Secure and transparent audit logs with BlockAudit

Ahmad Ashar; Saad Muhammad; Mohaisen Aziz

首页> 外文期刊>Journal of network and computer applications >Secure and transparent audit logs with BlockAudit

【24h】

Secure and transparent audit logs with BlockAudit

机译：使用BlockAudit安全透明的审核日志

获取原文

获取原文并翻译 | 示例

获取外文期刊封面封底 >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Audit logs serve as a critical component in enterprise business systems and are used for auditing, storing, and tracking changes made to the data. However, audit logs are vulnerable to a series of attacks enabling adversaries to tamper data and corresponding audit logs without getting detected. Among them, two well-known attacks are "the physical access attack," which exploits root privileges, and "the remote vulnerability attack," which compromises known vulnerabilities in database systems. In this paper, we present BlockAudit a scalable and tamper-proof system that leverages the design properties of audit logs and security guarantees of blockchain to enable secure and trustworthy audit logs. Towards that, we construct the design schema of BlockAudit and outline its functional and operational procedures. We implement our design on a custom-built Practical Byzantine Fault Tolerance (PBFT) blockchain system and evaluate the performance in terms of latency, network size, payload size, and transaction rate. Our results show that conventional audit logs can seamlessly transition into BlockAudit to achieve higher security and defend against the known attacks on audit logs.

机译：审核日志是企业业务系统中的关键组件，用于审核，存储和跟踪对数据所做的更改。但是，审核日志很容易受到一系列攻击的攻击，使攻击者可以在不被检测到的情况下篡改数据和相应的审核日志。其中，两种著名的攻击是利用根特权的“物理访问攻击”和利用数据库系统中已知漏洞的“远程漏洞攻击”。在本文中，我们介绍了BlockAudit一个可扩展且防篡改的系统，该系统利用审计日志的设计属性和区块链的安全保证来启用安全可靠的审计日志。为此，我们构建了BlockAudit的设计方案，并概述了其功能和操作程序。我们在定制的实用拜占庭容错（PBFT）区块链系统上实施我们的设计，并根据延迟，网络大小，有效负载大小和事务处理速率评估性能。我们的结果表明，常规审核日志可以无缝过渡到BlockAudit，以实现更高的安全性并防御已知的审核日志攻击。

著录项

来源
《Journal of network and computer applications》 |2019年第11期|102406.1-102406.14|共14页
作者
Ahmad Ashar; Saad Muhammad; Mohaisen Aziz;
展开▼
作者单位

Univ Cent Florida Dept Comp Sci Orlando FL 32816 USA;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Audit logs; Blockchain; Distributed systems;

机译：审核日志;区块链分布式系统;

相似文献

外文文献
中文文献
专利

1. Secure and transparent audit logs with BlockAudit [J] . Ahmad Ashar, Saad Muhammad, Mohaisen Aziz Journal of network and computer applications . 2019,第Nova期

机译：使用BlockAudit安全透明的审核日志
2. A secure and auditable logging infrastructure based on a permissioned blockchain [J] . Putz Benedikt, Menges Florian, Pernul Guenther Computers & Security . 2019,第Nova期

机译：基于授权区块链的安全且可审核的日志记录基础架构
3. BAFi: a practical cryptographic secure audit logging scheme for digital forensics [J] . Kampanakis Panos, Yavuz Attila A. Security and Communications Networks . 2015,第17期

机译：BAFi：一种适用于数字取证的实用密码安全审计记录方案
4. Blockchain-Based Auditing of Transparent Log Servers [C] . Hoang-Long Nguyen, Jean-Philippe Eisenbarth, Claudia-Lavinia Ignat, Annual IFIP WG 11.3 conference on data and applications security and privacy . 2018

机译：基于区块链的透明日志服务器审计
5. A framework for auditable, paper-equivalent electronic forms using data logging, secure access controls, and electronic certificates. [D] . Badia-Reyes, Rene D. 2007

机译：使用数据记录，安全访问控制和电子证书的可审核，等同于纸张的电子表格的框架。
6. iDASH secure genome analysis competition 2018: blockchain genomic data access logging homomorphic encryption on GWAS and DNA segment searching [O] . Tsung-Ting Kuo, Xiaoqian Jiang, Haixu Tang, 2020

机译：iDASH安全基因组分析竞赛2018：区块链基因组数据访问记录GWAS上的同态加密和DNA片段搜索
7. Secure and transparent audit logs with BlockAudit [O] . Ashar Ahmad, Muhammad Saad, Aziz Mohaisen 2019

机译：安全且透明的审计日志与blockaudit
8. Guidelines for Audit Log Mechanisms in Secure Computer Systems. [R] . Brown, R. L. 1987

机译：安全计算机系统中审计日志机制指南。

Secure and transparent audit logs with BlockAudit

摘要

著录项

相似文献

相关主题

期刊订阅