Achieving database information accountability in the cloud

Kyriacos E. Pavlou, Richard Thomas Snodgrass

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

Regulations and societal expectations have recently emphasized the need to mediate access to valuable databases. Fraud occurs when a person (mostly an insider) tampers illegally with a database. Data owners would like to be assured that such tampering has not occurred, or if it does, that it will be quickly discovered. The problem is exacerbated with data stored in cloud databases such as Amazon's Relational Database Service (RDS) or Microsoft's SQL Azure Database. In our previous work we have shown that information accountability across the enterprise is a viable alternative to information restriction for ensuring the correct storage, use, and maintenance of databases on extant DBMSes. We have developed a prototype audit system (DRAGOON) that employs cryptographic hashing techniques to support accountability in high-performance databases. Cloud databases present a new set of problems that make extending DRAGOON challenging. In this paper we discuss these problems and show how the DRAGOON architecture can be refined to provide a more practical and feasible information accountability solution for data stored in the cloud.

Original languageEnglish (US)
Title of host publicationProceedings - 2012 IEEE 28th International Conference on Data Engineering Workshops, ICDEW 2012
Pages147-150
Number of pages4
DOIs
StatePublished - 2012
Event2012 IEEE 28th International Conference on Data Engineering Workshops, ICDEW 2012 - Arlington, VA, United States
Duration: Apr 1 2012Apr 5 2012

Other

Other2012 IEEE 28th International Conference on Data Engineering Workshops, ICDEW 2012
CountryUnited States
CityArlington, VA
Period4/1/124/5/12

Fingerprint

Industry

ASJC Scopus subject areas

  • Software

Cite this

Pavlou, K. E., & Snodgrass, R. T. (2012). Achieving database information accountability in the cloud. In Proceedings - 2012 IEEE 28th International Conference on Data Engineering Workshops, ICDEW 2012 (pp. 147-150). [6313672] https://doi.org/10.1109/ICDEW.2012.37

Achieving database information accountability in the cloud. / Pavlou, Kyriacos E.; Snodgrass, Richard Thomas.

Proceedings - 2012 IEEE 28th International Conference on Data Engineering Workshops, ICDEW 2012. 2012. p. 147-150 6313672.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Pavlou, KE & Snodgrass, RT 2012, Achieving database information accountability in the cloud. in Proceedings - 2012 IEEE 28th International Conference on Data Engineering Workshops, ICDEW 2012., 6313672, pp. 147-150, 2012 IEEE 28th International Conference on Data Engineering Workshops, ICDEW 2012, Arlington, VA, United States, 4/1/12. https://doi.org/10.1109/ICDEW.2012.37
Pavlou KE, Snodgrass RT. Achieving database information accountability in the cloud. In Proceedings - 2012 IEEE 28th International Conference on Data Engineering Workshops, ICDEW 2012. 2012. p. 147-150. 6313672 https://doi.org/10.1109/ICDEW.2012.37
Pavlou, Kyriacos E. ; Snodgrass, Richard Thomas. / Achieving database information accountability in the cloud. Proceedings - 2012 IEEE 28th International Conference on Data Engineering Workshops, ICDEW 2012. 2012. pp. 147-150
@inproceedings{eff89abeeb7b40128f7c1e2a6ad6802f,
title = "Achieving database information accountability in the cloud",
abstract = "Regulations and societal expectations have recently emphasized the need to mediate access to valuable databases. Fraud occurs when a person (mostly an insider) tampers illegally with a database. Data owners would like to be assured that such tampering has not occurred, or if it does, that it will be quickly discovered. The problem is exacerbated with data stored in cloud databases such as Amazon's Relational Database Service (RDS) or Microsoft's SQL Azure Database. In our previous work we have shown that information accountability across the enterprise is a viable alternative to information restriction for ensuring the correct storage, use, and maintenance of databases on extant DBMSes. We have developed a prototype audit system (DRAGOON) that employs cryptographic hashing techniques to support accountability in high-performance databases. Cloud databases present a new set of problems that make extending DRAGOON challenging. In this paper we discuss these problems and show how the DRAGOON architecture can be refined to provide a more practical and feasible information accountability solution for data stored in the cloud.",
author = "Pavlou, {Kyriacos E.} and Snodgrass, {Richard Thomas}",
year = "2012",
doi = "10.1109/ICDEW.2012.37",
language = "English (US)",
isbn = "9780769547480",
pages = "147--150",
booktitle = "Proceedings - 2012 IEEE 28th International Conference on Data Engineering Workshops, ICDEW 2012",

}

TY - GEN

T1 - Achieving database information accountability in the cloud

AU - Pavlou, Kyriacos E.

AU - Snodgrass, Richard Thomas

PY - 2012

Y1 - 2012

N2 - Regulations and societal expectations have recently emphasized the need to mediate access to valuable databases. Fraud occurs when a person (mostly an insider) tampers illegally with a database. Data owners would like to be assured that such tampering has not occurred, or if it does, that it will be quickly discovered. The problem is exacerbated with data stored in cloud databases such as Amazon's Relational Database Service (RDS) or Microsoft's SQL Azure Database. In our previous work we have shown that information accountability across the enterprise is a viable alternative to information restriction for ensuring the correct storage, use, and maintenance of databases on extant DBMSes. We have developed a prototype audit system (DRAGOON) that employs cryptographic hashing techniques to support accountability in high-performance databases. Cloud databases present a new set of problems that make extending DRAGOON challenging. In this paper we discuss these problems and show how the DRAGOON architecture can be refined to provide a more practical and feasible information accountability solution for data stored in the cloud.

AB - Regulations and societal expectations have recently emphasized the need to mediate access to valuable databases. Fraud occurs when a person (mostly an insider) tampers illegally with a database. Data owners would like to be assured that such tampering has not occurred, or if it does, that it will be quickly discovered. The problem is exacerbated with data stored in cloud databases such as Amazon's Relational Database Service (RDS) or Microsoft's SQL Azure Database. In our previous work we have shown that information accountability across the enterprise is a viable alternative to information restriction for ensuring the correct storage, use, and maintenance of databases on extant DBMSes. We have developed a prototype audit system (DRAGOON) that employs cryptographic hashing techniques to support accountability in high-performance databases. Cloud databases present a new set of problems that make extending DRAGOON challenging. In this paper we discuss these problems and show how the DRAGOON architecture can be refined to provide a more practical and feasible information accountability solution for data stored in the cloud.

UR - http://www.scopus.com/inward/record.url?scp=84869018924&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84869018924&partnerID=8YFLogxK

U2 - 10.1109/ICDEW.2012.37

DO - 10.1109/ICDEW.2012.37

M3 - Conference contribution

AN - SCOPUS:84869018924

SN - 9780769547480

SP - 147

EP - 150

BT - Proceedings - 2012 IEEE 28th International Conference on Data Engineering Workshops, ICDEW 2012

ER -