Forensic analysis of database tampering

Kyriacos E. Pavlou, Richard Thomas Snodgrass

Research output: Contribution to journalArticle

38 Citations (Scopus)

Abstract

Regulations and societal expectations have recently expressed the need to mediate access to valuable databases, even by insiders. One approach is tamper detection via cryptographic hashing. This article shows how to determine when the tampering occurred, what data was tampered with, and perhaps, ultimately, who did the tampering, via forensic analysis. We present four successively more sophisticated forensic analysis algorithms: the Monochromatic, RGBY, Tiled Bitmap, and a3D algorithms, and characterize their forensic cost under worst-case, best-case, and average-case assumptions on the distribution of corruption sites. A lower bound on forensic cost is derived, with RGBY and a3D being shown optimal for a large number of corruptions. We also provide validated cost formulæ for these algorithms and recommendations for the circumstances in which each algorithm is indicated.

Original languageEnglish (US)
Article number30
JournalACM Transactions on Database Systems
Volume33
Issue number4
DOIs
StatePublished - Nov 1 2008

Fingerprint

Costs

Keywords

  • A3D algorithm
  • Compliant records
  • Forensic analysis algorithm
  • Forensic cost
  • Monochromatic algorithm
  • Polychromatic algorithm
  • RGBY algorithm
  • Tiled Bitmap algorithm

ASJC Scopus subject areas

  • Information Systems

Cite this

Forensic analysis of database tampering. / Pavlou, Kyriacos E.; Snodgrass, Richard Thomas.

In: ACM Transactions on Database Systems, Vol. 33, No. 4, 30, 01.11.2008.

Research output: Contribution to journalArticle

@article{d163c8cb948946cabccf408c4acf3988,
title = "Forensic analysis of database tampering",
abstract = "Regulations and societal expectations have recently expressed the need to mediate access to valuable databases, even by insiders. One approach is tamper detection via cryptographic hashing. This article shows how to determine when the tampering occurred, what data was tampered with, and perhaps, ultimately, who did the tampering, via forensic analysis. We present four successively more sophisticated forensic analysis algorithms: the Monochromatic, RGBY, Tiled Bitmap, and a3D algorithms, and characterize their forensic cost under worst-case, best-case, and average-case assumptions on the distribution of corruption sites. A lower bound on forensic cost is derived, with RGBY and a3D being shown optimal for a large number of corruptions. We also provide validated cost formul{\ae} for these algorithms and recommendations for the circumstances in which each algorithm is indicated.",
keywords = "A3D algorithm, Compliant records, Forensic analysis algorithm, Forensic cost, Monochromatic algorithm, Polychromatic algorithm, RGBY algorithm, Tiled Bitmap algorithm",
author = "Pavlou, {Kyriacos E.} and Snodgrass, {Richard Thomas}",
year = "2008",
month = "11",
day = "1",
doi = "10.1145/1412331.1412342",
language = "English (US)",
volume = "33",
journal = "ACM Transactions on Database Systems",
issn = "0362-5915",
publisher = "Association for Computing Machinery (ACM)",
number = "4",

}

TY - JOUR

T1 - Forensic analysis of database tampering

AU - Pavlou, Kyriacos E.

AU - Snodgrass, Richard Thomas

PY - 2008/11/1

Y1 - 2008/11/1

N2 - Regulations and societal expectations have recently expressed the need to mediate access to valuable databases, even by insiders. One approach is tamper detection via cryptographic hashing. This article shows how to determine when the tampering occurred, what data was tampered with, and perhaps, ultimately, who did the tampering, via forensic analysis. We present four successively more sophisticated forensic analysis algorithms: the Monochromatic, RGBY, Tiled Bitmap, and a3D algorithms, and characterize their forensic cost under worst-case, best-case, and average-case assumptions on the distribution of corruption sites. A lower bound on forensic cost is derived, with RGBY and a3D being shown optimal for a large number of corruptions. We also provide validated cost formulæ for these algorithms and recommendations for the circumstances in which each algorithm is indicated.

AB - Regulations and societal expectations have recently expressed the need to mediate access to valuable databases, even by insiders. One approach is tamper detection via cryptographic hashing. This article shows how to determine when the tampering occurred, what data was tampered with, and perhaps, ultimately, who did the tampering, via forensic analysis. We present four successively more sophisticated forensic analysis algorithms: the Monochromatic, RGBY, Tiled Bitmap, and a3D algorithms, and characterize their forensic cost under worst-case, best-case, and average-case assumptions on the distribution of corruption sites. A lower bound on forensic cost is derived, with RGBY and a3D being shown optimal for a large number of corruptions. We also provide validated cost formulæ for these algorithms and recommendations for the circumstances in which each algorithm is indicated.

KW - A3D algorithm

KW - Compliant records

KW - Forensic analysis algorithm

KW - Forensic cost

KW - Monochromatic algorithm

KW - Polychromatic algorithm

KW - RGBY algorithm

KW - Tiled Bitmap algorithm

UR - http://www.scopus.com/inward/record.url?scp=57849102169&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=57849102169&partnerID=8YFLogxK

U2 - 10.1145/1412331.1412342

DO - 10.1145/1412331.1412342

M3 - Article

AN - SCOPUS:57849102169

VL - 33

JO - ACM Transactions on Database Systems

JF - ACM Transactions on Database Systems

SN - 0362-5915

IS - 4

M1 - 30

ER -