DRAGOON: An information accountability system for high-performance databases

Kyriacos E. Pavlou, Richard Thomas Snodgrass

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Regulations and societal expectations have recently emphasized the need to mediate access to valuable databases, even access by insiders. Fraud occurs when a person, often an insider, tries to hide illegal activity. Companies would like to be assured that such tampering has not occurred, or if it does, that it will be quickly discovered and used to identify the perpetrator. At one end of the compliance spectrum lies the approach of restricting access to information and on the other that of information accountability. We focus on effecting information accountability of data stored in high-performance databases. The demonstrated work ensures appropriate use and thus end-to-end accountability of database information via a continuous assurance technology based on cryptographic hashing techniques. A prototype tamper detection and forensic analysis system named DRAGOON was designed and implemented to determine when tampering(s) occurred and what data were tampered with. DRAGOON is scalable, customizable, and intuitive. This work will show that information accountability is a viable alternative to information restriction for ensuring the correct storage, use, and maintenance of databases on extant DBMSes.

Original languageEnglish (US)
Title of host publicationProceedings - International Conference on Data Engineering
Pages1329-1332
Number of pages4
DOIs
StatePublished - 2012
EventIEEE 28th International Conference on Data Engineering, ICDE 2012 - Arlington, VA, United States
Duration: Apr 1 2012Apr 5 2012

Other

OtherIEEE 28th International Conference on Data Engineering, ICDE 2012
CountryUnited States
CityArlington, VA
Period4/1/124/5/12

Fingerprint

Industry
Compliance

ASJC Scopus subject areas

  • Information Systems
  • Signal Processing
  • Software

Cite this

Pavlou, K. E., & Snodgrass, R. T. (2012). DRAGOON: An information accountability system for high-performance databases. In Proceedings - International Conference on Data Engineering (pp. 1329-1332). [6228200] https://doi.org/10.1109/ICDE.2012.139

DRAGOON : An information accountability system for high-performance databases. / Pavlou, Kyriacos E.; Snodgrass, Richard Thomas.

Proceedings - International Conference on Data Engineering. 2012. p. 1329-1332 6228200.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Pavlou, KE & Snodgrass, RT 2012, DRAGOON: An information accountability system for high-performance databases. in Proceedings - International Conference on Data Engineering., 6228200, pp. 1329-1332, IEEE 28th International Conference on Data Engineering, ICDE 2012, Arlington, VA, United States, 4/1/12. https://doi.org/10.1109/ICDE.2012.139
Pavlou KE, Snodgrass RT. DRAGOON: An information accountability system for high-performance databases. In Proceedings - International Conference on Data Engineering. 2012. p. 1329-1332. 6228200 https://doi.org/10.1109/ICDE.2012.139
Pavlou, Kyriacos E. ; Snodgrass, Richard Thomas. / DRAGOON : An information accountability system for high-performance databases. Proceedings - International Conference on Data Engineering. 2012. pp. 1329-1332
@inproceedings{0fd0818a96f4485abcbb8423d85558c2,
title = "DRAGOON: An information accountability system for high-performance databases",
abstract = "Regulations and societal expectations have recently emphasized the need to mediate access to valuable databases, even access by insiders. Fraud occurs when a person, often an insider, tries to hide illegal activity. Companies would like to be assured that such tampering has not occurred, or if it does, that it will be quickly discovered and used to identify the perpetrator. At one end of the compliance spectrum lies the approach of restricting access to information and on the other that of information accountability. We focus on effecting information accountability of data stored in high-performance databases. The demonstrated work ensures appropriate use and thus end-to-end accountability of database information via a continuous assurance technology based on cryptographic hashing techniques. A prototype tamper detection and forensic analysis system named DRAGOON was designed and implemented to determine when tampering(s) occurred and what data were tampered with. DRAGOON is scalable, customizable, and intuitive. This work will show that information accountability is a viable alternative to information restriction for ensuring the correct storage, use, and maintenance of databases on extant DBMSes.",
author = "Pavlou, {Kyriacos E.} and Snodgrass, {Richard Thomas}",
year = "2012",
doi = "10.1109/ICDE.2012.139",
language = "English (US)",
pages = "1329--1332",
booktitle = "Proceedings - International Conference on Data Engineering",

}

TY - GEN

T1 - DRAGOON

T2 - An information accountability system for high-performance databases

AU - Pavlou, Kyriacos E.

AU - Snodgrass, Richard Thomas

PY - 2012

Y1 - 2012

N2 - Regulations and societal expectations have recently emphasized the need to mediate access to valuable databases, even access by insiders. Fraud occurs when a person, often an insider, tries to hide illegal activity. Companies would like to be assured that such tampering has not occurred, or if it does, that it will be quickly discovered and used to identify the perpetrator. At one end of the compliance spectrum lies the approach of restricting access to information and on the other that of information accountability. We focus on effecting information accountability of data stored in high-performance databases. The demonstrated work ensures appropriate use and thus end-to-end accountability of database information via a continuous assurance technology based on cryptographic hashing techniques. A prototype tamper detection and forensic analysis system named DRAGOON was designed and implemented to determine when tampering(s) occurred and what data were tampered with. DRAGOON is scalable, customizable, and intuitive. This work will show that information accountability is a viable alternative to information restriction for ensuring the correct storage, use, and maintenance of databases on extant DBMSes.

AB - Regulations and societal expectations have recently emphasized the need to mediate access to valuable databases, even access by insiders. Fraud occurs when a person, often an insider, tries to hide illegal activity. Companies would like to be assured that such tampering has not occurred, or if it does, that it will be quickly discovered and used to identify the perpetrator. At one end of the compliance spectrum lies the approach of restricting access to information and on the other that of information accountability. We focus on effecting information accountability of data stored in high-performance databases. The demonstrated work ensures appropriate use and thus end-to-end accountability of database information via a continuous assurance technology based on cryptographic hashing techniques. A prototype tamper detection and forensic analysis system named DRAGOON was designed and implemented to determine when tampering(s) occurred and what data were tampered with. DRAGOON is scalable, customizable, and intuitive. This work will show that information accountability is a viable alternative to information restriction for ensuring the correct storage, use, and maintenance of databases on extant DBMSes.

UR - http://www.scopus.com/inward/record.url?scp=84864200204&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84864200204&partnerID=8YFLogxK

U2 - 10.1109/ICDE.2012.139

DO - 10.1109/ICDE.2012.139

M3 - Conference contribution

AN - SCOPUS:84864200204

SP - 1329

EP - 1332

BT - Proceedings - International Conference on Data Engineering

ER -