Security Audit Logging in Microservice-Based Systems: Survey of Architecture Patterns

The current digital age, mainly characterized by an economy based upon information technology, demands a data integrity service, even more so because organizations and companies are migrating their services over the cloud. This is not a simple task; it is cumbersome since traditional schemes in databases could be subject to modifications. However, it can be solved using blockchain technology. This paper provides a data integrity verifiability architecture for cloud systems based on blockchain. The architecture provides a mechanism to store events (as logs) within a blockchain platform from any cloud system. Users can then consult data integrity through a microservice, acting as an intermediate server that carries out a set of verification steps within the blockchain, which confirms the integrity of a previously stored log. Our architecture takes advantage of the blockchain strength concerning integrity, providing a traceability track of the stored logs. A prototype system and a case study were implemented based on the proposed architecture. Our experimental results show that the proposed decentralized architecture can be adapted to cloud existing systems that were born without blockchain technology and require a modular and scalable audit characteristic.

show abstract

RootLogChain: Registering Log-Events in a Blockchain for Audit Issues from the Creation of the Root

López-Pimentel

Morales-Rosales

Monroy

2021

Sensors

View full text Add to dashboard Cite

Logging system activities are required to provide credibility and confidence in the systems used by an organization. Logs in computer systems must be secured from the root user so that they are true and fair. This paper introduces RootLogChain, a blockchain-based audit mechanism that is built upon a security protocol to create both a root user in a blockchain network and the first log; from there, all root events are stored as logs within a standard blockchain mechanism. RootLogChain provides security constructs so as to be deployed in a distributed context over a hostile environment, such as the internet. We have developed a prototype based on a microservice architecture, validating it by executing different stress proofs in two scenarios: one with compliant agents and the other without. In such scenarios, several compliant and non-compliant agents try to become a root and register the events within the blockchain. Non-compliant agents simulate eavesdropper entities that do not follow the rules of the protocol. Our experiments show that the mechanism guarantees the creation of one and only one root user, integrity, and authenticity of the transactions; it also stores all events generated by the root within a blockchain. In addition, for audit issues, the traceability of the transaction logs can be consulted by the root.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Security Audit Logging in Microservice-Based Systems: Survey of Architecture Patterns

Cited by 3 publications

References 0 publications

Analysing features of e-commerce systems architecture

Analysing features of e-commerce systems architecture

A Cloud Microservices Architecture for Data Integrity Verifiability Based on Blockchain

RootLogChain: Registering Log-Events in a Blockchain for Audit Issues from the Creation of the Root

Contact Info

Product

Resources

About