Forensic analysis of database tampering

Kyriacos E. Pavlou, Richard T. Snodgrass

Research output: Contribution to journalArticle

38 Scopus citations

Abstract

Regulations and societal expectations have recently expressed the need to mediate access to valuable databases, even by insiders. One approach is tamper detection via cryptographic hashing. This article shows how to determine when the tampering occurred, what data was tampered with, and perhaps, ultimately, who did the tampering, via forensic analysis. We present four successively more sophisticated forensic analysis algorithms: the Monochromatic, RGBY, Tiled Bitmap, and a3D algorithms, and characterize their forensic cost under worst-case, best-case, and average-case assumptions on the distribution of corruption sites. A lower bound on forensic cost is derived, with RGBY and a3D being shown optimal for a large number of corruptions. We also provide validated cost formulæ for these algorithms and recommendations for the circumstances in which each algorithm is indicated.

Original languageEnglish (US)
Article number30
JournalACM Transactions on Database Systems
Volume33
Issue number4
DOIs
StatePublished - Nov 1 2008

Keywords

  • A3D algorithm
  • Compliant records
  • Forensic analysis algorithm
  • Forensic cost
  • Monochromatic algorithm
  • Polychromatic algorithm
  • RGBY algorithm
  • Tiled Bitmap algorithm

ASJC Scopus subject areas

  • Information Systems

Fingerprint Dive into the research topics of 'Forensic analysis of database tampering'. Together they form a unique fingerprint.

  • Cite this