securing history privacy and accountability in database
play

Securing History: Privacy and Accountability in Database Systems - PowerPoint PPT Presentation

Mar 17, 2024 •478 likes •777 views

Securing History: Privacy and Accountability in Database Systems Gerome Miklau (Joint work with Brian Levine & Patrick Stahlberg) University of Massachusetts, Amherst History a record of past data and operations performed on a system.

  1. Securing History: Privacy and Accountability in Database Systems Gerome Miklau (Joint work with Brian Levine & Patrick Stahlberg) University of Massachusetts, Amherst

  2. History a record of past data and operations performed on a system. Gerome Miklau UMass Amherst ✦

  3. History a record of past data and operations performed on a system. •Arguments for preserving history • Protection against loss • History is useful: accountability • Storage is cheap Gerome Miklau UMass Amherst ✦

  4. History a record of past data and operations performed on a system. •Arguments for preserving history • Protection against loss • History is useful: accountability • Storage is cheap • Arguments against preserving history • Threats to privacy and confidentiality • Deletion required for compliance with regulation • Increasingly, data destruction has real value! Gerome Miklau UMass Amherst ✦

  5. Vision: securing history •Balance privacy and accountability • Central issue: how and when historical data is retained in systems, who can recover and analyze it. •For privacy • “memory-less” systems and applications •For accountability • preserve needed history efficiently, permit analysis, protect Gerome Miklau UMass Amherst ✦

  6. Plan for securing history in a DBMS Step 1 Forensic analysis of database systems Step 2 Build transparency into database systems Step 3 Build accountability into database systems Gerome Miklau UMass Amherst ✦

  7. Securing history in a DBMS Step 1 Forensic analysis of database systems Step 2 Build transparency into database systems Step 3 Build accountability into database systems Gerome Miklau UMass Amherst ✦

  8. Computer forensics •Analysis of system state to validate hypotheses about past activities. •Threat model • Investigator has uncontrolled access to disk • Same capabilities as privileged insider or hacker •What does the disk image of DBMS reveal about history? • How much expired data is retained? • How long does it persist? Gerome Miklau UMass Amherst ✦

  9. Slack data •File system slack allocated file allocated file •Database slack Gerome Miklau UMass Amherst ✦

  10. Slack data •File system slack allocated file expired data allocated file •Database slack Gerome Miklau UMass Amherst ✦

  11. Slack data •File system slack allocated file expired data allocated file •Database slack Gerome Miklau UMass Amherst ✦

  12. Slack data •File system slack allocated file expired data allocated file •Database slack Gerome Miklau UMass Amherst ✦

  13. Forensic analysis of DBMS Gerome Miklau UMass Amherst ✦

  14. Forensic analysis of DBMS • Table storage • deletion is insecure (MySQL, Postgres, DB2, SQLite) • database and file system slack data generated in proportion to • workload, vacuum, clustering. Gerome Miklau UMass Amherst ✦

  15. Forensic analysis of DBMS • Table storage • deletion is insecure (MySQL, Postgres, DB2, SQLite) • database and file system slack data generated in proportion to • workload, vacuum, clustering. • Transaction log • no bounds on retention Gerome Miklau UMass Amherst ✦

  16. Forensic analysis of DBMS • Table storage • deletion is insecure (MySQL, Postgres, DB2, SQLite) • database and file system slack data generated in proportion to • workload, vacuum, clustering. • Transaction log • no bounds on retention • Temporary relations remain as file system slack. Gerome Miklau UMass Amherst ✦

  17. Forensic analysis of DBMS • Table storage • deletion is insecure (MySQL, Postgres, DB2, SQLite) • database and file system slack data generated in proportion to • workload, vacuum, clustering. • Transaction log • no bounds on retention • Temporary relations remain as file system slack. • Indexes may reveal history of operations. Gerome Miklau UMass Amherst ✦

  18. Securing history in a DBMS Step 1 Forensic analysis of database systems Step 2 Build transparency into database systems Step 3 Build accountability into database systems Gerome Miklau UMass Amherst ✦

  19. Transparent systems Interfaces must reliably represent system internals. Complete deletion • Deleted data must be destroyed, including copies and derived versions. Purposeful retention • Data retained after deletion must have a legitimate purpose, and data should be removed once that purpose is no longer valid. Bounded lifetime • The system should provide users with clear, accurate bounds on the persistence of data in the system. Gerome Miklau UMass Amherst ✦

  20. Secure deletion in DBMS Gerome Miklau UMass Amherst ✦

  21. Secure deletion in DBMS •Two basic strategies for secure deletion: • overwrite data with zeroes • store data in encrypted form, delete by disposing of keys. Gerome Miklau UMass Amherst ✦

  22. Secure deletion in DBMS •Two basic strategies for secure deletion: • overwrite data with zeroes • store data in encrypted form, delete by disposing of keys. •For table storage: • pages are read and written often • prefer secure deletion and vacuum using overwriting Gerome Miklau UMass Amherst ✦

  23. Secure deletion in DBMS •Two basic strategies for secure deletion: • overwrite data with zeroes • store data in encrypted form, delete by disposing of keys. •For table storage: • pages are read and written often • prefer secure deletion and vacuum using overwriting •For transaction log: • sequential writes, easily identifiable point of expiry • use encryption with key disposal Gerome Miklau UMass Amherst ✦

  24. Securing history in a DBMS Step 1 Forensic analysis of database systems Step 2 Build transparency into database systems Step 3 Build accountability into database systems Gerome Miklau UMass Amherst ✦

  25. Accountability Who did what to the database, and when? •Goals • Collection, Analysis, Protection • “Security provenance” •Existing capabilities • Logs and backups • Persistence in databases • Postgres, temporal DBs, transaction-time DBs Gerome Miklau UMass Amherst ✦

  26. Accountability challenges •Integrating and querying historical data •Accounting for “reads” •Protecting history • Access control model for persistent databases • Redaction and expunction operations Gerome Miklau UMass Amherst ✦

  27. Conclusion •History should be a “first-class” part of a DBMS •The safe, accurate configuration of the system’s historical memory allows needed balance between privacy and accountability. •Transparency requirements: • Interface should faithfully represent stored contents. •Accountability techniques: • Collection, integration, protection Gerome Miklau UMass Amherst ✦

  28. Questions?

  29. Does encryption solve forensic threats? •Encrypted file system: • protects historical remnants -- does not destroy data. • performance penalty, key manangement • in some settings, users/stakeholders cannot choose whether system provides encryption. •Overall, • Encryption has an important role to play, but must be used judiciously. • Encryption for protection, destruction should be distinguished. Gerome Miklau UMass Amherst ✦

Recommend

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Can We Have it Both Ways? Safe Secure Privacy-friendly

892 views • 62 slides
ACCOUNTABILITY & PRIVACY IN THE NETWORK David Naylor Matt Mukerjee Peter Steenkiste

ACCOUNTABILITY & PRIVACY IN THE NETWORK David Naylor Matt Mukerjee Peter Steenkiste

Carnegie Mellon University BALANCING ACCOUNTABILITY & PRIVACY IN THE NETWORK David Naylor Matt Mukerjee Peter Steenkiste ACCOUNTABILITY operators want to know who sends each packet so they can stop malicious senders VS PRIVACY users want

867 views • 42 slides
Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Privacy Legislation - History 1950 Art. 8 ECHR: Everyone has the right to respect for his private and family

413 views • 4 slides
2019 District Assessment & Accountability Report 1 History of Assessment &

2019 District Assessment & Accountability Report 1 History of Assessment &

2019 District Assessment & Accountability Report 1 History of Assessment & Accountability 2002 No Child Left Behind: 100% of students will be proficient in both ELA and Math (Year 2015) AYP - Annual Yearly Progress: (Approx.

268 views • 24 slides
LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Zurich (2.5h) Milano

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Zurich (2.5h) Milano

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Zurich (2.5h) Milano (1h) Genoa (2.5h) Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Can We Have it Both Ways?

739 views • 70 slides
O VERVIEW Applying security measure to the Internet Securing email Pretty Good Privacy

O VERVIEW Applying security measure to the Internet Securing email Pretty Good Privacy

4/16/18 S ECURING E MAIL WITH P RETTY G OOD P RIVACY C S C 2 4 9 A P R I L 1 7 , 2 0 1 8 O VERVIEW Applying security measure to the Internet Securing email Pretty Good Privacy Secure sockets layer, SSL Firewalls and Intrusion

268 views • 13 slides
Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network

Web Security Thierry Sans Securing the web architecture means securing ... The network The operating system The web server ( Apache for instance) The administration server ( SSH for instance) The database ( Oracle for instance)

1.37k views • 61 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Crime and Punishment in the Cloud Accountability, Transparency, and Privacy Stefan Berthold ,

Crime and Punishment in the Cloud Accountability, Transparency, and Privacy Stefan Berthold ,

Crime and Punishment in the Cloud Accountability, Transparency, and Privacy Stefan Berthold , Simone Fischer-Hbner, Leonardo A. Martucci, and T obias Pulls Karlstad University Department of Mathematics and Computer Science 651 88 Karlstad,

250 views • 20 slides
15-721 ADVANCED DATABASE SYSTEMS Lecture #01 Course Introduction & History of Database

15-721 ADVANCED DATABASE SYSTEMS Lecture #01 Course Introduction & History of Database

15-721 ADVANCED DATABASE SYSTEMS Lecture #01 Course Introduction & History of Database Systems @Andy_Pavlo // Carnegie Mellon University // Spring 2017 Who are the richest people in the world? 3 WHY YOU SHOULD TAKE THIS COURSE

1.21k views • 67 slides
A Short History of Privacy Related Case Law & Privacy Perspectives CSC 249 April 17, 2017

A Short History of Privacy Related Case Law & Privacy Perspectives CSC 249 April 17, 2017

4/18/18 A Short History of Privacy Related Case Law & Privacy Perspectives CSC 249 April 17, 2017 Finding A Partner? Time at the end of class To seek out a classmate of similar interests To work together On the semester

393 views • 22 slides
PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

Marc Langheinrich: Privacy in Ubiquitous Computing 5/29/2010 Todays Menu PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches COMPUTING Definitions Challenges 1. History and legal aspects 1.

264 views • 13 slides
Privacy in Machine Learning Fatemehsadat Mireshghallah WiMLDS NeurIPS19 Meet-up Why is privacy a

Privacy in Machine Learning Fatemehsadat Mireshghallah WiMLDS NeurIPS19 Meet-up Why is privacy a

Privacy in Machine Learning Fatemehsadat Mireshghallah WiMLDS NeurIPS19 Meet-up Why is privacy a concern in ML? Patient History Genetic Data Search History Famous incidents - Anonymization - A Face Is Exposed for AOL Searcher No.

1.51k views • 17 slides
Securing Mobile Devices & Protecting the Privacy of Users Martina Lindorfer Technische

Securing Mobile Devices & Protecting the Privacy of Users Martina Lindorfer Technische

Securing Mobile Devices & Protecting the Privacy of Users Martina Lindorfer Technische Universitt Wien martina@iseclab.org https://martina.lindorfer.in @lindorferin About Me Assistant Professor at TU Wien (Security &

319 views • 17 slides
Lect ure # 01 ADVANCED DATABASE SYSTEMS Course Introduction & History of Database Systems

Lect ure # 01 ADVANCED DATABASE SYSTEMS Course Introduction & History of Database Systems

Lect ure # 01 ADVANCED DATABASE SYSTEMS Course Introduction & History of Database Systems @ Andy_Pavlo // 15- 721 // Spring 2018 2 WH Y YO U SH O ULD TAKE TH I S CO URSE DBMS developers are in demand and there are many challenging

912 views • 66 slides
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule Provisions Sets

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule Provisions Sets

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule Provisions Sets boundaries on the use/release of health records Holds violators accountable with penalties Strikes a balance when public health

357 views • 12 slides
Privacy through Accountability: A Computer Science Perspective Anupam Datta Associate Professor

Privacy through Accountability: A Computer Science Perspective Anupam Datta Associate Professor

Privacy through Accountability: A Computer Science Perspective Anupam Datta Associate Professor Computer Science, ECE, CyLab Carnegie Mellon University February 2014 Personal Information is Everywhere 2 Research Challenge Programs and

682 views • 57 slides
Security Control Methods for Statistical Database Li Xiong CS573 Data Privacy and Security

Security Control Methods for Statistical Database Li Xiong CS573 Data Privacy and Security

Security Control Methods for Statistical Database Li Xiong CS573 Data Privacy and Security Statistical Database A statistical database is a database which provides statistics on subsets of records OLAP vs. OLTP Statistics may be

397 views • 37 slides
Accountability Standard Setting ANN-MICHELLE NEAL, ED.S ACCOUNTABILITY SPECIALIST UTAH STATE

Accountability Standard Setting ANN-MICHELLE NEAL, ED.S ACCOUNTABILITY SPECIALIST UTAH STATE

Utah School Accountability Standard Setting ANN-MICHELLE NEAL, ED.S ACCOUNTABILITY SPECIALIST UTAH STATE BOARD OF EDUCATION History of Accountability in Utah School Grading School Grading Accountability Accountability Accountability

614 views • 25 slides
Texas HHS Privacy Office Health Insurance Portability And Accountability Act (HIPAA) The

Texas HHS Privacy Office Health Insurance Portability And Accountability Act (HIPAA) The

Presentation to Texas State University Student Speakers Seminar E. Angela Branch, Deputy Chief Privacy Officer of Audit and Compliance Travis Davis, Deputy Chief Privacy Officer Texas HHS Privacy Office Health Insurance Portability And

266 views • 25 slides
Authorization, Security, and Privacy 5DV119 Introduction to Database Management Ume a

Authorization, Security, and Privacy 5DV119 Introduction to Database Management Ume a

Authorization, Security, and Privacy 5DV119 Introduction to Database Management Ume a University Department of Computing Science Stephen J. Hegner hegner@cs.umu.se http://www.cs.umu.se/~hegner Authorization, Security, and Privacy

537 views • 40 slides
Securing PostgreSQL From External Attack B RUCE M OMJIAN January, 2012 Database systems are rich

Securing PostgreSQL From External Attack B RUCE M OMJIAN January, 2012 Database systems are rich

Securing PostgreSQL From External Attack B RUCE M OMJIAN January, 2012 Database systems are rich with attack vectors to exploit. This presentation explores the many potential PostgreSQL external vulnerabilities and shows how they can be

318 views • 29 slides

More recommend