{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:12:25Z","timestamp":1750219945375,"version":"3.41.0"},"reference-count":26,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2023,9,30]],"date-time":"2023-09-30T00:00:00Z","timestamp":1696032000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Digital Threats"],"published-print":{"date-parts":[[2023,9,30]]},"abstract":"<jats:p>Log files provide essential information regarding the actions of processes in critical computer systems. If an attacker modifies log entries, then critical digital evidence is lost. Therefore, many algorithms for secure logging have been devised, each achieving different security goals under different assumptions. We analyze these algorithms and identify their essential security features. Within a common system and attacker model, we integrate these algorithms into a single (parameterizable) \u201cmeta\u201d algorithm called LAVA that possesses the union of the security features and can be parameterized to yield the security features of former algorithms. We present a security and efficiency analysis and provide a Python module that can be used to provide secure logging for forensics and incident response.<\/jats:p>","DOI":"10.1145\/3609233","type":"journal-article","created":{"date-parts":[[2023,7,13]],"date-time":"2023-07-13T12:26:35Z","timestamp":1689251195000},"page":"1-17","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["LAVA: Log Authentication and Verification Algorithm"],"prefix":"10.1145","volume":"4","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8192-3047","authenticated-orcid":false,"given":"Edita","family":"Bajramovic","sequence":"first","affiliation":[{"name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg (FAU), Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-5073-6972","authenticated-orcid":false,"given":"Christofer","family":"Fein","sequence":"additional","affiliation":[{"name":"Albstadt-Sigmaringen University, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-3504-3471","authenticated-orcid":false,"given":"Marius","family":"Frinken","sequence":"additional","affiliation":[{"name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg (FAU), Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2324-5671","authenticated-orcid":false,"given":"Paul","family":"R\u00f6sler","sequence":"additional","affiliation":[{"name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg (FAU), Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8279-8401","authenticated-orcid":false,"given":"Felix","family":"Freiling","sequence":"additional","affiliation":[{"name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg (FAU), Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,10,6]]},"reference":[{"key":"e_1_3_1_2_1","volume-title":"Automated Counterexample-driven Audits of Authentic System Records","author":"Accorsi Rafael","year":"2008","unstructured":"Rafael Accorsi. 2008. Automated Counterexample-driven Audits of Authentic System Records. Ph.D. Dissertation. Universit\u00e4t Freiburg."},{"key":"e_1_3_1_3_1","first-page":"94","volume-title":"Proceedings of the 5th International Conference on IT Security Incident Management and IT Forensics (IMF\u201909)","author":"Accorsi Rafael","year":"2009","unstructured":"Rafael Accorsi. 2009. Safe-keeping digital evidence with secure logging protocols: State of the art and challenges. In Proceedings of the 5th International Conference on IT Security Incident Management and IT Forensics (IMF\u201909). IEEE, 94\u2013110."},{"key":"e_1_3_1_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-22633-5_8"},{"key":"e_1_3_1_5_1","volume-title":"Secure Logging in Operational Instrumentation and Control Systems","author":"Bajramovic Edita","year":"2019","unstructured":"Edita Bajramovic. 2019. Secure Logging in Operational Instrumentation and Control Systems. Ph.D. Dissertation. Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg."},{"key":"e_1_3_1_6_1","doi-asserted-by":"publisher","DOI":"10.25593\/issn.2191-5008\/CS-2019-01"},{"key":"e_1_3_1_7_1","volume-title":"Forward Integrity for Secure Audit Logs","author":"Bellare Mihir","year":"1997","unstructured":"Mihir Bellare and Bennet Yee. 1997. Forward Integrity for Secure Audit Logs. Volume 184, Technical Report. Computer Science and Engineering Department, University of California at San Diego."},{"key":"e_1_3_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-36563-X_1"},{"key":"e_1_3_1_9_1","article-title":"Secure logging with syslog-ng: Tamper evidence and confidentiality","author":"Blass Erik-Oliver","year":"2020","unstructured":"Erik-Oliver Blass and Stephan Marvedel. 2020. Secure logging with syslog-ng: Tamper evidence and confidentiality. In Proceedings of the Free and Open source Software Developers\u2019 European Meeting (FOSDEM\u201920).","journal-title":"Proceedings of the Free and Open source Software Developers\u2019 European Meeting (FOSDEM\u201920)"},{"key":"e_1_3_1_10_1","first-page":"1","volume-title":"Proceedings of the IEEE Conference on Communications and Network Security (CNS\u201917)","author":"Blass Erik-Oliver","year":"2017","unstructured":"Erik-Oliver Blass and Guevara Noubir. 2017. Secure logging with crash tolerance. In Proceedings of the IEEE Conference on Communications and Network Security (CNS\u201917). IEEE, 1\u201310."},{"key":"e_1_3_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15260-3"},{"key":"e_1_3_1_12_1","first-page":"203","volume-title":"Workshop on the Theory and Application of of Cryptographic Techniques","author":"Damg\u00e5rd Ivan Bjerre","year":"1988","unstructured":"Ivan Bjerre Damg\u00e5rd. 1988. Collision free hash functions and public key signature schemes. In Workshop on the Theory and Application of of Cryptographic Techniques. Springer, Berlin Heidelberg, 203\u2013216."},{"key":"e_1_3_1_13_1","first-page":"65","volume-title":"Proceedings of the 11th International Conference on IT Security Incident Management & IT Forensics","author":"Freiling Felix","year":"2018","unstructured":"Felix Freiling and Edita Bajramovic. 2018. Principles of secure logging for safekeeping digital evidence. In Proceedings of the 11th International Conference on IT Security Incident Management & IT Forensics, Harald Baier, Christian Keil, Klaus-Peter Kossakowski, and Holger Morgenstern (Eds.). IEEE, Los Alamitos, CA, 65\u201375."},{"key":"e_1_3_1_14_1","doi-asserted-by":"publisher","DOI":"10.17487\/rfc5424"},{"key":"e_1_3_1_15_1","doi-asserted-by":"publisher","DOI":"10.1137\/0217017"},{"key":"e_1_3_1_16_1","first-page":"203","volume-title":"Proceedings of the Australasian Workshops on Grid Computing and e-Research - Volume 54 (ACSW Frontiers\u201906)","author":"Holt Jason E.","year":"2006","unstructured":"Jason E. Holt. 2006. Logcrypt: Forward security and public verification for secure audit logs. In Proceedings of the Australasian Workshops on Grid Computing and e-Research - Volume 54 (ACSW Frontiers\u201906). Australian Computer Society, Inc., Darlinghurst, Australia, 203\u2013211."},{"key":"e_1_3_1_17_1","first-page":"3033","volume-title":"Proceedings of the IEEE International Conference on Big Data (Big Data\u201918)","author":"Huang Jiansen","year":"2018","unstructured":"Jiansen Huang, Hui Li, and Jiyang Zhang. 2018. Blockchain based log system. In Proceedings of the IEEE International Conference on Big Data (Big Data\u201918). IEEE, 3033\u20133038."},{"key":"e_1_3_1_18_1","volume-title":"Signed Syslog Messages","author":"Kelsey John","year":"2010","unstructured":"John Kelsey, Jon Callas, and Alexander Clemm. 2010. Signed Syslog Messages. Internet Request for Comments RFC 5848. Internet Engineering Task Force."},{"key":"e_1_3_1_19_1","unstructured":"LAVA project team. 2023. LAVA Code. Retrieved from https:\/\/faui1-gitlab.cs.fau.de\/felix.freiling\/lava-code"},{"key":"e_1_3_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3331001"},{"key":"e_1_3_1_21_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC3164"},{"key":"e_1_3_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1502777.1502779"},{"key":"e_1_3_1_23_1","unstructured":"Joachim Metz. 2016. Windows XML Event log (EVTX) Format. Retrieved from https:\/\/github.com\/libyal\/libevtx\/blob\/master\/documentation\/Windows%20XML%20Event%20Log%20(EVTX).asciidoc"},{"key":"e_1_3_1_24_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101602"},{"key":"e_1_3_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/317087.317089"},{"key":"e_1_3_1_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2007.06.015"},{"key":"e_1_3_1_27_1","volume-title":"TPM Main Specification","author":"Group Trusted Computing","year":"2005","unstructured":"Trusted Computing Group. 2005. TPM Main Specification. Main Specification Version 1.2 rev. 85. Trusted Computing Group."}],"container-title":["Digital Threats: Research and Practice"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3609233","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3609233","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:48:58Z","timestamp":1750182538000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3609233"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,9,30]]},"references-count":26,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2023,9,30]]}},"alternative-id":["10.1145\/3609233"],"URL":"https:\/\/doi.org\/10.1145\/3609233","relation":{},"ISSN":["2692-1626","2576-5337"],"issn-type":[{"type":"print","value":"2692-1626"},{"type":"electronic","value":"2576-5337"}],"subject":[],"published":{"date-parts":[[2023,9,30]]},"assertion":[{"value":"2023-06-02","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-06-26","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-10-06","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}