Skip to main content
SpringerLink
Log in

Enabling shared audit data

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Audit is an important aspect of good security and business practice; however, current solutions are not supportive of electronic data and processes. This paper describes an audit service that both acts as a central place for logging from heterogeneous IT systems and a place to search and check the audit data. Notarisation structures enabling a user to check the integrity of audit records and subsets of the audit chain relating to their transactions have been developed. The audit system uses a secure hardware device to create an alternative trust domain in which to run processes, maintaining the integrity of the audit trail whilst allowing it to be tightly integration and co-located with the overall IT infrastructure.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Haber S, Stornetta WS (1991) How to time-stamp a digital document. J Cryptol 3:99–111

    Article  Google Scholar 

  2. Bayer D, Haber S, Stornetta WS (1993) Improving the efficiency and reliability of digital time-stamping. In: Capocelli RM, De Santis A, Vaccaro U (eds) Sequences II: Methods in communication, security, and computer science. Springer, Berlin Heidelberg New York, pp 329–334

  3. Merkle RC (1980) Protocols for public key cryptography. In: IEEE symposium on security and privacy, pp 122–134

  4. Merkle RC (1989) A certified digital signature. In: Advances in Cryptology

  5. Bellare M, Yee B (2003) Forward-security in private-key cryptography. In: Joye M (ed) Topics in Cryptology – CT-RSA 03. Lecture notes in computer science, vol 2612. Springer, Berlin Heidelberg New York

  6. Bellare M, Yee B (1997) Forward integrity for audit logs. Technical report, UCSD tech report

  7. Schneier B, Kelsey J (1998) Cryptographic support for secure logs on untrusted machines. In: Proceedings of the 7th USENUX security symposium

  8. Baldwin A (2004) Enhanced accountability for electronic processes. In: 2nd international conference on trust management. Lecture notes in computer science, vol . Springer, Berlin Heidelberg New York

  9. Buldas A, Laud P, Lipmaa H, Villemson J (1998) Time-stamping with binary linking schemes. In: Krawczyk H (ed) Advances on Cryptology – CRYPTO ’98, Santa Barbara, CA. Lecture notes in computer science, vol 1462. Springer, Berlin Heidelberg New York, pp 486–501

  10. Schneier B (1996) Applied cryptography, 2nd edn: Protocols, algorithms and source code in C. Wiley, NewYork

  11. Adams C, Cain P, Pinkas D, Zuccherato R (2001) Rfc 3161 Internet x.509 public key infrastructure time stamp protocol (tsp). http://www.ietf.org/rfc/rfc3161.txt

  12. Pearson S (ed) (2002) Trusted computing platforms: TCPA technology in context. HP Books, Prentice Hall, Englewood Cliffs, NJ

    Google Scholar 

  13. Baldwin A, Shiu S (2003) Hardware encapsulation of security services. In: Compter Security: Proceedings of ESORICS 2003. Lecture notes in computer science, vol 2808. Springer, Berlin Heidelberg New York

  14. Ferreira A, Shiu S, Baldwin A (2003) Towards secure electronic patient records. In: 1st MEDINF international conference on medical informatics and engineering

  15. Baldwin A, Shiu S (2002) Encryption and key management in a san. In: IEEE workshop on security in storage (SISW02)

  16. Baldwin A, Shiu S (2003) Hardware security appliances for trust. In: 1st international conference on trust management. Lecture notes in computer science, vol 2692. Springer, Berlin Heidelberg New York

  17. FIPS (2001) Security requirements for cryptographic modules. fips 140-2. http://csrc.nist.gov/cryptval/140-2.htm

  18. Smith SW, Palmer ER, Weingart S (1998) Using a high performance programmable secure coprocessor. In: 2nd international conference on financial cryptography. Lecture notes in computer science, vol . Springer, Berlin Heidelberg New York

  19. Itoi N (2000) Secure coprocessor integration with kerberos V5. In: Usenix security symposium, pp 113–128

  20. Smith SW, Safford D (2000) Practical private information retrieval with secure coprocessors. Technical report, IBM Research TJ Watson Research Center, Yorktown Heights, NY. http://www.research.ibm.com/secure_systems_department/projects/scop/papers/rc21806.pdf

  21. Casassa Mont M, Bramhall P, Harrison K (2003) A flexible role-based secure messaging service: Exploiting ibe technology for privacy in health care. In: DEXA Workshops. IEEE Press, New York

  22. Schank R, Abelson R (1977) Scripts, Plans, Goals and Understanding. Erlbaum, Hillsdale, NJ

Download references

Author information

Authors and Affiliations

  1. Hewlett Packard Labs, Bristol, UK

    Adrian Baldwin & Simon Shiu

Authors
  1. Adrian Baldwin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Simon Shiu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Adrian Baldwin.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Baldwin, A., Shiu, S. Enabling shared audit data. Int J Inf Secur 4, 263–276 (2005). https://doi.org/10.1007/s10207-004-0061-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-004-0061-9

Keywords

Search

Navigation