Consider tamper resistant audit log

[meg23]

From manico.james@gmail.com on November 10, 2010 22:10:43

(From Kevin Wall)

Built utilities for tamper resistant audit logs.

Schneier and Kelsey have a good paper on how to do this using various crypto primitives. The advantage is that once an entry is made in a log file, it is possible to use cryptographic primitives to detect if these logs have been tampered with in any way. This can be something that is important with presenting audit logs as forensics evidence as you can have assurance that the logs were not tampered with.

Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=180

[meg23]

From manico.james@gmail.com on November 11, 2010 05:54:08

Labels: -Type-Defect Type-Enhancement

[meg23]

From manico.james@gmail.com on May 28, 2012 20:24:45

Owner: chrisisbeef

[kwwall]

Special note: By this, I am NOT referring to blockchain! There are other means such as described by Schneier and Kelsey (e.g., see https://www.schneier.com/academic/paperfiles/paper-auditlogs.pdf), which is what I had in mind and has much less overhead than blockchain.

[kwwall]

I am marking this as Milestone 3.0 because I don't think it is something that we want to tackle in ESAPI 2.x as we probably will want to wait until we have consolidated the logging where we are only using SLF4J.