Skip to content

security: extend HMAC integrity protection to all writers (ISO 27001) #612

Description

@kcenon

What

Currently only audit_logger signs log entries with HMAC-SHA256. Extend this integrity protection to general writers (file/console/network) so the whole logger meets ISO/IEC 27001 A.12.4 "Protection of log information" requirements by default.

  • Current: HMAC-SHA256 signature applied only in audit_logger.h
  • Expected: Opt-in integrity feature flag on every writer; CI validates verification round-trip
  • Scope: include/kcenon/logger/writers/**, include/kcenon/logger/security/**

Why

  • ISO/IEC 27001 A.12.4.2/A.12.4.3 requires tamper-evident log storage
  • Customers in regulated industries (medical, financial) cannot rely on audit-only integrity
  • Ecosystem alignment: pacs_system already signs audit records; logger should match

How

Technical Approach

  1. Add integrity_policy abstraction (HMAC-SHA256, Ed25519, none)
  2. Wire into file_writer, rotating_writer, network_writer via builder
  3. Add verify-log CLI sample under samples/
  4. Extend docs with ISO/IEC 27001 mapping

Acceptance Criteria

  • All writers accept an integrity_policy option
  • Verification sample succeeds on signed logs, fails on tampered logs
  • Documentation includes ISO 27001 control mapping table
  • Benchmark overhead documented (<5% for HMAC-SHA256)

Metadata

Metadata

Assignees

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions