integrated Circuit) or an FPGA (Field Programmable Gate Array).
  • the generator 13a generates a log message 20a.
  • the generation unit 13a also generates a log file 20 including log messages 20a and the like.
  • the generation unit 13a uses a log output application to generate a log file 20 in which information such as OS or application failures, defects, and warnings are recorded in chronological order.
  • the generation unit 13a stores the log file 20 including the generated log message 20a and the like in the log storage unit 12a.
  • the calculator 13b executes a hook for a predetermined event related to the log message 20a, calculates a hash value from the log message 20a, and generates a digest 30 each time the hook is hooked.
  • the calculation unit 13b calculates a hash value by updating the hash value when a new log message is generated in a predetermined secure element, and generates the digest 30 .
  • the calculation unit 13b calculates a hash value by updating the hash value each time an entry is written to the log file 20 in a secure environment such as TEE or TPM, A digest 30 is generated for each predetermined log block.
  • the calculation unit 13b executes a hook for a file open event or a file append event for the log message 20a based on an OS interface that describes the virtual file system, calculates a hash value for each hook, and generates a digest 30. do.
  • the calculation unit 13b uses a file system described by a virtual file system description interface such as FUSE to execute a hook for a file open event or a file append event for the log message 20a, and calculates a hash value for each hook. and generate a digest 30.
  • the calculation unit 13b uses a system call for monitoring file system events to hook a file open event related to the log message 20a, calculates a hash value for each hook, and generates a digest 30.
  • the calculation unit 13b uses an event monitoring system call such as fanotify to execute a hook for a file open event related to the log message 20a, calculates a hash value for each hook, and generates a digest 30.
  • the calculation unit 13b stores the generated digest 30 in the digest storage unit 12b.
  • the adding unit 13c adds an encrypted digital signature 40 to the generated digest 30.
  • the adding unit 13c adds a digital signature 40 obtained by encrypting the digest 30 using a secret key 60 held in a predetermined secure element. That is, the granting unit 13c acquires the digest 30 generated by the calculating unit 13b, generates the digital signature 40 by encrypting the digest 30 using the private key 60, and applies the digital signature 40 to the digest 30.
  • a digitally signed digest 50 is generated by the addition.
  • the output unit 13d outputs the log file 20 including the log message 20a and the digest 50 with a digital signature.
  • the output unit 13d acquires the log file 20 including the log message 20a generated by the generation unit 13a and the digest 50 with a digital signature generated by the attachment unit 13c, and stores both of them in the log/digest storage unit. 12c.
  • the output unit 13d can also store the log file 20 and the digitally signed digest 50 in a database or the like outside the log output device 10. FIG.
  • the verification unit 13e verifies the integrity of the log file 20 using the log file 20 including the log message 20a and the digest 50 with the digital signature. For example, the verification unit 13e verifies the digital signature 40 and the digest 30 using the public key corresponding to the private key 60, calculates a hash value from the log file 20, and determines that the hash value is a verified hash value (digest 30) is verified. Further, the verification unit 13e verifies the integrity of the log file 20 when the file close event related to the log file 20 is detected.
  • FIG. 4 is a diagram illustrating a specific example 1 of log output processing according to the first embodiment.
  • TEE is used as a secure environment
  • FUSE is used as a virtual file system description interface
  • the log output device 10 executes processing for outputting the log file 20 on the VFS by Syslog for collecting and recording the log file 20 .
  • the log output device 10 is a file system capable of defining various processes for the FUSE module, which is the FUSE program module, the FUSE device file (/dev/fuse), the FUSE itself, libfuse, and the log file 20.
  • the process of hooking file open events and file modification events and the process of calling the log output function (logger) in the TEE are executed by the daemon (see FIG. 4 (2)).
  • the log output device 10 executes a process of generating a digest 30, which is a hash value, and a process of adding a digital signature 40 using the TEE client API, TEE driver, TEE core, and TEE internal API (Fig. 4 ( 3) See).
  • the log output device 10 executes processing for notifying completion of the logging phase, which is a hashing process, by the log output core (see FIG. 4(4)).
  • the file system daemon passes through the generated digest 50 with a digital signature, etc., and executes the process of storing it in the storage (FIG. 4 ( 5) See).
  • the log output device 10 detects falsification or deletion of the log files 20 and digests 30 accumulated before the attack. can do.
  • the log output device 10 can directly hook an additional event or the like of an application that outputs a log using an OS interface capable of describing a virtual file system. Secondly, the log output device 10 can perform flexible processing such as obtaining a diff, which is the difference between the current file and the write buffer, when hooking a file modification event, and calculating a hash value for the modified part. Therefore, hash values can be generated even for non-appendable log files such as utmp and wtmp. Third, the log output device 10 can detect falsification early by detecting a file close event and performing an integrity check.
  • FIG. 5 and 6 are diagrams showing a specific example 2 of log output processing according to the first embodiment.
  • TEE is used as a secure environment and fanotify is used as an event monitoring system call will be described below.
  • the log output device 10 does not hook the file append event of the application that outputs the log, but hooks the file open event (FAN_OPEN_PERM) and the file read event (FAN_ACCESS_PERM). At this time, the log output device 10 especially hooks the file open event and generates the digest 30 .
  • the processing of the log output device 10 will be explained more specifically.
  • the log output device 10 permits file opening when log output processing by a legitimate application is started (see FIG. 5 (1)).
  • the log output device 10 shifts to processing of the logging phase and the first commit phase (Commit Phase) (commit 1).
  • the commit phase is a process of adding a digital signature 40 to the digest 30 generated in the logging phase and completing hashing.
  • the log file 20 is protected by commit 1 during the period up to (1) in FIG. That is, the above period is a period during which the integrity of the log file 20 is guaranteed by the commit 1 process.
  • the log output device 10 hooks the event, shifts to the processing of the logging phase and the second commit phase (commit 2), and digest 30 is generated, the above file opening is permitted (see FIG. 5(2)). That is, the log output device 10 can generate the digest 30 by catching an open event by a third party.
  • the log file 20 is protected by commit 2 during the period from (1) to (2) in FIG. That is, the above period is a period during which the integrity of the log file 20 is ensured by the commit 2 process.
  • the log output device 10 can also shift to the logging phase and commit phase processing periodically.
  • the log output device 10 shifts to the processing of the logging phase and the third commit phase (commit 3) after commit 2, and generates the digest 30 (see (4) in FIG. 5).
  • the log file 20 is protected by commit 3 during the period from (2) to (4) in FIG.
  • the above period is the period during which the integrity of the log file 20 is ensured by the commit 3 process.
  • the log output device 10 can also periodically call the logging phase as shown in FIG.
  • the log output device 10 may maintain the number of logged lines for each log file, and update the number of logged lines after executing the logging phase for those after that number of lines.
  • the log output device 10 may recognize the difference using a snapshot and execute the logging phase for the difference.
  • the log output device 10 executes a process of outputting the log file 20 on the FS by Syslog that collects and records the log file 20 . (See FIG. 6(1)).
  • the log output device 10 executes the process of hooking a file open event and the process of calling the log output function in the TEE by fanotify and the file system daemon (see FIG. 6(2)).
  • the log output device 10 executes a process of generating a digest 30, which is a hash value, and a process of adding a digital signature 40 using the TEE client API, TEE driver, TEE core, and TEE internal API (FIG.
  • the log output device 10 executes a process of notifying the completion of the logging phase, which is the hashing process, by the log output core (see (4) in FIG. 6).
  • the file system daemon passes through the generated digest 50 with a digital signature, etc., and executes the process of storing it in the storage (FIG. 6 ( 5) See).
  • the log output device 10 detects falsification and deletion of the log files 20 and digests 30 accumulated before the attack. can do.
  • the log output device 10 can generate a digest 30 by hooking a file open event by a third party or the like using a system call that monitors file system events. Secondly, the log output device 10 can detect falsification at an early stage by detecting the file close event and confirming the integrity.
  • FIG. 7 is a flowchart illustrating an example of the flow of log output processing according to the first embodiment. Note that steps S101 to S106 below can also be performed in a different order. Also, some of steps S101 to S106 below may be omitted.
  • the generation unit 13a generates the log file 20 containing the log message 20a and the like (step S101).
  • the calculation unit 13b hooks the file event of the log file 20 (step S102).
  • the calculation unit 13b calculates the hash value of the log file 20 and generates the digest 30 (step S103).
  • the granting unit 13c encrypts the digest 30 using the private key 60 to generate the digital signature 40 (step S104).
  • the adding unit 13c adds a digital signature 40 to the digest 30 to generate a digitally signed digest 50 (step S105).
  • the output unit 13d stores the log file 20 and the digitally signed digest 50 in the storage unit 12 (step S106), and ends the process.
  • the verification unit 13e may verify the integrity of the log file 20 using the log file 20 stored in the storage unit 12 and the digest 50 with a digital signature.
  • the digest 30 is generated by updating the hash value, and is sent to the secure element.
  • a digital signature 40 is given by encrypting the digest 30 using a held private key 60 . Therefore, in this process, by using TEE, TPM, etc., it is possible to effectively output a log file while maintaining the security level.
  • a file open event or file append event hook is executed based on the virtual file system description interface, and the digest 30 is generated for each hook. Therefore, in this process, by using a virtual file system description interface such as FUSE, it is possible to effectively output a log file while maintaining the security level.
  • an event monitoring system call is used to hook a file open event, and a digest 30 is generated for each hook. Therefore, in this process, an event monitoring system call such as fanotify is used to enable effective log file output while maintaining the security level.
  • the integrity of the log file 20 is verified using the log file 20 and the digest 50 with a digital signature. Therefore, in this process, it is possible to output an effective log file while maintaining the security level, and to verify the integrity of the output log file.
  • the integrity of the log file 20 is verified when a file close event is detected. Therefore, in this process, it is possible to effectively output a log file while maintaining the security level, and to effectively verify the integrity of the output log file.
  • each component of each device shown in the drawings according to the above embodiment is functionally conceptual, and does not necessarily need to be physically configured as shown in the drawing.
  • the specific form of distribution and integration of each device is not limited to the one shown in the figure, and all or part of them can be functionally or physically distributed and integrated in arbitrary units according to various loads and usage conditions. Can be integrated and configured.
  • each processing function performed by each device may be implemented in whole or in part by a CPU and a program analyzed and executed by the CPU, or implemented as hardware based on wired logic.
  • ⁇ program ⁇ It is also possible to create a program in which the processing executed by the log output device 10 described in the above embodiment is described in a computer-executable language. In this case, the same effects as those of the above embodiments can be obtained by having the computer execute the program. Further, such a program may be recorded in a computer-readable recording medium, and the program recorded in this recording medium may be read by a computer and executed to realize processing similar to that of the above embodiments.
  • FIG. 8 is a diagram showing a computer that executes a program.
  • computer 1000 includes, for example, memory 1010, CPU 1020, hard disk drive interface 1030, disk drive interface 1040, serial port interface 1050, video adapter 1060, and network interface 1070. , and these units are connected by a bus 1080 .
  • the memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012, as illustrated in FIG.
  • the ROM 1011 stores a boot program such as BIOS (Basic Input Output System).
  • Hard disk drive interface 1030 is connected to hard disk drive 1090 as illustrated in FIG.
  • Disk drive interface 1040 is connected to disk drive 1100 as illustrated in FIG.
  • a removable storage medium such as a magnetic disk or optical disk is inserted into the disk drive 1100 .
  • the serial port interface 1050 is connected to, for example, a mouse 1110 and a keyboard 1120 as illustrated in FIG.
  • Video adapter 1060 is connected to display 1130, for example, as illustrated in FIG.
  • the hard disk drive 1090 stores an OS 1091, application programs 1092, program modules 1093, and program data 1094, for example. That is, the above program is stored in, for example, the hard disk drive 1090 as a program module in which instructions to be executed by the computer 1000 are described.
  • the various data described in the above embodiments are stored as program data in the memory 1010 or the hard disk drive 1090, for example. Then, the CPU 1020 reads the program modules 1093 and program data 1094 stored in the memory 1010 and the hard disk drive 1090 to the RAM 1012 as necessary, and executes various processing procedures.
  • program module 1093 and program data 1094 related to the program are not limited to being stored in the hard disk drive 1090. For example, they may be stored in a removable storage medium and read by the CPU 1020 via a disk drive or the like. . Alternatively, the program module 1093 and program data 1094 related to the program are stored in another computer connected via a network (LAN (Local Area Network), WAN (Wide Area Network), etc.), and via the network interface 1070 It may be read by CPU 1020 .
  • LAN Local Area Network
  • WAN Wide Area Network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Debugging And Monitoring (AREA)
  • Storage Device Security (AREA)
PCT/JP2021/046125 2021-12-14 2021-12-14 ログ出力装置、ログ出力方法およびログ出力プログラム Ceased WO2023112170A1 (ja)

Priority Applications (6)

Application Number Priority Date Filing Date Title
EP21968087.3A EP4435633A4 (en) 2021-12-14 2021-12-14 LOG OUTPUT DEVICE, LOG OUTPUT METHOD, AND LOG OUTPUT PROGRAM
CN202180104958.3A CN118382862A (zh) 2021-12-14 2021-12-14 日志输出装置、日志输出方法以及日志输出程序
PCT/JP2021/046125 WO2023112170A1 (ja) 2021-12-14 2021-12-14 ログ出力装置、ログ出力方法およびログ出力プログラム
JP2023567357A JP7800561B2 (ja) 2021-12-14 2021-12-14 ログ出力装置、ログ出力方法およびログ出力プログラム
US18/719,274 US20250132924A1 (en) 2021-12-14 2021-12-14 Log output device, log output method, and log output program
AU2021477953A AU2021477953A1 (en) 2021-12-14 2021-12-14 Log output device, log output method, and log output program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/046125 WO2023112170A1 (ja) 2021-12-14 2021-12-14 ログ出力装置、ログ出力方法およびログ出力プログラム

Publications (1)

Publication Number Publication Date
WO2023112170A1 true WO2023112170A1 (ja) 2023-06-22

Family

ID=86773803

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/046125 Ceased WO2023112170A1 (ja) 2021-12-14 2021-12-14 ログ出力装置、ログ出力方法およびログ出力プログラム

Country Status (6)

Country Link
US (1) US20250132924A1 (https=)
EP (1) EP4435633A4 (https=)
JP (1) JP7800561B2 (https=)
CN (1) CN118382862A (https=)
AU (1) AU2021477953A1 (https=)
WO (1) WO2023112170A1 (https=)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009169924A (ja) * 2007-12-18 2009-07-30 Nippon Telegr & Teleph Corp <Ntt> 特徴的キーワード検出装置、特徴的キーワード検出方法、プログラムおよび記録媒体
US9754086B1 (en) * 2014-05-19 2017-09-05 Symantec Corporation Systems and methods for customizing privacy control systems
US10007795B1 (en) * 2014-02-13 2018-06-26 Trend Micro Incorporated Detection and recovery of documents that have been compromised by malware
CN111177703A (zh) * 2019-12-31 2020-05-19 青岛海尔科技有限公司 操作系统数据完整性的确定方法及装置
CN111259348A (zh) * 2020-02-20 2020-06-09 国网信息通信产业集团有限公司 一种安全运行可执行文件的方法及系统
CN111444528A (zh) * 2020-03-31 2020-07-24 海信视像科技股份有限公司 数据安全保护方法、装置及存储介质
CN113468535A (zh) * 2020-03-31 2021-10-01 华为技术有限公司 可信度量方法及相关装置

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3873557B2 (ja) * 2000-01-07 2007-01-24 株式会社日立製作所 半導体装置の製造方法
US9003548B2 (en) * 2004-04-13 2015-04-07 Nl Systems, Llc Method and system for digital rights management of documents
JP4939851B2 (ja) * 2006-06-21 2012-05-30 パナソニック株式会社 情報処理端末、セキュアデバイスおよび状態処理方法
US8572050B2 (en) * 2009-12-01 2013-10-29 International Business Machines Corporation Method and system for real time system log integrity protection
WO2016060568A1 (en) * 2014-10-13 2016-04-21 Invenia As Method and system for protecting and sharing digital data between users in a network
JP2016122917A (ja) * 2014-12-24 2016-07-07 パナソニックIpマネジメント株式会社 署名生成装置、署名検証装置、署名生成方法及び署名検証方法
US10354081B1 (en) * 2017-01-05 2019-07-16 Trend Micro Incorporated Protection of interprocess communications in a computer
US10860536B2 (en) * 2017-01-05 2020-12-08 Portworx, Inc. Graph driver layer management
US11057366B2 (en) * 2018-08-21 2021-07-06 HYPR Corp. Federated identity management with decentralized computing platforms
US20200193426A1 (en) * 2018-12-18 2020-06-18 Secude Ag Method and system for creating and updating an authentic log file for a computer system and transactions
EP3683712B1 (en) * 2019-01-16 2021-10-20 Siemens Aktiengesellschaft Protecting integrity of log data

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009169924A (ja) * 2007-12-18 2009-07-30 Nippon Telegr & Teleph Corp <Ntt> 特徴的キーワード検出装置、特徴的キーワード検出方法、プログラムおよび記録媒体
US10007795B1 (en) * 2014-02-13 2018-06-26 Trend Micro Incorporated Detection and recovery of documents that have been compromised by malware
US9754086B1 (en) * 2014-05-19 2017-09-05 Symantec Corporation Systems and methods for customizing privacy control systems
CN111177703A (zh) * 2019-12-31 2020-05-19 青岛海尔科技有限公司 操作系统数据完整性的确定方法及装置
CN111259348A (zh) * 2020-02-20 2020-06-09 国网信息通信产业集团有限公司 一种安全运行可执行文件的方法及系统
CN111444528A (zh) * 2020-03-31 2020-07-24 海信视像科技股份有限公司 数据安全保护方法、装置及存储介质
CN113468535A (zh) * 2020-03-31 2021-10-01 华为技术有限公司 可信度量方法及相关装置

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
RICCARDO PACCAGNELLAPUBALI DATTAWAJIH UL HASSANADAM BATESCHRISTOPHER W. FLETCHERANDREW MILLERDAVE TIAN: "Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution", NETWORK AND DISTRIBUTED SYSTEMS SECURITY (NDSS) SYMPOSIUM, 2020
See also references of EP4435633A4

Also Published As

Publication number Publication date
AU2021477953A1 (en) 2024-06-27
EP4435633A1 (en) 2024-09-25
CN118382862A (zh) 2024-07-23
JP7800561B2 (ja) 2026-01-16
US20250132924A1 (en) 2025-04-24
EP4435633A4 (en) 2025-09-10
JPWO2023112170A1 (https=) 2023-06-22

Similar Documents

Publication Publication Date Title
US11176255B2 (en) Securely booting a service processor and monitoring service processor integrity
US11503030B2 (en) Service processor and system with secure booting and monitoring of service processor integrity
EP3255549B1 (en) Verifiable audit log
JP6063321B2 (ja) サーバ装置およびハッシュ値処理方法
US20080313475A1 (en) Methods and systems for tamper resistant files
CN108229144A (zh) 一种应用程序的验证方法、终端设备及存储介质
JP6054225B2 (ja) 構成情報管理装置および構成情報管理方法
CN119788352B (zh) 端边设备的策略更新方法、装置、设备、介质及产品
De Carvalho et al. Secure cloud storage service for detection of security violations
JP7800561B2 (ja) ログ出力装置、ログ出力方法およびログ出力プログラム
JP6072584B2 (ja) サーバ装置およびプログラム管理方法
CN114154165A (zh) 一种安全可信监控系统及可信动态关联感知方法
US20260064890A1 (en) Training Data Provenance System and Method
US12598082B2 (en) Cryptographic method to certify retention lock status for opaque data in a backup system
US12585792B2 (en) Cryptographic method to certify retention lock status for auditing in a backup system
Van Oorschot et al. Reducing unauthorized modification of digital objects
US20260030368A1 (en) Systems, methods, and media for virtual disk devices
JP2014048984A (ja) 管理装置、管理方法及び管理プログラム
US11163909B2 (en) Using multiple signatures on a signed log
WO2026054872A1 (en) Training data provenance system and method
CN118734317A (zh) 软件产品安全防护方法、装置、设备及存储介质
JP2014192639A (ja) 端末装置および判定方法
CN121690555A (zh) 密钥的管理方法和车辆
Kemmerich et al. Generation and handling of hard drive duplicates as piece of evidence
Bates et al. Linux Provenance Modules: Trustworthy Whole-System Provenance for the Linux Kernel

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21968087

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2023567357

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 2021477953

Country of ref document: AU

Ref document number: AU2021477953

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 18719274

Country of ref document: US

Ref document number: 202180104958.3

Country of ref document: CN

WWE Wipo information: entry into national phase

Ref document number: 2021968087

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2021968087

Country of ref document: EP

Effective date: 20240617

ENP Entry into the national phase

Ref document number: 2021477953

Country of ref document: AU

Date of ref document: 20211214

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

WWP Wipo information: published in national office

Ref document number: 18719274

Country of ref document: US