[SERVER-16212] Auditing should use hash-chaining for tamper-resistance - MongoDB Jira

XML

Word

Printable

Details

Type: Improvement
Status: Open
Priority: Major - P3
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: Backlog
Component/s: Security
Labels:
- Auditing
- platforms-re-triaged

Case:

Description

Currently mongodb's audit log is vulnerable to tampering by a malicious administrator. i.e, given a mongodb audit log there is no way to tell if any entries have been added, removed or modified.

Roughly speaking, we could store a hash in each audit entry. Each hash would be computed from a combination that includes (but not limited to) the content of the current entry and the hash of the previous entry. The hashes form a chain that can be used to verify the integrity of the audit log. Note that there is a lot more detail required for a secure implementation

Attachments

Activity

People

Assignee:: Backlog - Security Team

Reporter:: Adam Midvidy

Participants:: Adam Midvidy, Backlog - Security Team

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: Nov 18 2014 02:47:03 AM UTC

Updated:: Aug 18 2020 12:28:03 AM UTC