A security-focused showcase for distributed banking systems, demonstrating Zero-Trust architecture, role-based access, and immutable audit trails.
This project is a technical showcase demonstrating a Zero-Trust security architecture for banking middleware, designed with principles relevant to the financial sector in mind.
The architecture emphasizes traceability, immutability, and explicit verification, aligning with the expectations of regulatory bodies like BaFin and standards such as MaRisk and BAIT.
Key features demonstrated:
- Immutable, Hash-Chained Audit Trail: An audit log designed to be tamper-evident, a core requirement for compliance.
- Automated Risk Classification: Events are automatically classified (
INFO,WARNING,CRITICAL), enabling focused regulatory reporting. - Strict Role-Based Access Control (RBAC): A clear separation of duties is enforced between operational roles (e.g.,
Supervisor) and oversight roles (e.g.,Auditor). - Secure, Decoupled Architecture: The system is built with decoupled microservices (Java/Spring Boot) and a modern frontend (React), communicating via secure, token-based APIs.
This showcase serves as a practical example of how to build secure, compliant, and modern banking systems.
This README serves as the central hub for all project documentation.
- Z-Trust Platform Overview: A detailed overview of the project's goals, principles, and security features.
High-level diagrams and specifications that define the system's structure and behavior.
- arc42 Architecture Documentation: Comprehensive architecture documentation following the arc42 template.
- Architecture Decision Records (ADRs): Documented architectural decisions and their rationale.
- Architectural Trade-Offs: Summary of key architectural trade-offs made.
- European Standards and Regulatory Alignment: Details on how the project aligns with European financial regulations and information security standards.
- Architecture Diagram: Visual overview of all system components and their interactions.
- Authentication Flow: Step-by-step diagram of the user authentication and token flow.
- Audit & Risk Event Specification: The detailed design document for the BaFin-style audit and risk engine.
Detailed documentation for each major component of the application.
- Backoffice Module: Handles business logic and delegates to Z-Trust.
- Security Module: Manages JWT validation and identity extraction.
- Z-Trust Gateway: The core Policy Enforcement Point.
- Z-Trust Audit Module: The immutable, hash-chained audit log engine.
- Z-Trust Transaction Module: The secure execution layer for financial operations.
- Backoffice UI Guide: Instructions for running the frontend and a detailed walkthrough of the user flow with screenshots.
- API Testing Guide (cURL): A guide with
curlcommands for manually testing the security of the backend API.