Speed-efficient encryption of log message databases

OData support
Bányász Gábor
Department of Automation and Applied Informatics

In today's computer systems, several hundreds of thousands of events may occur in a second. An event, can be for example a failed login attempt, an unexpected termination of a process, a change of a particular configuration file, an incoming client connection or any other condition or change that can be detected by software. A proper description and reliable logging of these events is an essential requirement against all modern IT systems. Often times, logged events (log messages) may contain sensitive, confidential information, the protection of which requires cryptographic solutions too. The goal of this paper is to examine the problem of information leakage in the context of log messages through a generalized and an actual threat model, to overview attack schemes and interfaces, the possible defensive countermeasures, to identify security and performance requirements, and also, to analyze a real application, BalaBit's syslog-ng Store Box logging software in detail, focusing on the security of log message storage and data access. Furthermore, the challenges of the encryption of indices -- that are intended to accelerate search queries -- are examined, also a possible solution for efficient log database index file encryption for syslog-ng Store Box is presented.


Please sign in to download the files of this thesis.