A framework for E2E audit trails in system architectures of different enterprise classes

In today’s world, there are more and more IT systems that are interconnected to provide services to a wide variety of business classes. Since their services are usually inevitably linked to financial and political interests, the number of attacks aimed at disrupting or profiting from these and the associated systems in various ways is constantly increasing. In this paper we design and implement a framework for the comprehensive auditing of IT systems in system architectures of different enterprise classes. For our solution, we evaluate formal requirements regarding audit trails, provide concepts for the pseudonymisation of audit data, develop software components for E2E audit trails and finally present a secure system architecture based on Kubernetes and Istio in conjunction with the storage components ArangoDB and HashiCorp Vault to achieve an efficient framework for creating E2E audit trails.

Metadaten
Author:	Luca Patzelt, Georg Neugebauer, Meik Döll, Sacha Hack ORCiD, Tim Höner, Marko Schuba ORCiD
DOI:	https://doi.org/10.5220/0012367000003648
ISBN:	978-989-758-683-5
ISSN:	2184-4356
Parent Title (English):	Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP, Volume 1
Publisher:	SciTePress
Place of publication:	Setúbal
Document Type:	Conference Proceeding
Language:	English
Year of Completion:	2024
Tag:	Audit Trail; Auditing Framework; E2E Audit Trail; End-to-End Audit Trail; Pseudonymisation
First Page:	750
Last Page:	757
Note:	10th International Conference on Information Systems Security and Privacy - ICISSP, 26.-28.02.2024, Rome, Italy
Link:	https://doi.org/10.5220/0012367000003648
Zugriffsart:	weltweit
Institutes:	FH Aachen / Fachbereich Elektrotechnik und Informationstechnik
open_access (DINI-Set):	open_access
collections:	Verlag / AAAI
	Verlag / SciTePress
Licence (German):	Creative Commons - Namensnennung-Nicht kommerziell-Keine Bearbeitung

Open Access