Abstract
Audit is an important aspect of good security and business practice; however, current solutions are not supportive of electronic data and processes. This paper describes an audit service that both acts as a central place for logging from heterogeneous IT systems and a place to search and check the audit data. Notarisation structures enabling a user to check the integrity of audit records and subsets of the audit chain relating to their transactions have been developed. The audit system uses a secure hardware device to create an alternative trust domain in which to run processes, maintaining the integrity of the audit trail whilst allowing it to be tightly integration and co-located with the overall IT infrastructure.
Similar content being viewed by others
References
Haber S, Stornetta WS (1991) How to time-stamp a digital document. J Cryptol 3:99–111
Bayer D, Haber S, Stornetta WS (1993) Improving the efficiency and reliability of digital time-stamping. In: Capocelli RM, De Santis A, Vaccaro U (eds) Sequences II: Methods in communication, security, and computer science. Springer, Berlin Heidelberg New York, pp 329–334
Merkle RC (1980) Protocols for public key cryptography. In: IEEE symposium on security and privacy, pp 122–134
Merkle RC (1989) A certified digital signature. In: Advances in Cryptology
Bellare M, Yee B (2003) Forward-security in private-key cryptography. In: Joye M (ed) Topics in Cryptology – CT-RSA 03. Lecture notes in computer science, vol 2612. Springer, Berlin Heidelberg New York
Bellare M, Yee B (1997) Forward integrity for audit logs. Technical report, UCSD tech report
Schneier B, Kelsey J (1998) Cryptographic support for secure logs on untrusted machines. In: Proceedings of the 7th USENUX security symposium
Baldwin A (2004) Enhanced accountability for electronic processes. In: 2nd international conference on trust management. Lecture notes in computer science, vol . Springer, Berlin Heidelberg New York
Buldas A, Laud P, Lipmaa H, Villemson J (1998) Time-stamping with binary linking schemes. In: Krawczyk H (ed) Advances on Cryptology – CRYPTO ’98, Santa Barbara, CA. Lecture notes in computer science, vol 1462. Springer, Berlin Heidelberg New York, pp 486–501
Schneier B (1996) Applied cryptography, 2nd edn: Protocols, algorithms and source code in C. Wiley, NewYork
Adams C, Cain P, Pinkas D, Zuccherato R (2001) Rfc 3161 Internet x.509 public key infrastructure time stamp protocol (tsp). http://www.ietf.org/rfc/rfc3161.txt
Pearson S (ed) (2002) Trusted computing platforms: TCPA technology in context. HP Books, Prentice Hall, Englewood Cliffs, NJ
Baldwin A, Shiu S (2003) Hardware encapsulation of security services. In: Compter Security: Proceedings of ESORICS 2003. Lecture notes in computer science, vol 2808. Springer, Berlin Heidelberg New York
Ferreira A, Shiu S, Baldwin A (2003) Towards secure electronic patient records. In: 1st MEDINF international conference on medical informatics and engineering
Baldwin A, Shiu S (2002) Encryption and key management in a san. In: IEEE workshop on security in storage (SISW02)
Baldwin A, Shiu S (2003) Hardware security appliances for trust. In: 1st international conference on trust management. Lecture notes in computer science, vol 2692. Springer, Berlin Heidelberg New York
FIPS (2001) Security requirements for cryptographic modules. fips 140-2. http://csrc.nist.gov/cryptval/140-2.htm
Smith SW, Palmer ER, Weingart S (1998) Using a high performance programmable secure coprocessor. In: 2nd international conference on financial cryptography. Lecture notes in computer science, vol . Springer, Berlin Heidelberg New York
Itoi N (2000) Secure coprocessor integration with kerberos V5. In: Usenix security symposium, pp 113–128
Smith SW, Safford D (2000) Practical private information retrieval with secure coprocessors. Technical report, IBM Research TJ Watson Research Center, Yorktown Heights, NY. http://www.research.ibm.com/secure_systems_department/projects/scop/papers/rc21806.pdf
Casassa Mont M, Bramhall P, Harrison K (2003) A flexible role-based secure messaging service: Exploiting ibe technology for privacy in health care. In: DEXA Workshops. IEEE Press, New York
Schank R, Abelson R (1977) Scripts, Plans, Goals and Understanding. Erlbaum, Hillsdale, NJ
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Baldwin, A., Shiu, S. Enabling shared audit data. Int J Inf Secur 4, 263–276 (2005). https://doi.org/10.1007/s10207-004-0061-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-004-0061-9