logging mechanism nonrepudiability metrics
TRANSCRIPT
![Page 1: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/1.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Logging Mechanism Nonrepudiability Metrics
Jason King
Computer Science PhD Student
![Page 2: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/2.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
![Page 3: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/3.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Repudiation Threats Users can deny performing an action without other parties having any way to prove otherwise
![Page 4: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/4.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Nonrepudiation • Counter repudiation threats • Secure activity logs
– Includes events that create, delete, view, modify sensitive data
– Includes security events – Protects log entries from being altered
![Page 5: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/5.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Research Objective
• Improve integrity of logging mechanisms •Mitigate repudiation threats • Developing and validating a set of security
metrics
![Page 6: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/6.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Logging Mechanism References •Healthcare •Payment Card Industry •Research Articles
![Page 7: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/7.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Electronic Health Record System OpenEMR Example
![Page 8: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/8.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Electronic Health Record System PatientOS Example
![Page 9: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/9.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Electronic Health Record System OpenEMR Immutability
![Page 10: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/10.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Attributes of Nonrepudiation
• Data transactions logged • Security actions logged • Log entry content • Software-driven immutability
• Timestamp reliability • Log retention • Log backups • Policy-driven immutability
![Page 11: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/11.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Data Transactions Logged
Derive from requirements specification
Create View
Delete
Modify
Import
Query Export
![Page 12: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/12.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Natural Language Processing of Functional Requirements
Subject Verb Direct Object A doctor creates prescriptions A patient views allergy information A doctor modifies office visit notes
[Subject] [Verb] [Direct Object]
![Page 13: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/13.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Data Transactions Logged Example
Health Care Personnel can modify or delete the fields of the office visit [prescriptions, laboratory procedures, referrals,
diagnoses, and/or immunizations]. Data Element Create View Modify Delete
Prescription X X
Lab Procedure X X
Referral X X
Diagnoses X X
Immunization X X
![Page 14: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/14.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Security Actions Logged Login Logout
Revoke Privilege
Grant Privilege
System Backup
Access Audit Log Initialize Audit Log
System Restore Session Timeout
Account Lockout Print …
![Page 15: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/15.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Required for Nonrepudiation Additional Content Timestamp Source Machine ID User identification Success/Failure Flag Description of the event ID of affected data Identify of whose data accessed Reason for access
Log Entry Content Data captured for each log entry
![Page 16: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/16.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Logging Mechanism Evaluation
Software User Actions Log Output
![Page 17: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/17.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Software-driven Immutability
• Tampering with log files should be detectable – Serialization/digital signatures of log files – Provenance tracking of data writes
![Page 18: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/18.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Preliminary EHR Evaluation
0%
25%
50%
75%
100% Data Transactions Logged
Security Actions Logged
Log Entry Content
Software-based Immutability
OpenEMR v4.1.1
![Page 19: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/19.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Preliminary EHR Evaluation
0%
25%
50%
75%
100%
Data Transactions Logged
Security Actions Logged
Log Entry Content
Software-based Immutability
OpenEMR v4.1.1 PatientOS v1.3
![Page 20: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/20.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Collaboration
Requirement artifacts
Software access for black-box testing
Log Output
![Page 21: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/21.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Collaboration
Requirement artifacts
Software access for black-box testing
Log Output
Logging strengths
Logging weaknesses
Functional logging requirements
Mitigate repudiation threats
![Page 22: Logging Mechanism Nonrepudiability Metrics](https://reader031.vdocuments.site/reader031/viewer/2022013000/61c91d92a20b8b3eaf76b378/html5/thumbnails/22.jpg)
Science of Security Lablet
Security Metrics-Driven Evaluation, Design, Development, & Deployment
Logging Mechanism Nonrepudiability Metrics
Jason King
Computer Science PhD Student