SORMAS-Foundation / SORMAS-Project

SORMAS (Surveillance, Outbreak Response Management and Analysis System) is an early warning and management system to fight the spread of infectious diseases.
https://sormas.org
GNU General Public License v3.0
293 stars 143 forks source link

Audit & security log #7904

Open MartinWahnschaffe opened 2 years ago

MartinWahnschaffe commented 2 years ago

Situation Description & Motivation

To comply with data protection regulation, we need to make sure that SORMAS provides an audit log trail which can be easily ingested by dedicated log processing systems and allows investigation by officials.

The existing audit mechanisms only cover the manipulation of data, but we are required to log when a user is accessing data as-well.

This is based on https://github.com/hzi-braunschweig/SORMAS-RFC/blob/sormas-audit-trail/0001-sormas-audit-trail.md and "SORMAS-X Umsetzungskonzept Logging" provided by the data security team (sometimes chapters are referenced here).

Use cases

High-Level Explanation

The audit trail gets populated by automatically logging every invocation of a facade/EJB method. By this, we can trace every interaction with the system (i.e., via Vaadin UI or REST). We will output the collect logs to user configurable log sink such that the logs can be easily ingested for further processing.

The most important module that needs to be covered is the SORMAS backend, so this epic will mostly be about the implementation needed there.

In addition to that the following modules need to be covered (5.1.1):

Timeline

Tasks - SORMAS Backend

Logging service & sink

Acquiring log data

Use the interceptor pattern to log all calls to the SORMAS backend, similar as we are doing it with PerformanceLoggingInterceptor.

What to log (5.2.3)?

We need to log

  1. Data reads
  2. Creation of data
  3. Change of existing
  4. Deletion of data

for the following processes:

The following external interfaces

Misc:

General requirements (4.2)

In general the log shall only contain pseudonymized personal data, the only exception being the name of the active user.

Alternatives

Risks

Additional Information

Refinement Todos

MartinWahnschaffe commented 2 years ago

@JonasCir I have created a wiki page. Feel free to extend with what you feel is missing there.

Also a note on https://github.com/hzi-braunschweig/SORMAS-RFC: We haven't really used it and my feeling is that using epics is a better fit for our processes. I'd suggest to close the SORMAS-RFC project and to discuss whether we want to add one ore two more of the RFC template sections to our epic template.

JonasCir commented 2 years ago

@MartinWahnschaffe thanks going to add to the page if anything comes up :)

Agreed, I archived the repo for now, we can see if we can salvage something.

JonasCir commented 1 year ago

Missing issues to close this epic are #11637 and #8022