Home // CLOUD COMPUTING 2021, The Twelfth International Conference on Cloud Computing, GRIDs, and Virtualization // View article

Incorporating Permanent Audit Trails for Corporates

Authors:
Robert Duncan
Magnus Westerlund
John Wickstr ̈om

Keywords: blockchain, IoT, smart contracts, security, audit trails

Abstract:
All corporate businesses are under constant attack. There is no doubt that the adoption of a multitude of cheap Internet of Things devices have proved to be a great enabler of the vastly expanded potential for data collection to run systems, processes, and machines more effectively. Unfortunately, their very cheapness often means that security is not appropriately considered during design, and that the incorporation of such devices can introduce a new route in to corporate systems for attackers. The audit trail is often the single most important target for attackers to allow them to cover their tracks and remain hidden in the system for a long duration. Therefore, we must ensure we take extra precautions to properly secure this important record in a cryptographically secured immutable database, for without it, we have no means to forensically discover who has perpetrated attacks, nor how they penetrated our systems. In this paper, we explore a method of securely collecting and storing this information in an immutable database. We approach this using blockchain based smart contracts, which has the added advantage of allowing us to take a distributed approach, which also fits well with modern corporate computing infrastructures. We find that this approach can allow us to retain the relevant audit trails deemed necessary to meet corporate security goals and compliance requirements.

Pages: 24 to 29

Copyright: Copyright (c) IARIA, 2021

Publication date: April 18, 2021

Published in: conference

ISSN: 2308-4294

ISBN: 978-1-61208-845-7

Location: Porto, Portugal

Dates: from April 18, 2021 to April 22, 2021