securing history privacy and accountability in database
play

Securing History: Privacy and Accountability in Database Systems - PowerPoint PPT Presentation

Mar 17, 2024 •478 likes •777 views

Securing History: Privacy and Accountability in Database Systems Gerome Miklau (Joint work with Brian Levine & Patrick Stahlberg) University of Massachusetts, Amherst History a record of past data and operations performed on a system.

  1. Securing History: Privacy and Accountability in Database Systems Gerome Miklau (Joint work with Brian Levine & Patrick Stahlberg) University of Massachusetts, Amherst

  2. History a record of past data and operations performed on a system. Gerome Miklau UMass Amherst ✦

  3. History a record of past data and operations performed on a system. •Arguments for preserving history • Protection against loss • History is useful: accountability • Storage is cheap Gerome Miklau UMass Amherst ✦

  4. History a record of past data and operations performed on a system. •Arguments for preserving history • Protection against loss • History is useful: accountability • Storage is cheap • Arguments against preserving history • Threats to privacy and confidentiality • Deletion required for compliance with regulation • Increasingly, data destruction has real value! Gerome Miklau UMass Amherst ✦

  5. Vision: securing history •Balance privacy and accountability • Central issue: how and when historical data is retained in systems, who can recover and analyze it. •For privacy • “memory-less” systems and applications •For accountability • preserve needed history efficiently, permit analysis, protect Gerome Miklau UMass Amherst ✦

  6. Plan for securing history in a DBMS Step 1 Forensic analysis of database systems Step 2 Build transparency into database systems Step 3 Build accountability into database systems Gerome Miklau UMass Amherst ✦

  7. Securing history in a DBMS Step 1 Forensic analysis of database systems Step 2 Build transparency into database systems Step 3 Build accountability into database systems Gerome Miklau UMass Amherst ✦

  8. Computer forensics •Analysis of system state to validate hypotheses about past activities. •Threat model • Investigator has uncontrolled access to disk • Same capabilities as privileged insider or hacker •What does the disk image of DBMS reveal about history? • How much expired data is retained? • How long does it persist? Gerome Miklau UMass Amherst ✦

  9. Slack data •File system slack allocated file allocated file •Database slack Gerome Miklau UMass Amherst ✦

  10. Slack data •File system slack allocated file expired data allocated file •Database slack Gerome Miklau UMass Amherst ✦

  11. Slack data •File system slack allocated file expired data allocated file •Database slack Gerome Miklau UMass Amherst ✦

  12. Slack data •File system slack allocated file expired data allocated file •Database slack Gerome Miklau UMass Amherst ✦

  13. Forensic analysis of DBMS Gerome Miklau UMass Amherst ✦

  14. Forensic analysis of DBMS • Table storage • deletion is insecure (MySQL, Postgres, DB2, SQLite) • database and file system slack data generated in proportion to • workload, vacuum, clustering. Gerome Miklau UMass Amherst ✦

  15. Forensic analysis of DBMS • Table storage • deletion is insecure (MySQL, Postgres, DB2, SQLite) • database and file system slack data generated in proportion to • workload, vacuum, clustering. • Transaction log • no bounds on retention Gerome Miklau UMass Amherst ✦

  16. Forensic analysis of DBMS • Table storage • deletion is insecure (MySQL, Postgres, DB2, SQLite) • database and file system slack data generated in proportion to • workload, vacuum, clustering. • Transaction log • no bounds on retention • Temporary relations remain as file system slack. Gerome Miklau UMass Amherst ✦

  17. Forensic analysis of DBMS • Table storage • deletion is insecure (MySQL, Postgres, DB2, SQLite) • database and file system slack data generated in proportion to • workload, vacuum, clustering. • Transaction log • no bounds on retention • Temporary relations remain as file system slack. • Indexes may reveal history of operations. Gerome Miklau UMass Amherst ✦

  18. Securing history in a DBMS Step 1 Forensic analysis of database systems Step 2 Build transparency into database systems Step 3 Build accountability into database systems Gerome Miklau UMass Amherst ✦

  19. Transparent systems Interfaces must reliably represent system internals. Complete deletion • Deleted data must be destroyed, including copies and derived versions. Purposeful retention • Data retained after deletion must have a legitimate purpose, and data should be removed once that purpose is no longer valid. Bounded lifetime • The system should provide users with clear, accurate bounds on the persistence of data in the system. Gerome Miklau UMass Amherst ✦

  20. Secure deletion in DBMS Gerome Miklau UMass Amherst ✦

  21. Secure deletion in DBMS •Two basic strategies for secure deletion: • overwrite data with zeroes • store data in encrypted form, delete by disposing of keys. Gerome Miklau UMass Amherst ✦

  22. Secure deletion in DBMS •Two basic strategies for secure deletion: • overwrite data with zeroes • store data in encrypted form, delete by disposing of keys. •For table storage: • pages are read and written often • prefer secure deletion and vacuum using overwriting Gerome Miklau UMass Amherst ✦

  23. Secure deletion in DBMS •Two basic strategies for secure deletion: • overwrite data with zeroes • store data in encrypted form, delete by disposing of keys. •For table storage: • pages are read and written often • prefer secure deletion and vacuum using overwriting •For transaction log: • sequential writes, easily identifiable point of expiry • use encryption with key disposal Gerome Miklau UMass Amherst ✦

  24. Securing history in a DBMS Step 1 Forensic analysis of database systems Step 2 Build transparency into database systems Step 3 Build accountability into database systems Gerome Miklau UMass Amherst ✦

  25. Accountability Who did what to the database, and when? •Goals • Collection, Analysis, Protection • “Security provenance” •Existing capabilities • Logs and backups • Persistence in databases • Postgres, temporal DBs, transaction-time DBs Gerome Miklau UMass Amherst ✦

  26. Accountability challenges •Integrating and querying historical data •Accounting for “reads” •Protecting history • Access control model for persistent databases • Redaction and expunction operations Gerome Miklau UMass Amherst ✦

  27. Conclusion •History should be a “first-class” part of a DBMS •The safe, accurate configuration of the system’s historical memory allows needed balance between privacy and accountability. •Transparency requirements: • Interface should faithfully represent stored contents. •Accountability techniques: • Collection, integration, protection Gerome Miklau UMass Amherst ✦

  28. Questions?

  29. Does encryption solve forensic threats? •Encrypted file system: • protects historical remnants -- does not destroy data. • performance penalty, key manangement • in some settings, users/stakeholders cannot choose whether system provides encryption. •Overall, • Encryption has an important role to play, but must be used judiciously. • Encryption for protection, destruction should be distinguished. Gerome Miklau UMass Amherst ✦

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Can We Have it Both Ways? Safe Secure Privacy-friendly

892 views • 62 slides
ACCOUNTABILITY & PRIVACY IN THE NETWORK David Naylor Matt Mukerjee Peter Steenkiste

ACCOUNTABILITY & PRIVACY IN THE NETWORK David Naylor Matt Mukerjee Peter Steenkiste

Carnegie Mellon University BALANCING ACCOUNTABILITY & PRIVACY IN THE NETWORK David Naylor Matt Mukerjee Peter Steenkiste ACCOUNTABILITY operators want to know who sends each packet so they can stop malicious senders VS PRIVACY users want

867 views • 42 slides
Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Privacy Legislation - History 1950 Art. 8 ECHR: Everyone has the right to respect for his private and family

413 views • 4 slides
2019 District Assessment & Accountability Report 1 History of Assessment &

2019 District Assessment & Accountability Report 1 History of Assessment &

2019 District Assessment & Accountability Report 1 History of Assessment & Accountability 2002 No Child Left Behind: 100% of students will be proficient in both ELA and Math (Year 2015) AYP - Annual Yearly Progress: (Approx.

268 views • 24 slides
LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Zurich (2.5h) Milano

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Zurich (2.5h) Milano

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Zurich (2.5h) Milano (1h) Genoa (2.5h) Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Can We Have it Both Ways?

739 views • 70 slides
O VERVIEW Applying security measure to the Internet Securing email Pretty Good Privacy

O VERVIEW Applying security measure to the Internet Securing email Pretty Good Privacy

4/16/18 S ECURING E MAIL WITH P RETTY G OOD P RIVACY C S C 2 4 9 A P R I L 1 7 , 2 0 1 8 O VERVIEW Applying security measure to the Internet Securing email Pretty Good Privacy Secure sockets layer, SSL Firewalls and Intrusion

268 views • 13 slides
Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network The operating system The web server ( Apache for instance) The administration server ( SSH for instance) The database ( Oracle for instance)

1.37k views • 61 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Crime and Punishment in the Cloud Accountability, Transparency, and Privacy Stefan Berthold ,

Crime and Punishment in the Cloud Accountability, Transparency, and Privacy Stefan Berthold ,

Crime and Punishment in the Cloud Accountability, Transparency, and Privacy Stefan Berthold , Simone Fischer-Hbner, Leonardo A. Martucci, and T obias Pulls Karlstad University Department of Mathematics and Computer Science 651 88 Karlstad,

250 views • 20 slides
15-721 ADVANCED DATABASE SYSTEMS Lecture #01 Course Introduction & History of Database

15-721 ADVANCED DATABASE SYSTEMS Lecture #01 Course Introduction & History of Database

15-721 ADVANCED DATABASE SYSTEMS Lecture #01 Course Introduction & History of Database Systems @Andy_Pavlo // Carnegie Mellon University // Spring 2017 Who are the richest people in the world? 3 WHY YOU SHOULD TAKE THIS COURSE

1.21k views • 67 slides
A Short History of Privacy Related Case Law & Privacy Perspectives CSC 249 April 17, 2017

A Short History of Privacy Related Case Law & Privacy Perspectives CSC 249 April 17, 2017

4/18/18 A Short History of Privacy Related Case Law & Privacy Perspectives CSC 249 April 17, 2017 Finding A Partner? Time at the end of class To seek out a classmate of similar interests To work together On the semester

393 views • 22 slides
PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

Marc Langheinrich: Privacy in Ubiquitous Computing 5/29/2010 Todays Menu PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches COMPUTING Definitions Challenges 1. History and legal aspects 1.

264 views • 13 slides
Privacy in Machine Learning Fatemehsadat Mireshghallah WiMLDS NeurIPS19 Meet-up Why is privacy a

Privacy in Machine Learning Fatemehsadat Mireshghallah WiMLDS NeurIPS19 Meet-up Why is privacy a

Privacy in Machine Learning Fatemehsadat Mireshghallah WiMLDS NeurIPS19 Meet-up Why is privacy a concern in ML? Patient History Genetic Data Search History Famous incidents - Anonymization - A Face Is Exposed for AOL Searcher No.

1.51k views • 17 slides
Securing Mobile Devices & Protecting the Privacy of Users Martina Lindorfer Technische

Securing Mobile Devices & Protecting the Privacy of Users Martina Lindorfer Technische

Securing Mobile Devices & Protecting the Privacy of Users Martina Lindorfer Technische Universitt Wien martina@iseclab.org https://martina.lindorfer.in @lindorferin About Me Assistant Professor at TU Wien (Security &

319 views • 17 slides
Nationwide Cyber Situational Awareness Framework for Critical In Infrastructures Hayretdin

Nationwide Cyber Situational Awareness Framework for Critical In Infrastructures Hayretdin

A A Conceptual Nationwide Cyber Situational Awareness Framework for Critical In Infrastructures Hayretdin Bahi , Olaf Manuel Maennel Centre For Digital Forensics and Cyber Security Tallinn University of Technology Evolvement of Cyber

470 views • 13 slides
Digital forensics and malware Digital forensics According to Wikipedia, you could be looking

Digital forensics and malware Digital forensics According to Wikipedia, you could be looking

Digital forensics and malware Digital forensics According to Wikipedia, you could be looking for: attribution, alibis and statements, intent, evaluation of source, document authentication File carving ( e.g. , bifragment gap carving)

630 views • 13 slides
Distributed Storage Networks and Computer Forensics 4 Volume Manager and RAID Christian

Distributed Storage Networks and Computer Forensics 4 Volume Manager and RAID Christian

Distributed Storage Networks and Computer Forensics 4 Volume Manager and RAID Christian Schindelhauer University of Freiburg Technical Faculty Computer Networks and Telematics Winter Semester 2011/12 RAID Redundant Array of Independent

434 views • 15 slides
DigForASP: A European Cooperation Network for Logic-based AI in Digital Forensics Stefania

DigForASP: A European Cooperation Network for Logic-based AI in Digital Forensics Stefania

DigForASP: A European Cooperation Network for Logic-based AI in Digital Forensics Stefania Costantini (UnivAQ) Francesca Lisi (UniBA) Raffaele Olivieri (RaCIS) The Action Web Site: digforasp.uca.es COST: European Cooperation in Science

613 views • 27 slides
Teaching digital forensics in a large class Teaching forensics at of students UL FRI

Teaching digital forensics in a large class Teaching forensics at of students UL FRI

Teaching digital forensics in a large class of students Teaching digital forensics in a large class Teaching forensics at of students UL FRI Generating customized disk images Gaper Fele-or University of Ljubljana, Faculty of

446 views • 23 slides
De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst

De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst

De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst Speaker Background Computer Science degree from the University of New Orleans Former Security Consultant for Neohapsis Worked for Digital

911 views • 61 slides
Vassil Roussev Candice Quates The M57 Case Study Introduction 2 M57: The company & setup

Vassil Roussev Candice Quates The M57 Case Study Introduction 2 M57: The company & setup

DFRWS12 /Aug 5-8 2012/Washington DC Vassil Roussev Candice Quates The M57 Case Study Introduction 2 M57: The company & setup Employees: o President: Pat McGoo o IT: Terry o Researchers: Jo, Charlie Period o 11/16/2009

673 views • 50 slides
Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136, Spring 2014 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

1.18k views • 72 slides

More recommend