Design and implementation of a secure and searchable audit logging system

İncebacak, Davut
Logs are append-only time-stamped records to represent events in computers or network devices. Today, in many real-world networking applications, logging is a central service however it is a big challenge to satisfy the conflicting requirements when the security of log records is of concern. On one hand, being kept on mostly untrusted hosts, the logs should be preserved against unauthorized modifications and privacy breaches. On the other, serving as the primary evidence for digital crimes, logs are often needed for analysis by investigators. In this thesis, motivated by these requirements we define a model which integrates forward integrity techniques with search capabilities of encrypted logs. We also implement this model with advanced cryptographic primitives such as Identity Based Encryption. Our model, in one side, provides secure delegation of search capabilities to authorized users while protecting information privacy, on the other, these search capabilities set boundaries of a user’s search operation. By this way user can not access logs which are not related with his case. Also, in this dissertation, we propose an improvement to Schneier and Kelsey’s idea of forward integrity mechanism.


Data mining for rule discovery in relatonal databases
Toprak, Serkan; Alpaslan, Ferda Nur; Department of Computer Engineering (2004)
Data is mostly stored in relational databases today. However, most data mining algorithms are not capable of working on data stored in relational databases directly. Instead they require a preprocessing step for transforming relational data into algorithm specified form. Moreover, several data mining algorithms provide solutions for single relations only. Therefore, valuable hidden knowledge involving multiple relations remains undiscovered. In this thesis, an implementation is developed for discovering mul...
Performance analysis of reliable multicast protocols
Çelik, Coşkun; Bazlamaçcı, Cüneyt Fehmi; Department of Electrical and Electronics Engineering (2004)
IP multicasting is a method for transmitting the same information to multiple receivers over IP networks. Reliability issue of multicasting contains the challenges for detection and recovery of packet losses and ordered delivery of the entire data. In this work, existing reliable multicast protocols are classified into three main groups, namely tree based, NACK-only and router assisted, and a representative protocol for each group is selected to demonstrate the advantages and disadvantages of the correspond...
Anomaly detection from personal usage patterns in web applications
Vural, Gürkan; Yöndem (Turhan), Meltem; Department of Computer Engineering (2006)
The anomaly detection task is to recognize the presence of an unusual (and potentially hazardous) state within the behaviors or activities of a computer user, system, or network with respect to some model of normal behavior which may be either hard-coded or learned from observation. An anomaly detection agent faces many learning problems including learning from streams of temporal data, learning from instances of a single class, and adaptation to a dynamically changing concept. The domain is complicated by ...
Design and implementation of a privacy framework for web servicesin the travel domain
Erkanar, Mehmet; Doğaç, Asuman; Department of Computer Engineering (2005)
A web service is a collection of functions that are packaged as a single entity and published to the network for use by other programs. Web services are building blocks for creating open distributed systems, and allow companies and individuals to quickly and cheaply make their digital assets available worldwide. With considerable interoperability, privacy management becomes an inevitable concern of the web services. Companies and individuals should be able to restrict the information available about themsel...
Design and implementation of hardware architectures for high-speed IP address lookup
Ayyildiz, Nizam; Güran, Hasan Cengiz; Schmidt, Şenan Ece; Department of Electrical and Electronics Engineering (2013)
IP address lookup modules for backbone routers should store 100Ks of entries, find the longest prefix match (LPM) for each incoming packet at 10s of Gbps line speed and support thousands of lookup table updates each second. It is desired that these updates are non-blocking, that is without disrupting the ongoing lookups. Furthermore, considering the increasing line rates and table sizes, the scalability of the design is very important. The goal of this thesis is developing hardware IP lookup architectures t...
Citation Formats
D. İncebacak, “Design and implementation of a secure and searchable audit logging system,” M.S. - Master of Science, Middle East Technical University, 2007.