My Photo

Your email address:


Powered by FeedBlitz

April 2018

Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          
Blog powered by Typepad

Become a Fan

« The Triadic Continuum | Main | Van Halen, Risk Management and Breaking the Law (Allegedly) »

November 10, 2007

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Clifton Phua

I do think immutable audit logs are usually adopted to enforce compliance if the implications of abuse are severe.

But, to be able to sell immutable audit logs to a large base of customers, maybe the logs can be used for other purposes such as rewarding users for correct use or preventing accidental deletions.

I am not sure how tamper-resistant these logs can be, since the log designer has to be trusted and the technology does not seem simple enough to be understood (by me).

Rob

Sadly I think it's going to take some sort of compliance initiative before anyone even realises they need this level of security.
The technology itself is simple enough to understand. I was the Product Manager for Kinamik until recently though, so maybe I have a head start.

The tamper resistance comes from building a chain of mini signatures. The signatures are of smaller blocks of the original data. Therefore if any one part of the chain is affected, you only lose a small part of the data rather than the whole as with normal signatures, the tampered data is pinpointed, and the whole operation can be completed faster than the normal signing process.

It's great technology, but whereas a lot of people will accept that they need it, it doesn't tick any boxes yet and doesn't actively make money for an organisation, so is a hard sell. Having said that, encryption was a hard sell 5 years ago and that's doing very well now. It's only a matter of time and I for one would be very pleased to see Kinamik do well.

Stephen

One issue that such a technology might have is how to transparently audit something that can change significantly over time. For instance, if your auditor asks for all changes to Customer information between X and Y date, and you went into your tracking system and returned all changes related to the PARTY_TABLE, it might be difficult to know that in the previous version of the Customer system (that was upgraded in between X and Y date) stored customer information in the CUSTOMER_TABLE (which no longer exists in the current version). It seems for this immutable log idea to be most effective, you would need to apply them to systems built using associative data modeling techniques (e.g. Kalido, Oracle Designer, Lazysoft Sentences, etc.) that not only track the start and end date for each object, but also track the start and end date of each association. Indeed in the case of Kalido, a byproduct of this approach allows you to not only report auditing changes across data, but across structure as well, and even generate reports using any standard BI tool using any hierarchy or model that had ever existed. However, market-wise, I think companies like Kinamik would want to keep a close eye on the database vendors themselves. If they perceive this to be a market, I could certainly see Oracle, IBM, and Microsoft jumping into this, and I think that is where this type of thing would ultimately end up if I had to guess. Outside of your auditability and deterrence criteria, Oracle 11g has added some new security features to try and address some of your access abuse concerns--for instance, being able to limit the DBA viewing tables they manage, etc. I would expect more of that filtering down as companies wake up to dangers of internal support staff having the capability of downloading confidential customer data to a USB drive and walking out the door with it.

Sal Weir

A technically great idea. One which, alas and of course, many, many people and organizations will run away from, or resist vehemently.

What politician will seriously allow this to happen? Geez, there are many representatives and senators that have their remarks put into the Congressional Record as if they were actually in the legislative chamber and read them. Being made to be held accountable for their words? Politicians? Gimmeabreak!

Bureaucrats, high-level appointments, unable to skip around their words? Where would that place them? Nowhere they want to be caught.

Look at Sarbanes-Oxley: a law passed in reaction to Enron, no sooner was the ink dry on the legislation than corporate executives were decrying its excesses and costs and screaming for legislative relief. Enron is now but a dim memory for most, a kind of scar on the public psyche, and even politicians are calling for Sox to be rewritten, if not repealed.

I worked on the business side for a good number of years, and I well recall a joke that was made when we would sit around and shoot the breeze after a long day: we keep three sets of books, one for shareholders, one for the IRS, and the real one. I never found it very funny, but did find it telling of the culture.

Rob Lewis

Hi Jeff,

Remember us please.

http://www-304.ibm.com/jct09002c/gsdod/solutiondetails.do?solution=16896&expand=true&lc=en

From a past conversation, you might remember that Trustifier is a security sub-system that adds internal controls at the kernel level to enforce security policies. It can be dropped on to a running *nix system in software format or be added in appliance form to a mixed platform environment.

Trustifier does not use encryption, but digital separation of data to enforce domain separation, writing permanent time-stamped audit logs that are not accessible by system personnel, or security officers.

Trustifier also allows integrity and secrecy rankings of data and users, providing additional tools to not only assure accountability, but iron-clad non-repudiation necessary for secure data hand-offs and data sharing.

Rob Lewis

Hi Jeff,

Remember us please.

http://www-304.ibm.com/jct09002c/gsdod/solutiondetails.do?solution=16896&expand=true&lc=en

From a past conversation, you might remember that Trustifier is a security sub-system that adds internal controls at the kernel level to enforce security policies. It can be dropped on to a running *nix system in software format or be added in appliance form to a mixed platform environment.

Trustifier does not use encryption, but digital separation of data to enforce domain separation, writing permanent time-stamped audit logs that are not accessible by system personnel, or security officers.

Trustifier also allows integrity and secrecy rankings of data and users, providing additional tools to not only assure accountability, but iron-clad non-repudiation necessary for secure data hand-offs and data sharing.

Security Tape

I can see that this post is a couple of years old now, can you tell me if during this time this has become a reality? I'm very amateur in terms of this area but I think this kind of system sounds very useful and would certainly enable accountability. I'm in the middle of corresponding with a company and I'd like to suggest this to them - only if it's relevant though! Thanks

The comments to this entry are closed.