A PKI Based Secure Audit Web Server

For many applications, access control and other business related information of all user transactions should be kept in secure log files for intrusion and misuse detection or system audit purposes. Because the log files may be stored on or moved to an untrusted machine and may attract attackers because of the large amounts of potentially sensitive information contained in them, we would like to guarantee that in the event an attacker gains access to this machine, we can limit his ability to corrupt the log files and we are able to detect any compromises afterwards. We also may want to ensure that he can gain little or no information from the log files. In this paper we propose a secure audit web service (SAWS) which can provide a secure audit trail service for multiple clients. The secure audit trail generated by SAWS can be stored on any untrusted machine and it is impossible to be modified or destroyed without detection, and its integrity can be validated by any client. Optionally, the audit file can be encrypted, making it impossible for unauthorised parties to read its contents.