research-article

Generalizing database forensics

Authors:

Kyriacos E. Pavlou,

Richard T. SnodgrassAuthors Info & Claims

ACM Transactions on Database Systems (TODS), Volume 38, Issue 2

Article No.: 12, Pages 1 - 43

https://doi.org/10.1145/2487259.2487264

Published: 04 July 2013 Publication History

Abstract

In this article we present refinements on previously proposed approaches to forensic analysis of database tampering. We significantly generalize the basic structure of these algorithms to admit new characterizations of the “where” axis of the corruption diagram. Specifically, we introduce page-based partitioning as well as attribute-based partitioning along with their associated corruption diagrams. We compare the structure of all the forensic analysis algorithms and discuss the various design choices available with respect to forensic analysis. We characterize the forensic cost of the newly introduced algorithms, compare their forensic cost, and give our recommendations.

We then introduce a comprehensive taxonomy of the types of possible corruption events, along with an associated forensic analysis protocol that consolidates all extant forensic algorithms and the corresponding type(s) of corruption events they detect. The result is a generalization of these algorithms and an overarching characterization of the process of database forensic analysis, thus providing a context within the overall operation of a DBMS for all existing forensic analysis algorithms.

Supplementary Material

a12-pavlou-apndx.pdf (pavlou.zip)

Supplemental movie, appendix, image and software files for, Generalizing database forensics

Download
103.28 KB

References

[1]

Agrawal, R. and Kiernan, J. 2002. Watermarking relational databases. In Proceedings of the International Conference on Very Large Databases. VLDB Endowment, 155--166.

Digital Library

[2]

Ahn, I. and Snodgrass, R. T. 1988. Partitioned storage structures for temporal databases. Inf. Syst. 13, 4, 369--391.

Digital Library

[3]

Bair, J., Böhlen, M., Jensen, C. S., and Snodgrass, R. T. 1997. Notions of upward compatibility of temporal query languages. Business Informatics (Wirtschafts Informatik) 39, 1, 25--34.

[4]

Basu, A. 2006. Forensic tamper detection in SQL server. http://www.sqlsecurity.com/chipsblog/archivedposts.

[5]

Booch, G., Rumbaugh, J., and Jacobson, I. 2005. The Unified Modeling Language User Guide 2nd Ed. Addison-Wesley Professional.

Digital Library

[6]

Gerr, P. A., Babineau, B., and Gordon, P. C. 2003. Compliance: The effect on information management and the storage industry. Res. rep., Enterprise Storage Group.

[7]

Guo, H., Li, Y., Liu, A., and Jajodia, S. 2006. A fragile watermarking scheme for detecting malicious modifications of database relations. Inf. Sci. 176, 10, 1350--1378.

Digital Library

[8]

Haber, S. and Stornetta, W. S. 1999. How to time-stamp a digital document. J. Cryptology 3, 99--111.

[9]

Hasan, R. and Winslett, M. 2011. Efficient Audit-based Compliance for Relational Data Retention. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS'11). ACM, New York, 238--248.

Digital Library

[10]

HIPAA, US Department of Health & Human Services. 1996. The Health Insurance Portability and Accountability Act. https://www.cms.gov/Regulations-and-Guidance/HIPAA-Administrative-Simplification/HIPAAGenInfo/index.html.

[11]

IBM Corporation. 2010. A matter of time: Temporal data management in DB2 for z/OS. White paper, IBM.

[12]

Li, Y., Guo, H., and Jajodia, S. 2004. Tamper detection and localization for categorical data using fragile watermarks. In Proceedings of the 4th ACM Workshop on Digital Rights Management. ACM, New York, 73--82.

Digital Library

[13]

Lomet, D. and Salzberg, B. 1989. Access methods for multiversion data. In Proceedings of the ACM SIGMOD International Conference on Management of Data. ACM, New York, 315--324.

Digital Library

[14]

Lorentzos, N. A. 2009. Encyclopedia of Database Systems. Springer, Chapter on Value Equivalence.

Digital Library

[15]

Lu, W., Miklau, G., and Immerman, N. 2012. Auditing a database under retention policies. VLDB J., 1--26.

Digital Library

[16]

Malmgren, M. 2007. An infrastructure for database tamper detection and forensic analysis. Honors thesis, University of Arizona. http://www.cs.arizona.edu/projects/tau/tbdb/MelindaMalmgrenThesis.pdf.

[17]

Mitra, S. 2008. Trustworthy and cost effective management of compliance records. PhD dissertation, Department of Computer Science, University of Illinois at Urbana-Champaign.

Digital Library

[18]

Mitra, S., Winslett, M., Snodgrass, R. T., Yaduvanshi, S., and Ambokar, S. 2009. An architecture for regulatory compliant database management. In Proceedings of the IEEE International Conference on Data Engineering. 162--173.

Digital Library

[19]

Oracle Corporation. 2009. Oracle Database 11g Workspace Manager overview. Oracle Corporation. http://www.oracle.com/technetwork/database/twp-appdev-workspace-manager-11g-128289.pdf.

[20]

Pavlou, K. E. and Snodgrass, R. T. 2006. Forensic analysis of database tampering. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 109--120.

Digital Library

[21]

Pavlou, K. E. and Snodgrass, R. T. 2008. Forensic analysis of database tampering. ACM Trans. Datab. Syst. 33, 4, 30:1--30:47.

Digital Library

[22]

Pavlou, K. E. and Snodgrass, R. T. 2010. The tiled bitmap forensic analysis algorithm. IEEE Trans. Knowl. Data Eng. 22, 4, 590--601.

Digital Library

[23]

Ramakrishnan, R. and Gehrke, J. 2003. Database Management Systems 3rd Ed. McGraw-Hill.

Digital Library

[24]

Sarbanes-Oxley Act, U.S. Public Law No. 107--204, 116 Stat. 745. 2002. The Public Company Accounting Reform and Investor Protection Act. (2002).

[25]

Sion, R., Atallah, M., and Prabhakar, S. 2003. Rights protection for relational data. In Proceedings of the ACM SIGMOD International Conference on Management of Data. ACM, New York, 98--109.

Digital Library

[26]

Snodgrass, R. T. and Ahn, I. 1986. Temporal databases. IEEE Comput. 19, 9, 35--42.

Digital Library

[27]

Snodgrass, R. T., Yao, S. S., and Collberg, C. 2004. Tamper detection in audit logs. In Proceedings of the International Conference on Very Large Databases. 504--515.

Digital Library

[28]

Teradata Corporation. 2012. Teradata transforms global database technology. http://www.teradata.com/News-Releases/2012/Teradata-Transforms-Global-Database-Technology/.

[29]

US National Institute of Standards and Technology. 2012. Federal Information Processing Standards Publication 180-4: Secure Hash Standard. (March 2012). http://www.csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf.

Digital Library

[30]

Weitzner, D. J, Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., and Sussman, G. J. 2008. Information accountability. Comm. ACM 51, 6, 82--87.

Digital Library

Cited By

Alzahrani AAl-Khasawneh MAlarood AAlsolami E(2024)A Forensic Framework for gathering and analyzing Database Systems using Blockchain TechnologyEngineering, Technology & Applied Science Research10.48084/etasr.714314:3(14079-14087)Online publication date: 1-Jun-2024
https://doi.org/10.48084/etasr.7143
Albugmi A(2024)Digital Forensics Readiness Framework (DFRF) to Secure Database SystemsEngineering, Technology & Applied Science Research10.48084/etasr.711614:2(13732-13740)Online publication date: 2-Apr-2024
https://doi.org/10.48084/etasr.7116
Al-Dhaqm AIkuesan RKebande VRazak SGrispos GChoo KAl-Rimy BAlsewari A(2021)Digital Forensics Subdomains: The State of the Art and Future DirectionsIEEE Access10.1109/ACCESS.2021.31242629(152476-152502)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3124262
Show More Cited By

Index Terms

Generalizing database forensics

Recommendations

Forensic analysis of database tampering

Regulations and societal expectations have recently expressed the need to mediate access to valuable databases, even by insiders. One approach is tamper detection via cryptographic hashing. This article shows how to determine when the tampering occurred,...
Database forensics
InfoSecCD '10: 2010 Information Security Curriculum Development Conference

At the user or surface level, most Database Management System (DBMS) are similar. Most databases contain multiple tables, a standardized query language, primary key, foreign key, referential integrity, and metadata. With regard to physical file ...
Computer Forensics: Cybercriminals, Laws, and Evidence

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Database Systems

ACM Transactions on Database Systems Volume 38, Issue 2

June 2013

245 pages

ISSN:0362-5915

EISSN:1557-4644

DOI:10.1145/2487259

Issue’s Table of Contents

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 July 2013

Accepted: 01 March 2013

Revised: 01 September 2012

Received: 01 January 2012

Published in TODS Volume 38, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
740
Total Downloads

Downloads (Last 12 months)20
Downloads (Last 6 weeks)1

Reflects downloads up to 17 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Alzahrani AAl-Khasawneh MAlarood AAlsolami E(2024)A Forensic Framework for gathering and analyzing Database Systems using Blockchain TechnologyEngineering, Technology & Applied Science Research10.48084/etasr.714314:3(14079-14087)Online publication date: 1-Jun-2024
https://doi.org/10.48084/etasr.7143
Albugmi A(2024)Digital Forensics Readiness Framework (DFRF) to Secure Database SystemsEngineering, Technology & Applied Science Research10.48084/etasr.711614:2(13732-13740)Online publication date: 2-Apr-2024
https://doi.org/10.48084/etasr.7116
Al-Dhaqm AIkuesan RKebande VRazak SGrispos GChoo KAl-Rimy BAlsewari A(2021)Digital Forensics Subdomains: The State of the Art and Future DirectionsIEEE Access10.1109/ACCESS.2021.31242629(152476-152502)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3124262
Lian JWang SXie Y(2021)TDRB: An Efficient Tamper-proof Detection Middleware for Relational Database Based on Blockchain TechnologyIEEE Access10.1109/ACCESS.2021.3076235(1-1)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3076235
Rani KSharma C(2019)Tampering Detection of Distributed Databases using Blockchain Technology2019 Twelfth International Conference on Contemporary Computing (IC3)10.1109/IC3.2019.8844938(1-4)Online publication date: Aug-2019
https://doi.org/10.1109/IC3.2019.8844938
Chopade RPachghare V(2019)Ten years of critical review on database forensics researchDigital Investigation10.1016/j.diin.2019.04.001Online publication date: Apr-2019
https://doi.org/10.1016/j.diin.2019.04.001
(2018)A systematic approach to efficiently managing the effects of retroactive updates of time-varying data in multiversion XML databasesInternational Journal of Intelligent Information and Database Systems10.5555/3271888.327188911:1(1-26)Online publication date: 14-Dec-2018
https://dl.acm.org/doi/10.5555/3271888.3271889
(2018)A systematic approach to efficiently managing the effects of retroactive updates of time-varying data in multiversion XML databasesInternational Journal of Intelligent Information and Database Systems10.5555/3271882.327188311:1(1-26)Online publication date: 14-Dec-2018
https://dl.acm.org/doi/10.5555/3271882.3271883
Al-dhaqm ARazak SOthman SNgadi AAhmed MAli Mohammed A(2017)Development and validation of a Database Forensic Metamodel (DBFM)PLOS ONE10.1371/journal.pone.017079312:2(e0170793)Online publication date: 1-Feb-2017
https://doi.org/10.1371/journal.pone.0170793
Flores DJhumka A(2017)Implementing Chain of Custody Requirements in Database Audit Records for Forensic Purposes2017 IEEE Trustcom/BigDataSE/ICESS10.1109/Trustcom/BigDataSE/ICESS.2017.299(675-682)Online publication date: Aug-2017
https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.299
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents