Threats to privacy in the forensic analysis of database systems Patrick Stahlberg, Gerome Miklau, and Brian Neil Levine Department of Computer Science.

Slides:



Advertisements
Similar presentations
Chapter 16: Recovery System
Advertisements

1 CSIS 7102 Spring 2004 Lecture 9: Recovery (approaches) Dr. King-Ip Lin.
©Silberschatz, Korth and Sudarshan12.1Database System Concepts Chapter 12: Part C Part A:  Index Definition in SQL  Ordered Indices  Index Sequential.
Quick Review of Apr 10 material B+-Tree File Organization –similar to B+-tree index –leaf nodes store records, not pointers to records stored in an original.
Chapter 11 Indexing and Hashing (2) Yonsei University 2 nd Semester, 2013 Sanghyun Park.
©Silberschatz, Korth and Sudarshan12.1Database System Concepts Chapter 12: Indexing and Hashing Basic Concepts Ordered Indices B+-Tree Index Files B-Tree.
Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Slide
File Management Chapter 12. File Management File management system is considered part of the operating system Input to applications is by means of a file.
POP QUIZ!!! What kind of software is Medisoft? Name ONE of the 4 things that you can do to data in Medisoft. What is the Medisoft Program Date? What key.
Database Management System
Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.
CHAPTER © 2013 The McGraw-Hill Companies, Inc. All rights reserved. 2 Introduction to Medisoft.
BTrees & Bitmap Indexes
Recovery 10/18/05. Implementing atomicity Note, when a transaction commits, the portion of the system implementing durability ensures the transaction’s.
B+-tree and Hashing.
File System Implementation
Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.
2010/3/81 Lecture 8 on Physical Database DBMS has a view of the database as a collection of stored records, and that view is supported by the file manager.
Recap of Feb 27: Disk-Block Access and Buffer Management Major concepts in Disk-Block Access covered: –Disk-arm Scheduling –Non-volatile write buffers.
CS 333 Introduction to Operating Systems Class 18 - File System Performance Jonathan Walpole Computer Science Portland State University.
Chapter 19 Database Recovery Techniques. Slide Chapter 19 Outline Databases Recovery 1. Purpose of Database Recovery 2. Types of Failure 3. Transaction.
Chapter 8 : Transaction Management. u Function and importance of transactions. u Properties of transactions. u Concurrency Control – Meaning of serializability.
HASH TABLES Malathi Mansanpally CS_257 ID-220. Agenda: Extensible Hash Tables Insertion Into Extensible Hash Tables Linear Hash Tables Insertion Into.
B + -Trees (Part 1) Lecture 20 COMP171 Fall 2006.
B + -Trees (Part 1). Motivation AVL tree with N nodes is an excellent data structure for searching, indexing, etc. –The Big-Oh analysis shows most operations.
B + -Trees (Part 1) COMP171. Slide 2 Main and secondary memories  Secondary storage device is much, much slower than the main RAM  Pages and blocks.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Homework #3 Due Thursday, April 17 Problems: –Chapter 11: 11.6, –Chapter 12: 12.1, 12.2, 12.3, 12.4, 12.5, 12.7.
Transaction. A transaction is an event which occurs on the database. Generally a transaction reads a value from the database or writes a value to the.
Agenda  Overview  Configuring the database for basic Backup and Recovery  Backing up your database  Restore and Recovery Operations  Managing your.
Distributed DBMSPage © 1998 M. Tamer Özsu & Patrick Valduriez Outline Introduction Background Distributed DBMS Architecture Distributed Database.
Introduction to Databases and Database Languages
1.A file is organized logically as a sequence of records. 2. These records are mapped onto disk blocks. 3. Files are provided as a basic construct in operating.
File Management Chapter 12. File Management File management system is considered part of the operating system Input to applications is by means of a file.
1 Chapter 12 File Management Systems. 2 Systems Architecture Chapter 12.
Chapter Oracle Server An Oracle Server consists of an Oracle database (stored data, control and log files.) The Server will support SQL to define.
1 © Prentice Hall, 2002 Physical Database Design Dr. Bijoy Bordoloi.
CSE 781 – DATABASE MANAGEMENT SYSTEMS Introduction To Oracle 10g Rajika Tandon.
1 Welcome: To the second learning sequence “ Data Base (DB) and Data Base Management System (DBMS) “ Recap : In the previous learning sequence, we discussed.
PMIT-6102 Advanced Database Systems By- Jesmin Akhter Assistant Professor, IIT, Jahangirnagar University.
Physical Database Design The last phase of database design. It is to determine how to store the database. RDBMSs usually support a number of alternative.
© Dennis Shasha, Philippe Bonnet 2001 Log Tuning.
The Design of POSTGRES Storage System Author: M. Stonebraker Speaker: Abhishek Shrivastava.
File Management Chapter 12. File Management File management system is considered part of the operating system Input to applications is by means of a file.
Chapter 16 Recovery Yonsei University 1 st Semester, 2015 Sanghyun Park.
Database Management COP4540, SCS, FIU Physical Database Design (ch. 16 & ch. 3)
Database structure and space Management. Database Structure An ORACLE database has both a physical and logical structure. By separating physical and logical.
Component 4: Introduction to Information and Computer Science Unit 6a Databases and SQL.
Database structure and space Management. Segments The level of logical database storage above an extent is called a segment. A segment is a set of extents.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Physical Database Design Purpose- translate the logical description of data into the technical specifications for storing and retrieving data Goal - create.
Database Management Systems 3ed, R. Ramakrishnan and J. Gehrke1 B+-Tree Index Chapter 10 Modified by Donghui Zhang Nov 9, 2005.
2 Copyright © 2007, Oracle. All rights reserved. Configuring for Recoverability.
Backup and Recovery - II - Checkpoint - Transaction log – active portion - Database Recovery.
Oracle Architecture - Structure. Oracle Architecture - Structure The Oracle Server architecture 1. Structures are well-defined objects that store the.
Virtual Memory Pranav Shah CS147 - Sin Min Lee. Concept of Virtual Memory Purpose of Virtual Memory - to use hard disk as an extension of RAM. Personal.
Topics Covered: File Components of file Components of file Terms used Terms used Types of business file Types of business file Operations on file Operations.
Computer Science Lecture 19, page 1 CS677: Distributed OS Last Class: Fault tolerance Reliable communication –One-one communication –One-many communication.
Database Recovery Techniques
Database Recovery Techniques
Jonathan Walpole Computer Science Portland State University
Module 11: File Structure
CS522 Advanced database Systems
Chapter Overview Understanding the Database Architecture
TEMPDB – INTERNALS AND USAGE
File-System Structure
Database Recovery 1 Purpose of Database Recovery
Threats to Privacy in the Forensic Analysis of Database Systems
Understanding Forensic Images
Database administration
Presentation transcript:

Threats to privacy in the forensic analysis of database systems Patrick Stahlberg, Gerome Miklau, and Brian Neil Levine Department of Computer Science University of Massachusetts, Amherst Presented by: Sweta Shrestha

INTRODUCTION  Preserving historical data.  Merit: recovery from system failure.  Demerit: serious threat to privacy.  Forensic Analysis:  Focused on the collection and analysis of data recovered from computer systems.  Unauthorized forensic analysis threatens confidentiality  Goal is to design database systems that allow users to appropriately balance the needs for privacy and accountability.

Few related terms  Active Record: that serves a purpose for database.  Expired Record: active records whose purpose has been removed.  Slack data: Records that are expired but not removed and so are recoverable.  DB slack: located in a file in use by the database system  File system slack: not allocated in a db file.  Removal here onward means the secure destruction of data.  Vacuum: table reorganization command executed periodically

Areas for Recovery  Table Storage, indexes and the transaction log are possible area for data recoverability.  Other areas are temporary table, tuple identifiers.

Forensic analysis of table storage  Tables are stored in paged files.  Deletion of record:  Accomplished by setting a deletion bit and hence creates a free space.  Data is not removed and fully recoverable.  Vacuum may reduce table storage and return it to file system thus creating a file system slack.

Forensic analysis of table storage (contd..) 1. State(1) shows 6 active records, occupying most of the space allocated to table storage. 2. After deletion of records t3 and t5, space is freed but the data is still fully recoverable, as shown in State (2). 3. Next, record t7 is inserted, utilizing free space and overwriting the recoverable t3 from above. In addition, two more deletions occur: t1 and t4, resulting in state (3). 4. In the next step, the vacuum procedure executes. It reorganizes the active records (t2, t7, t6), and reduces the space allocated to the database file, as shown in (4). This leaves previously deleted record t5 and a copy of active record t6 in unallocated file system space.

Forensic analysis of table storage(contd...)

Forensic analysis of the transaction log  Log provides recovery from transaction and system failure.  Includes before and after images of updated data.  Logs contains months of historical data, much of which is expired but still recoverable.  For the periods of time covered by log, a wealth of sensitive data can be retained.

Experiment Results

Experiment Results (contd…)

Making database systems transparent  General Strategy:  Overwrite data  Destroying the key of encrypted data  Overwriting is suitable for table storage  Encryption is used for log.  InnoDB is used for further experiments.

Overwriting data  Securing deletion  Purge thread (continuously running program) is modified so that records are overwritten as they are put on the free list.  This approach incurs no additional disk I/O operations.  Securing B-Tree operation  It requires changes to the code of insert, delete and update  For each of these functions, any related operations were modified to overwrite obsolete data.  No additional I/O costs.

Impact of modifications

Encrypting the records  encrypt the log and remove the keys used for encryption.  For a log record with LSN l, cryptographic key K l is generated.  Keys are generated as an ordered sequence using a hash chain K n =H(K n-1 )  K n= H n-1 (K i ) where i<n  K current is written on stable storage  To destroy data overwrite the key.

CONCLUSION  Database system doesn’t remove the data securely. It’s a threat.  Modification was done in the code to handle this issue.  Modifications thus made did not produce any significant overhead. Thank You.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.