Daily transactions on data processing systems number in the millions. Still, some people and businesses hesitate to use such transactions because of security concerns. Many organizations, such as government, banking, finance, and pharmaceuticals, are concerned with security. Organizations are concerned with the need to assure that no tampering occurs with any event and that the event is from a trusted source. Of particular concern is the security of business transaction records and security of audit records tracking those business transaction records. Without audit records, the business transactions may be subject to unauthorized transactions, including intrusions, falsification, tampering, and potential threats. Lack of audit records can also result in an inability to prove accountability and assure non-repudiation. Systems which lack security invite attack.
Audit event records must accurately reflect the event history for applications and identify the event author, i.e., authenticate the event. Some audit event records are generated from trusted server code, while others are generated by untrusted application logic. For example, in any J2EE application server runtime environment, application logic may run in the same address space as trusted server code. Failure to secure audit event records jeopardizes transaction integrity and accountability. The modern application server computing environment allows hosting of multiple applications. Applications share a common event infrastructure and auditing infrastructure which must provide the capability to authenticate each individual application as the event source. The infrastructure must prevent one application from impersonating another application's identity in event records.
One approach to assuring event record integrity has been to encrypt transaction records and send a digital signature with the transaction records. This process is cumbersome, not only because of the need to transmit extra files, but because of retention requirements for auditability. Certain transaction records, such as military and financial records, and their associated keys, must be retained and accessible for fifteen years. Moreover, the key management capability must scale with the number of applications. Each application should be given its own cryptographic keys in order to ensure isolation of application event records.
It would be desirable to have a method for assuring event record integrity that overcomes the above disadvantages.