Advances, Systems and Applications
Threat | Attack method | Protection | Anti-forensic attacks | |
---|---|---|---|---|
type 1 | type 2 | |||
Spoofing | Pretending someone in VMs | Authentication on guest OS | ✓ | |
Tampering | Incorrect timestamps | Memory forensics | ✓ | |
Tampering with LogDrive database | Secure audit log | ✓ | ||
Repudiation | Changing a few bits of a file | Similarity digest hash | ✓ | |
Collision attacks | Collision resistant hash algorithm | ✓ | ||
Cryptography and steganography | Data recovery tools, memory forensics | ✓ | ||
Information disclosure | Stealing LogDrive database | Protection of TCB | ✓ | |
Denial of service | Overflowing logs | Throughput control of LogDrive | ✓ | |
Elevation of privilege | Taking control of LogDrive | Protection of TCB | ✓ |