<p>Regulated organisations deploying workloads across multiple cloud providers face a compliance verification problem that existing tools address only partially. Policy-as-Code frameworks such as Open Policy Agent automate enforcement but record decisions in mutable logs that carry no cryptographic integrity guarantee. Permissioned blockchains such as Hyperledger Fabric provide tamper-evident storage but capture only that a transaction occurred, not whether it complied with any policy or what policy context governed it. The resulting enforcement-to-audit gap means that independently verifiable compliance evidence required by GDPR Article&#xa0;5(2), HIPAA&#xa0;§164.312(b), Basel&#xa0;III Pillar&#xa0;II, and India’s Digital Personal Data Protection Act 2023 cannot be produced by current integrated systems. This paper describes, implements, and evaluates a <i>semantic audit anchoring</i> mechanism that bridges this gap. Every OPA policy decision is structured into a six-field semantic tuple <InlineEquation ID="IEq1"><EquationSource Format="TEX">\(D = \langle S, C, R, A, \tau , H \rangle \)</EquationSource><EquationSource Format="MATHML"><math><mrow><mi>D</mi><mo>=</mo><mo stretchy="false">⟨</mo><mi>S</mi><mo>,</mo><mi>C</mi><mo>,</mo><mi>R</mi><mo>,</mo><mi>A</mi><mo>,</mo><mi>τ</mi><mo>,</mo><mi>H</mi><mo stretchy="false">⟩</mo></mrow></math></EquationSource></InlineEquation> encoding subject identity, data classification, jurisdiction, access action, timestamp, and a SHA-256 hash of the full evaluation context and committed to Hyperledger Fabric&#xa0;v2.5 as an immutable, cryptographically verifiable record. Four formally stated audit invariants govern the system: deterministic evaluation, immutable anchoring, bytecode integrity, and peer-endorsed non-repudiation. A verification suite of four independently executable scripts enables third-party auditors to re-confirm the compliance record without accessing the original deployment environment. The mechanism was prototyped on Azure and Google Cloud Platform, processing 100 to 100&#xa0;000 policy decisions per run over ten independent repetitions. Mean end-to-end latency ranged from 9.11&#xa0;ms on Azure to 14.06&#xa0;ms on GCP at the 100&#xa0;000-decision scale; throughput reached 67–127 transactions per second. One-way ANOVA confirmed statistically significant cross-platform differences (<InlineEquation ID="IEq2"><EquationSource Format="TEX">\(F(2{,}27)=18.4\)</EquationSource><EquationSource Format="MATHML"><math><mrow><mi>F</mi><mo stretchy="false">(</mo><mn>2</mn><mo>,</mo><mn>27</mn><mo stretchy="false">)</mo><mo>=</mo><mn>18.4</mn></mrow></math></EquationSource></InlineEquation>, <InlineEquation ID="IEq3"><EquationSource Format="TEX">\(p&lt;0.001\)</EquationSource><EquationSource Format="MATHML"><math><mrow><mi>p</mi><mo>&lt;</mo><mn>0.001</mn></mrow></math></EquationSource></InlineEquation>). An ablation study isolated the per-component overhead contributions: 1.27&#xa0;ms for blockchain event anchoring, 0.68&#xa0;ms for semantic tuple construction, and 0.14&#xa0;ms for SHA-256 hashing. A complete reproducibility artifact bundle accompanies this paper.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Semantically-enriched blockchain audit anchoring for policy-as-code governance in heterogeneous cloud environments: implementation, evaluation, and regulatory mapping

  • Rahul Nayak,
  • Madala Guru Brahmam,
  • Sachi Nandan Mohanty,
  • Mrudula Makarand Joshi

摘要

Regulated organisations deploying workloads across multiple cloud providers face a compliance verification problem that existing tools address only partially. Policy-as-Code frameworks such as Open Policy Agent automate enforcement but record decisions in mutable logs that carry no cryptographic integrity guarantee. Permissioned blockchains such as Hyperledger Fabric provide tamper-evident storage but capture only that a transaction occurred, not whether it complied with any policy or what policy context governed it. The resulting enforcement-to-audit gap means that independently verifiable compliance evidence required by GDPR Article 5(2), HIPAA §164.312(b), Basel III Pillar II, and India’s Digital Personal Data Protection Act 2023 cannot be produced by current integrated systems. This paper describes, implements, and evaluates a semantic audit anchoring mechanism that bridges this gap. Every OPA policy decision is structured into a six-field semantic tuple \(D = \langle S, C, R, A, \tau , H \rangle \)D=S,C,R,A,τ,H encoding subject identity, data classification, jurisdiction, access action, timestamp, and a SHA-256 hash of the full evaluation context and committed to Hyperledger Fabric v2.5 as an immutable, cryptographically verifiable record. Four formally stated audit invariants govern the system: deterministic evaluation, immutable anchoring, bytecode integrity, and peer-endorsed non-repudiation. A verification suite of four independently executable scripts enables third-party auditors to re-confirm the compliance record without accessing the original deployment environment. The mechanism was prototyped on Azure and Google Cloud Platform, processing 100 to 100 000 policy decisions per run over ten independent repetitions. Mean end-to-end latency ranged from 9.11 ms on Azure to 14.06 ms on GCP at the 100 000-decision scale; throughput reached 67–127 transactions per second. One-way ANOVA confirmed statistically significant cross-platform differences (\(F(2{,}27)=18.4\)F(2,27)=18.4, \(p<0.001\)p<0.001). An ablation study isolated the per-component overhead contributions: 1.27 ms for blockchain event anchoring, 0.68 ms for semantic tuple construction, and 0.14 ms for SHA-256 hashing. A complete reproducibility artifact bundle accompanies this paper.