Secure event log management

摘要

A trusted device includes a secure interface and a host interface, the secure interface being isolated from the host interface by an isolated environment. A write file of the host interface receives an entry from an untrusted host device connected to the trusted device. A processor of the isolated environment retrieves the entry and determines log data associated with the entry, such as the date and time of the entry. Using the log data, the processor records an event log entry in a secure storage of the isolated environment. Once recorded, the entry cannot be deleted or altered. An authorized user, however, can then access the event log entry from the secure storage, such as by providing a request for the event log entry via the secure interface of the trusted device and/or the host interface of the trusted device.

主权项

1. A computer-implemented method to manage event logs, comprising:
receiving, by a trusted computing device associated with a host computing device, a write-file entry into a write file of a host interface of the trusted computing device; in response to receiving the write-file entry, determining, by the trusted computing device, log data associated with the write-file entry; establishing, by the trusted computing device and in an isolated environment of the trusted computing device that is not directly accessible to the host computing device, an event log entry based on the determined log data; and recording, by the trusted computing device, the event log entry in an append-only event log in a secure storage of the isolated environment, wherein the entries in an append-only event log cannot be changed or altered once into the log.