Transaction-Time Support and Auditing in BerkeleyDB
Transaction-time support in a database allows it to store all the information that was ever entered into the system. Changed and deleted information can be retrieved at a later stage to check for mistakes or malicious act. In this project we have provided transaction-time support to BerkeleyDB with minimum memory overhead while maintaining the high performance of the original system.
A transaction-time table can be considered to be a particularly robust form of audit log. Audit logs are considered good practice for business systems, and are required by federal regulations for secure systems, drug approval data, medical information disclosure, financial records, and electronic voting. Given the central role of audit logs, it is critical that they are correct and inalterable. It is not sufficient to say, "our data is correct, because we store all interactions in a separate audit log." The integrity of the audit log itself must also be guaranteed.
We have developed mechanisms within BerkeleyDB, based on cryptographically strong one-way hash functions, that prevent an intruder, including an auditor or an employee or even an unknown bug within the DBMS itself, from silently corrupting the audit log. The DBMS stores additional information in the database to enable a separate audit log validator to examine the database along with this extra information and state conclusively whether the audit log has been compromised. We have shown with our implementation that the overhead for auditing is low and that the validator can efficiently and correctly determine if the audit log has been compromised.
We also provide a systematic means of performing forensic analysis after such tampering has been uncovered, to determine who, when, and what, through the Dragoon system.
We are now broadening this research to complement the existing market for compliance storage servers , which guarantee that data are not overwritten before the end of their mandatory retention period. These servers are intended for preserving unstructured and semi-structured data at a file-level granularity---email, spreadsheets, reports, instant messages.
With Radu Sion and Marianne Winslett, we are developing a DBMS architecture that supports a spectrum of approaches to regulatory compliance, each appropriate for a particular domain, and each with different tradeoffs between security and efficiency. The key challenge of this work is to provide compliance assurances for the DBMS, even against insiders with superuser powers, while balancing the need for trustworthiness against the conflicting requirements for high performance and low cost. To meet this need, our architecture will provide tunable tradeoffs between security and performance, through a spectrum of techniques ranging from tamper detection to tamper prevention for data, indexes, logs, and metadata; tunable vulnerability windows; tunable granularities of protection; careful use of magnetic disk as a cache; judicious use of secure coprocessors on the DBMS platform and compliance storage server platform; a block-based compliance storage server; and judicious retargeting of an on-disk encryption unit.
People
Faculty:
Radu Sion
(Stony Brook University)
Richard T. Snodgrass (Director)
Marianne
Winslett (University of Illinois)
Graduate Students:
Kyriacos Pavlou
Minjun Seo
Rui Zhang (Chief Programmer)
Previous Faculty:
Christian S. Collberg
Previous Graduate Students:
Ricardo Carlos
Haifeng He
Huilong Huang
Qing Ju
Yong Liang
Yuhong Liu
Supratik Maitra
Kalyani Mandapaka
Mingde Qiu
Manigantan Sethuraman
Shilong (Stanley) Yao
Seunghwan You
Man Zhang
Active members (left to right): Huilong Huang, Qing Ju, Rick Snodgrass, Kyriacos Pavlou, Ricardo Carlos (Soumyadeb Mitra and Marianne Winslett not shown)
Photo by Rui Zhang
tBerkeleyDB group, Spring 2007 (left to right): Kyriacos Pavlou, Huilong Huang, Rick Snodgrass, Natasha Gaitonde, Man Zhang, Melinda Malmgren Photo by Praveen Rao
Funding
|
Achieving
Compliant Databases
National Science Foundation, IIS-0803229 September 2008 to March 2012 (Marianne Winslett, PI and Radu Sion and Richard T. Snodgrass, co-PIs) |
|
|
Tamperproof Audit Logs
National Science Foundation, IIS-0415101 September 2005 to August 2008 (Richard T. Snodgrass, PI and Christian Collberg, PI) |
|
Surety LLC
Provided access to their AbsoluteProof (R) product for digital notarization. |
Publications
Soumyadeb Mitra, Marianne Winslett, Richard T. Snodgrass, and Shashank Yaduvanshi, "An Architecture for Regulatory Compliant Database Management," in Proceedings of the International Conference on Data Engineering (ICDE), 12 pages, Shanghai, China, 2009. (pdf)
David Lomet, Richard T. Snodgrass, and Christian S. Jensen, "Exploiting the Lock Manager for Timestamping," in Proceedings of the Ninth International Database Engineering and Applications Symposium (IDEAS 2005), Montreal, Canada, July 2005. (pdf)
Richard T. Snodgrass, Stanley Yao and Christian Collberg, "Tamper Detection in Audit Logs," In Proceedings of the International Conference on Very Large Databases, Toronto, Canada, August–September 2004, pp. 504–515. (pdf)
Mani Sethuraman, "Implementation and Evaluation of a Partitioned Store for Transaction-Time Databases," TimeCenter TR-76, December 2003. (pdf)
Link to Internal resources
News
"Keeping Your DBA Honest" (article)
"UA Shares NSF Grant for Research on Securing Databases" (news story)
Our prior work on temporal constructs for the SQL standard was implemented in part in the IBM DB2 for zOS, Oracle 9i, 10g, and 11g, and Teradata 13.10 database management systems. DBMS. The Oracle workspace manager temporal constructs permit tracing of actions on data as well as the ability to perform database forensics, as elaborated in the book "Oracle Forensics: Oracle Security Best Practices", by Paul M. Wright.
τBerkeleyDB Software
The following is the beta version of the τBerkeleyDB system, which includes transaction-time support. We have tested this system, but make no claims about its suitability.
The τBerkeleyDB system is dependent on the Beecrypt 4.1.2 and BerkeleyDB 3.2.9 systems. The downloads for these two systems are also provided.
Please first read the Overview of Installation and the Installation Instructions before downloading the system.
BerkeleyDB 3.2.9 can be downloaded here or from the official site at http://download.oracle.com/berkeley-db/db-3.2.9.tar.gz
Beecrypt 4.1.2 can be downloaded here or from the official site at http://sourceforge.net/projects/beecrypt/files/beecrypt/4.1.2/beecrypt-4.1.2.tar.gz/download
Webmaster: Kyri Pavlou