Method, computer program product, and data processing system for source verifiable audit logging
First Claim
1. A method of logging audit events in a data processing system, the method comprising the computer implemented steps of:
- writing a sequence of audit records including a final audit record to a first log file stored by a data processing system;
calculating a respective first hash value of each audit record;
responsive to calculating each respective first hash value, calculating a corresponding second hash value from the first hash value and a value of a register associated with the data processing system;
writing the second hash value to the register;
responsive to closing the first log file, opening a second log file; and
writing, to a first record of the second log file, a final second hash value corresponding to a first hash value of the final audit record.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, computer program product, and a data processing system for logging audit events in a data processing system. A sequence of audit records including a final audit record are written to a first log file stored by a data processing system. A respective first hash value of each audit record is calculated. Responsive to calculating each respective first hash value, a corresponding second hash value is calculated from the first hash value and a value of a register associated with the data processing system. The second hash value is written to the register. A second log file is opened in response to closing the first log file. A final second hash value corresponding to a first hash value of the final audit record is written to a first record of the second log file.
89 Citations
20 Claims
-
1. A method of logging audit events in a data processing system, the method comprising the computer implemented steps of:
-
writing a sequence of audit records including a final audit record to a first log file stored by a data processing system;
calculating a respective first hash value of each audit record;
responsive to calculating each respective first hash value, calculating a corresponding second hash value from the first hash value and a value of a register associated with the data processing system;
writing the second hash value to the register;
responsive to closing the first log file, opening a second log file; and
writing, to a first record of the second log file, a final second hash value corresponding to a first hash value of the final audit record. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for verifying a source of a log file, the method comprising the computer implemented steps of:
-
iteratively calculating a respective first hash value of a plurality of records of a first log file;
responsive to calculating the respective first hash value, calculating a corresponding second hash value from the first hash value and a second value;
responsive to calculating each second hash value, storing the second hash value as the second value;
responsive to calculating a first hash value and a corresponding second hash value for a final record of the plurality of records, comparing the second hash value of the final record to a value stored in a record of a second log file. - View Dependent Claims (8, 9)
-
-
10. A computer program product in a computer readable medium for recording audit events, the computer program product comprising:
-
first instructions for writing a first sequence of records to a first log file and for writing a second sequence of records to a second log file, wherein the records of the first sequence include a final record;
second instructions for calculating a respective first hash value of each record of the first sequence;
third instructions for calculating a second hash value from the first hash value of the final record, wherein the second hash value is calculated from a hash of the first hash value of the final record and a value of a register; and
fourth instructions for writing the second hash value of the final record to a record of the second log file. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A data processing system for recording audit events, comprising:
-
a memory that contains a first audit log file and an auditing application as a set of instructions;
a trusted platform module having a platform configuration register; and
a processing unit, responsive to execution of the set of instructions, for calculating a hash value of an audit record written to the first audit log file and that extends a value of the platform configuration register with the hash value, wherein the processing unit, responsive to closing the first log file, identifies a final value of the platform configuration register and writes the final value to a second audit log file. - View Dependent Claims (17, 18, 19, 20)
-
Specification