Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Pseudonymizing Unix Log Files

  • Conference paper
  • First Online:
Infrastructure Security (InfraSec 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2437))

Included in the following conference series:

  • 837 Accesses

Abstract

Unix systems in many cases record personal data in log files. We present tools that help in practice to retrofit privacy protection into existing Unix audit systems. Our tools are based on an approach to pseudonymizing Unix log files while balancing user requirements for anonymity and the service provider’s requirements for accountability. By pseudonymizing identifying data in log files the association between the data and the real persons is hidden. Only upon good cause shown, such as a proceeding attack scenario, the identifying data behind the pseudonyms can be revealed. We develop a trust model as well as an architecture that integrates seamlessly with existing Unix systems. Finally, we provide performance measurements demonstrating that the tools are sufficiently fast for use at large sites.

This work is currently partially funded by the German Research Council (DFG) under grant number Bi 311/10-2.

Processing, in relation to personal data, covers virtually the entire data life cycle from collection, through to erasure of the data when no longer required.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ulrich Flegel. Pseudonymizing Unix log files. Technical report, Dept. of Computer Science, Chair VI Information Systems and Security, University of Dortmund, D-44221 Dortmund, May 2002. Extended version of this paper. http://ls6-www.cs.uni-dortmund.de/issi/archive/literature/2002/Flegel:2002a.ps.gz.

  2. Joachim Biskup and Ulrich Flegel. On pseudonymization of audit data for intrusion detection. In Hannes Federrath, editor, Proceedings of the international Workshop on Design Issues in Anonymity and Unobservability, number 2009 in LNCS, pages 161–180, Berkeley, California, July 2000. ICSI, Springer.

    Google Scholar 

  3. Joachim Biskup and Ulrich Flegel. Transaction-based pseudonyms in audit data for privacy respecting intrusion detection. In Hervé Debar, Ludovic Mé, and S. Felix Wu, editors, Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection (RAID 2000), number 1907 in LNCS, pages 28–48, Toulouse, France, October 2000. Springer.

    Google Scholar 

  4. Joachim Biskup and Ulrich Flegel. Threshold-based identity recovery for privacy enhanced applications. In Sushil Jajodia and Pierangela Samarati, editors, Proceedings of the 7th ACM Conference on Computer and Communications Security, pages 71–79, Athens, Greece, November 2000. ACM SIGSAC, ACM Press.

    Google Scholar 

  5. Louis Harris & Associates Inc. IBM multi-national consumer privacy survey. Technical Report 938568, IBM Global Services, 1999.

    Google Scholar 

  6. Jarek Rossignac et al. GVU’s 10thWWW User Survey, December 1998. http://www.cc.gatech.edu/gvu/user surveys/survey-1998-10/graphs/graphs.html#privacy.

  7. Steven R. Johnston. The impact of privacy and data protection legislation on the sharing of intrusion detection information. In Lee et al. [28], pages 150–171.

    Google Scholar 

  8. National Computer Security Center. US DoD Standard: Department of Defense Trusted Computer System Evaluation Criteria. DOD 5200.28-STD, Supercedes CSC-STD-001-83, dtd 15 Aug 83, Library No. S225,711, December 1985. http://csrc.ncsl.nist.gov/secpubs/rainbow/std001.txt.

  9. National Computer Security Center. Audit in trusted systems. NCSC-TG-001, Library No. S-228,470, July 1987. http://csrc.ncsl.nist.gov/secpubs/rainbow/tg001.txt.

  10. Common Criteria Implementation Board. Common Criteria for Information Technology Security Evaluation — Part 2: Security functional requirements, Version 2.1. Number CCIMB-99-032. National Institute of Standards and Technology, August 1999. http://csrc.ncsl.nist.gov/cc/ccv20/p2-v21.pdf.

  11. C. Lonvick. RFC 3164: The BSD syslog Protocol, August 2001. http://www.ietf.org/rfc/rfc3164.txt.

  12. Martin Roesch. Snort-lightweight intrusion detection for networks. In Proceedings of LISA’99: 13th Systems Administration Conference, pages 229–238, Seattle, Washington, November 1999. The Usenix Association, Usenix.

    Google Scholar 

  13. Giovanno Vigna, Richard A. Kemmerer, and Per Blix. Designing a web of highly-configurable intrusion detection sensors. In Lee et al. [28], pages 69–84.

    Google Scholar 

  14. A. Shamir. How to share a secret. Communications of the ACM, 22:612–613, 1979.

    Article  MATH  MathSciNet  Google Scholar 

  15. Torbjörn Granlund. The GNU Multiple Precision Arithmetic Library. GNU, 3.1.1 edition, September 2000. http://www.gnu.org/manual/gmp/index.html.

  16. Claudia Eckert and Alexander Pircher. Internet anonymity: Problems and solutions. In Michel Dupuy and Pierre Paradinas, editors, Proceedings of the IFIP TC11 16th International Conference on Information Security (IFIP/Sec’01), pages 35–50, Paris, France, June 2001. IFIP, Kluwer Academic Publishers.

    Google Scholar 

  17. Simone Fischer-Hübner. IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms. Number 1958 in Lecture Notes in Computer Science. Springer, 2001.

    MATH  Google Scholar 

  18. Oliver Berthold, Hannes Federrath, and Marit Köhntopp. Project “Anonymity and unobservability in the internet”. In Proceedings of the Workshop on Freedom and Privacy by Design / Conference on Freedom and Privacy, pages 57–65, Toronto, Canada, April 2000. ACM.

    Google Scholar 

  19. Michael Sobirey, Simone Fischer-Hübner, and Kai Rannenberg. Pseudonymous audit for privacy enhanced intrusion detection. In L. Yngström and J. Carlsen, editors, Proceedings of the IFIP TC11 13th International Conference on Information Security (SEC’97), pages 151–163, Copenhagen, Denmark, May 1997. IFIP, Chapman & Hall, London.

    Google Scholar 

  20. Emilie Lundin and Erland Jonsson. Anomaly-based intrusion detection: privacy concerns and other problems. Computer Networks, 34(4):623–640, October 2000.

    Article  Google Scholar 

  21. Roland Büschkes and Dogan Kesdogan. Privacy enhanced intrusion detection. In Günter Müller and Kai Rannenberg, editors, Multilateral Security in Communications, Information Security, pages 187–204. Addison Wesley, 1999.

    Google Scholar 

  22. George Davida, Yair Frankel, Yiannis Tsiounis, and Moti Yung. Anonymity control in e-cashsystems. In R. Hirschfeld, editor, Proceedings of the First International Conference on Financial Cryptography (FC’97), number 1318 in Lecture Notes in Computer Science, pages 1–16, Anguilla, British West Indies, February 1997. Springer.

    Google Scholar 

  23. Jaques Traoré. Group signatures and their relevance to privacy-protecting offline electronic cashsystems. In J. Pieprzyk, R. Safavi-Naini, and J. Seberry, editors, Proceedings of the 4th Australasian Conference on Information Security and Privacy (ACISP’99), number 1587 in Lecture Notes in Computer Science, pages 228–243, Wollongong, NSW, Australia, April 1999. Springer.

    Google Scholar 

  24. Wenke Lee, Ludovic Mé, and Andreas Wespi, editors. Proceedings of the Fourth International Workshop on Recent Advances in Intrusion Detection (RAID 2001), number 2212 in LNCS, Davis, California, October 2001. Springer.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Dortmund, D-44221, Dortmund, Germany

    Ulrich Flegel

Authors
  1. Ulrich Flegel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Wisconsin-Milwaukee, 53201, Milwaukee, WI, USA

    George Davida

  2. TechTegrity LLC, P.O. Box 2125, 07091, Westfield, NJ, USA

    Yair Frankel

  3. Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, BS34 8QZ, Bristol, UK

    Owen Rees

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Flegel, U. (2002). Pseudonymizing Unix Log Files. In: Davida, G., Frankel, Y., Rees, O. (eds) Infrastructure Security. InfraSec 2002. Lecture Notes in Computer Science, vol 2437. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45831-X_12

Download citation

  • DOI: https://doi.org/10.1007/3-540-45831-X_12

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44309-4

  • Online ISBN: 978-3-540-45831-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation