Logging Mechanism Nonrepudiability Metrics

Science of Security Lablet

Security Metrics-Driven Evaluation, Design, Development, & Deployment

Jason King

Computer Science PhD Student

Repudiation Threats Users can deny performing an action without other parties having any way to prove otherwise

Nonrepudiation • Counter repudiation threats • Secure activity logs

– Includes events that create, delete, view, modify sensitive data

– Includes security events – Protects log entries from being altered

Research Objective

• Improve integrity of logging mechanisms •Mitigate repudiation threats • Developing and validating a set of security

metrics

Logging Mechanism References •Healthcare •Payment Card Industry •Research Articles

Electronic Health Record System OpenEMR Example

Electronic Health Record System PatientOS Example

Electronic Health Record System OpenEMR Immutability

Attributes of Nonrepudiation

• Data transactions logged • Security actions logged • Log entry content • Software-driven immutability

• Timestamp reliability • Log retention • Log backups • Policy-driven immutability

Data Transactions Logged

Derive from requirements specification

Create View

Delete

Modify

Import

Query Export

Natural Language Processing of Functional Requirements

Subject Verb Direct Object A doctor creates prescriptions A patient views allergy information A doctor modifies office visit notes

[Subject] [Verb] [Direct Object]

Data Transactions Logged Example

Health Care Personnel can modify or delete the fields of the office visit [prescriptions, laboratory procedures, referrals,

diagnoses, and/or immunizations]. Data Element Create View Modify Delete

Prescription X X

Lab Procedure X X

Referral X X

Diagnoses X X

Immunization X X

Security Actions Logged Login Logout

Revoke Privilege

Grant Privilege

System Backup

Access Audit Log Initialize Audit Log

System Restore Session Timeout

Account Lockout Print …

Required for Nonrepudiation Additional Content Timestamp Source Machine ID User identification Success/Failure Flag Description of the event ID of affected data Identify of whose data accessed Reason for access

Log Entry Content Data captured for each log entry

Logging Mechanism Evaluation

Software User Actions Log Output

Software-driven Immutability

• Tampering with log files should be detectable – Serialization/digital signatures of log files – Provenance tracking of data writes

Preliminary EHR Evaluation

100% Data Transactions Logged

Security Actions Logged

Log Entry Content

Software-based Immutability

OpenEMR v4.1.1

Preliminary EHR Evaluation

Data Transactions Logged

Security Actions Logged

Log Entry Content

Software-based Immutability

OpenEMR v4.1.1 PatientOS v1.3

Collaboration

Requirement artifacts

Software access for black-box testing

Log Output

Collaboration

Requirement artifacts

Software access for black-box testing

Log Output

Logging strengths

Logging weaknesses

Functional logging requirements

Mitigate repudiation threats

Logging Mechanism Nonrepudiability Metrics

Jason King

Computer Science PhD Student

Logging Mechanism Nonrepudiability Metrics

Documents

Elasticsearch 의 한글 검색 활용 · 2019-08-08 · Elasticsearch Store, Search, & Analyze Kibana Visualize & Manage Beats Logstash Ingest Metrics Logging APM Site Search Application

TIBCO Business Studio™ · Presentation Channel Settings 86 Port Settings for Preview 87 Logging 87 Locale 88 Logging Level 88 Reload 89 Performance Metrics 89 View Datastore Data

Logging Instrumentation Dashboards Alerts - for developersInstrumentation Most often forgotten Concerned with metrics •(Timestamp, value) tuples •Events & values •Dimensions

Logging Mechanism - Cisco - Global Home Page · Step 1 ChooseAdministration>System>Logging>LoggingCategories. Step 2 Clicktheradiobuttonnexttothecategorythatyouwanttoedit,andclickEdit

TAKING DISTRIBUTED TRACING - JAX London · 2019-11-05 · taking distributed tracing to the next level. metrics logging tracing. observability. logging . ... tooling landscape. goal:

Automating Anomaly Detection - Dongyu Zheng · Automating Anomaly Detection Dongyu Zheng Search Logging & Metrics, Yelp Inc. d28zheng@edu.uwaterloo.ca 1 Introduction The Search Logging

Elasticsearch Best Practice Architecture The webinar will ... · Store, Search, & Analyze Elasticsearch Kibana Visualize & Manage Beats Ingest Logstash Metrics Logging APM Site Search

The Operations Trifecta Logging, Metrics, and APM · • Elasticsearch 1.0 evolves to support a columnar store (built on top of Lucene “doc values”) ... Suricata, Sysmon,…)

PrProductionoduction Logging Logging TToolsools

Nursing & Midwifery Quality Care-Metrics (QCM): A National ... · Metrics in HSE (Ireland) ... enabling action planning for quality improvement and provide a mechanism by which care

Denver, CO Cloud Foundry Logging and Metrics Kira Combs · © 2014 Pivotal Software, Inc. All rights reserved. 1 Whose Metric is it Anyway Kira Combs Cloud Foundry Logging and Metrics

Mud Logging Introduction Without Mud Logging Knowledge

Operations - Cisco · XenMobile AppController Operations MDM Reports Cisco ISE provides a logging mechanism that is used for auditing, fault management, and troubleshooting. Several

Volta: Logging, Metrics, and Monitoring as a Service

Semantic Logging: Avoiding the Logging Chaos

Dropwizard* - nimret › seajug › past › 2012 › sep › slides.pdf · “DropwizardhasoutofStheSbox* supportforsophisOcated conﬁguraon,applicaonmetrics,* logging,operaonaltools,andmuch*

Containers and Logging - events.static.linuxfound.org · Containers and Logging Challenges and Solutions Eduardo Silva (@edsiper) LinuxCon Europe 2016. Logging. Logging Monitoring

Logging & Metrics with Docker

Open Source Logging and Metrics Tools

Logging Configuration - Cisco€¦ · Logging Configuration Thefollowingdescribeshowtoenableauditandeventloggingonthecontroller. • LoggingConfigurationOverview,page1 Logging Configuration