关键词: 安全审计, 连续多版本, 审计跟踪记录, 增量Hash, 防篡改硬件

Abstract: With the trend of more and more recent federal, state and local legislation mandating the retention and access of electronic records and audit information, the security audit of digital data becomes more and more important. The key requirement of the digital audit is to generate verifiable audit trails on the change of electronic records. Current systems for compliance with digital audit legislation fail to provide the security and trustworthiness of audit trails in the presence of a powerful insider adversary. A continuous versioning-based auditable file system, CV-AFS, is presented. All changes to data are recorded and the system will construct a data history through continuous versioning. A trusted audit agent is introduced to generate corresponding audit trails. At a later time, an auditor may verify the version history of a file according to the audit trails, and thus important data can be protected against insider attacks. The overhead of generating audit trails is reduced through the use of incremental and parallelizable Hash construction. The authors have implemented a prototype of CV-AFS in the ext3cow versioning file system based on Linux and evaluated its performance. Postmark benchmark test shows that the time overhead of CV-AFS is reduced by 43.5% compared with traditional serial Hash construction.

Key words: security audit, continuous versioning, audit trails, incremental Hash construction, tamper-resistant hardware