基于区块链的防特权账号篡改审计系统

审计系统通过对客户网络设备、安全设备、主机和应用系统日志等数据进行全面的标准化处理,及时发现各种安全威胁、异常行为事件,为管理人员提供全局视角,确保客户业务的不间断运营安全;通过基于国际标准化的关联分析引擎,为客户提供全维度、跨设备、细粒度的关联分析,透过事件的表象真实还原事件背后的信息,为客户提供真正可信赖的事件追责依据和业务运行的深度安全,在整个信息安全防御体系中占有重要的位置。然而,现有的审计系统存在特权账号权限过大问题,其能对审计记录进行修改,降低了审计系统的能效。针对该问题,利用区块链技术的不可篡改性质,提出了一个防篡改审计系统。审计数据被上传至区块链中,利用属性基加密技术对数据进行保护,并实现细粒度访问控制。最后,通过批处理、预处理、哈希链等技术,消除由于使用区块链技术和属性基加密技术而带来的效率问题。

Blockchain-based Anti-privileged Account Tampering Audit System

The auditing system,by comprehensively standardizing the data such as customer network equipment,security equipment,hosts,and application system logs,timely discovers various security threats and abnormal behavior events,provides managers with a global perspective,and ensures the uninterrupted operation and security of customer business.It provides customers with full-dimensional,cross-device,fine-grained correlation analysis through an internationally-standardized correlation analysis engine;and uses the appearance of the event to truly restore the information behind the event,offering customers with a truly reliable basis for event accountability and deep security of business operations,which occupies an important position in the entire information security defense system.However,the existing auditing system has the problem of excessive privileges of privileged accounts,which can modify the audit records and reduce the energy efficiency of the auditing system.Aiming at this problem,an anti-tampering auditing system is proposed using the immutable modification of blockchain technology.The audit data is uploaded to the blockchain,and the data is protected with attribute-based encryption technology,and fine-grained access control is achieved.Finally,through batch processing,preprocessing,hash chain and other technologies,the efficiency problem caused by the use of blockchain technology and attribute-based encryption technology is eliminated.