Secure management of logs in an organisational grid environment is often considered a task of low priority. However, it must be rapidly upgraded when the logs have security properties in their own right. We explore several use cases where log integrity and confidentiality are essential, and propose log generation and reconciliation architectures in which both are ensured. We use a combination of trusted computing and virtualization to enable blind log analysis, allowing users to see the results of legitimate queries, while still withholding access to privileged raw data.
Some of the novel paradigms discovered in this work will be generalised and used to design trustable grid architectures where the participants are capable of verifying others’ security configurations as well as reporting their own.
