The system log is helpful in monitoring attacks and corruption by malicious attackers, but it is meaningless if the log itself is altered. Trillian, developed by Google, is an open source log base that makes such log manipulation difficult using a hash tree.
Trillion is one of the projects supported by the ecosystem CT (Certificate Transparency) led by Google with the goal of securing website certificate transparency. Currently, in CT, Apple, Google, and Facebook are cooperating.
Logs, which play an important role in third-party attacks and internal corruption audits, need not only to be stored but also to have high tamper resistance. A log system that is resistant to manipulation has the advantage of preventing the destruction of evidence, gaining the trust of auditors, and allowing multiple parties to monitor each other’s behavior. Specific examples that require a strong log system for manipulation include package managers, server and financial institution transactions, and the like.
The log-based trillion is the best way to build a log system that is resistant to such manipulation. For that reason, the CT side points out that it can be easily introduced into existing systems, that it can be scaled up, and that it is open source.
Trillion is a data structure called a hash tree that supports tampering. The hash tree is characterized by high tamper protection by hashing the original data and concatenating the hash value in a tree form. The hash tree technology is also used in version control systems such as Git.
Trillian source code github is open to everyone and is free of charge. In addition, Trillian build requires Go version 1.14 or higher, and MySQL or MariaDB can be used for data storage. Related information can be found here.