A Central and Secured Logging Data Solution for Xen Virtual Machine

N.A. Quynh and Y. Takefuji (Japan)


Xen virtual machine, Linux, central logging, secured logging 1.


Logging   data   is   a   valuable   and   an   important information to reveal the attacker's activities and to recover broken system. Unfortunately, once the attacker successfully penetrates  a protected system, he never fails to either modify the logging data, or even worse, delete   them   to   cover   his   traces.  To   avoid   such   a disaster,  it  is  best  to  keep  logging   data  in  another machine   by   forwarding   them   to   a   central   logging server.   However,   this   approach   has   a   flaw:   while transmitting on network, the data could be illegally sniffed or the traffic might be secretly redirected to a malicious   machine.   This   paper   proposes   a   novel method   named  Xenlog  to   secure   logging   data   for systems run on Xen virtual machine: the solution does not use network stack to send data. Experimental and resulted tool proves that this approach is more secure than the traditional solution, while logging process is far more effective (nearly 21 times faster) and more reliable.

Important Links:

Go Back