News

2024-07: "Real-time GNU Taler auditor"

This bachelor thesis implements puts it's focus on the GNU Taler auditor. Cedric Zwahlen and Nicola Eigel made it real-time and added single page application.

Introduction video

Abstract

One of the key components of the GNU Taler payment system is the auditor, which is used to ensure that a payment service provider operating the payment system is operating correctly. The primary goal, is to provide assurances against insider threats, compromised systems or data corruption due to technical failures.

In the context of this thesis, the GNU Taler auditor was improved, and now works in real-time, thus providing operators and regulators with more timely insights into the payment system. This was achieved by changing the existing logic, which would previously generate periodic JSON reports, to a database-centric approach. By implementing a REST API service for the newly generated database tables, the newly created single page application is able to visualize audit data in real-time on its dashboards.

To achieve those changes, the six GNU Taler auditor helper programs, each responsible for analyzing different parts of a GNU Taler exchange, were adapted. The existing report generating logic was analyzed and the database was extended with tables to store the various findings generated by the auditor. This replaces the existing periodic report generating logic.

The new tables contain distinct aspects of GNU Taler that are relevant to the auditing process, such as failures, delays in processing, active operations, or simply the system state with the amounts of currency in circulation or the total amount of the various payment fees earned by the exchange. For each of the new tables, new REST API endpoints were designed, documented and implemented.

This enabled the development of a new auditor frontend, the single page application for displaying the data in an easy, understandable and digestable manner. Necessary access control precautions were taken into consideration and implemented.

To foster sustainable development practices, the auditors unit tests were also adapted and changed. Due to the database-centric approach, the unit tests now not only need tests for the main auditing logic, but also tests for the functionality of the REST API. Each test case begins by running the auditor helpers, which insert various reports into the database. After a fault injection, the tests then query the database via the REST API and then check that the correct findings are returned by the REST API.

Links