Distributed Trust Incident Reporting
Security incidents are important to track so that all parties know the status of a breach and can respond in concert and with appropriate speed. Current methods to track incidents are generally paper-based manual processes. More recent systems are based on a centralized database with some web interface to interact with the record and response tracking.
We propose that this does not work well enough in the scenarios where:
- security incidents may affect more than a single entity
- where more than one entity must respond to an incident
- some or all entities have no trust in the others
- no party can or will be responsible for hosting the full system
For example, a security breach in the supply chain for a food manufacturer could result in several retail businesses with products on shelf that contain a pathogen. Current methods of notifying the proper authorities require a phone tree to call all the correct parties which then react as individuals or local committees. In addition the incident must either be initially submitted to each entity separately or one entity must take responsibility to notify the others.
- allows all parties (e.g. retail, governmental, public) to see the incident via a single report transaction
- allows all parties to respond in concert as required
- allows automated systems to report incidents
- allows transparency across all organizations
To use on the VMware blockchain run the following commands in a bash shell on a host that supports Linux docker containers, setting the variables as needed for your credentials:
docker run -e PRODUCTION_URL -it index.docker.io/tompscanlan/incident-reporting-truffle:v1.5 truffle deploy --network production --reset
# replace this with your own contract address, or use this one for an existing sample
docker run -d -e CLIENT_URL -e CLIENT_USER -e CLIENT_PASSWORD -e CLIENT_CONTRACT_ADDRESS -p 8080:80 index.docker.io/tompscanlan/incident-reporting-ui:v1.5