CAJ | 학술논문

保护日志免遭攻击对于入侵检测和取证具有重要的意义。本文分析了现有日志保护技术的局限性，提出了基于可信计算的安全日志系统。该系统利用嵌入式安全模块ESM（Embedded Security Module）保护日志，使得在系统遭到成功入侵的情况下，仍然可以防止入侵者修改、删除、甚至查看日志。
보호일지면조공격대우입침검측화취증구유중요적의의。본문분석료현유일지보호기술적국한성，제출료기우가신계산적안전일지계통。해계통이용감입식안전모괴ESM（Embedded Security Module）보호일지，사득재계통조도성공입침적정황하，잉연가이방지입침자수개、산제、심지사간일지。
Protect the logs from attack of great significance for intrusion detection and forensics.This paper analyzes the technical limitations of existing log protection,based on trusted computing security log system.The system uses an embedded security module,ESM （Embedded Security Module） to protect the log,making the system has been successful invasion of the case,can still prevent an intruder to modify, delete,or even view the log.