SlideShare a Scribd company logo

D flores trust-com19-pres

D
Denys A. Flores, PhD

trustcom 2019

Technology
1 of 16
Hybrid Logical Clocks for DB Forensics Filing the Gap between Chain of Custody and Database Auditing. Denys A. Flores & Arshad Jhumka Rotorua, New Zealand August 6th, 2019
Topics  The Insider Adversary and Transactional Databases  Proactive Database Forensics  Towards a Forensically-Aware DB Architecture  Vector Clocks vs. Hybrid Logical Clocks  Proposed Forensic Controllers  Results  Conclusions and Future Work
Databases are in everything…
The Insider Adversary and Transactional Databases Database Forensics allows investigating malicious DML operations (inserts, updates, deletes) performed by trusted insiders who could misuse their privileged access [1]. Database audit records become important evidence for investigating privileged access misuse in order to disclose or contaminate [2] sensitive transactional information [3]. Admissibility of audit records is challenged due to the lack of accountability and forensic features within the database environment. As a result, malicious insiders may cover up their activities by making them look as authorized [4].
Reactive vs. Proactive Database Forensics Reactive DB Forensics Aims reconstructing the ‘original’ DB state [5] - bottom-up. Adapts traditional forensic techniques such as table-relationship analysis [7] and data file carving [8]. Challenges evidence admissibility due to lack of formalization [9] Leads to conjectures about insider behavior as evidence may be partially recovered or unavailable. Proactive DB Forensics Uses pre-designed forensic features of a DB [6] for auditing insider activities – top-down. Generates, collects and preserves DB audit records [10] within a forensically ready environment. Admissibility depends on properly justifying Chain of Custody in the system operation. Audit records provide more insider activity traces which may not be possible to identify within reactively recovered evidence.
Chain of Custody (CoCCoCCoCCoC) Describes the evidence continuum, providing an unbroken accountability trail to justify every action performed on a piece of evidence, in accordance with 4 generally accepted principles [12]: Building an accurate timeline of events is key!
CoC-based System Properties CoC properties: Role segregation, provenance, event timelining and causality We aim to build an accurate timeline about the occurrence of DML operations. In distributed systems with high concurrency, causality violations may happen unexpectedly. Its difficult to certainly know whether an event ‘happen before’ another. Vector Clocks and Hybrid Logical Clocks have been used to solve this problem.
Vector Clocks (VCVCVCVC) vs. Hybrid Logical Clocks (HLCHLCHLCHLC) VC logical timestamps Vm.τ[i] in Tι, representing the current observed logical clock value of each audit store Fi ∈ FDB. Notice that size(Vm) = |FDB| . Used in multi-version databases, HLC logical timestamps Vm.τm composed of tuples <pt, l, c> representing instant physical time, maximum physical time and a concurrency flag, respectively.
Forensically-Aware Distributed DB Architecture
Forensically-Aware Distributed DB Architecture A. Concurrent DMLDMLDMLDML Request Generator: A Master Event Generator (MeGen) and Client Event Generators (CeGen), implemented in JMeter in master- slave mode in order to produce synthetic workload to emulate concurrent DML requests. B. Transactional (NNNNDBDBDBDB) and Forensic (FFFFDBDBDBDB) Databases: implemented in MSSQL Server 2014 with operative (DBuser), administrative (DBadmin) and forensic (DBforensics) roles enabled. For HLC, these databases are deployed in Linked Server mode and synchronised with an NTP-based time service. C. Proactive Database Forensic Controllers: implemented using Common Language Runtime (CLR) C# Assemblies, and deployed as triggers and stored procedures in their respective databases with exclusive enable/disable permissions assigned to DBforensics.
Generation and Collection of Audit Records
Preservation of Audit Records • A timeline Tι ∈ FDB is a sequence of timestamps Vm, such that: • VC Timestamp (logical order): • HLC Timestamp (logical order + Unix Time):
Collection and Preservation of Audit Records
Results
7. Conclusions and Future Work HLCHLCHLCHLC is more scalable and accurate than our previous VCVCVCVC –based proposal Without any optimization, 70% of transactions with HLCHLCHLCHLC commit in up to 3.5 secs (test 720 operations per test scenario) However, a baseline has been established for developing more research in the field of proactive DB Forensics and CoC admissibility of audit records. Future work involves: (a) Formally proving the architecture’s correctness in terms of compliance with CoC-based system properties (b) Improving overhead during timeline construction to perform better with high transactional workload (more than 10,000 operations per test scenario)
Denys A. Flores PhD Candidate Department of Computer Science University of Warwick email: d.flores-armas@warwick.ac.uk web: go.warwick.ac.uk/dflores Thank You!

Recommended

MADES - A Multi-Layered, Adaptive, Distributed Event Store
MADES - A Multi-Layered, Adaptive, Distributed Event StoreMADES - A Multi-Layered, Adaptive, Distributed Event Store
MADES - A Multi-Layered, Adaptive, Distributed Event StoreTilmann Rabl
 
Bitcoin blockchains and distributed satellite management control
Bitcoin blockchains and distributed satellite management controlBitcoin blockchains and distributed satellite management control
Bitcoin blockchains and distributed satellite management controlramycaspi
 
Secure auditing and deduplicating data in cloud
Secure auditing and deduplicating data in cloudSecure auditing and deduplicating data in cloud
Secure auditing and deduplicating data in cloudPvrtechnologies Nellore
 
Privacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storagePrivacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storageparry prabhu
 
Privacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storagePrivacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storageLeMeniz Infotech
 
Secure auditing and deduplicating data in cloud
Secure auditing and deduplicating data in cloudSecure auditing and deduplicating data in cloud
Secure auditing and deduplicating data in cloudCloudTechnologies
 
Predictive Business Process Monitoring with LSTM Neural Networks
Predictive Business Process Monitoring with LSTM Neural NetworksPredictive Business Process Monitoring with LSTM Neural Networks
Predictive Business Process Monitoring with LSTM Neural NetworksMarlon Dumas
 
Privacy preserving public auditing for regenerating code based cloud storage
Privacy preserving public auditing for regenerating code based cloud storagePrivacy preserving public auditing for regenerating code based cloud storage
Privacy preserving public auditing for regenerating code based cloud storagekitechsolutions
 

Recommended

MADES - A Multi-Layered, Adaptive, Distributed Event Store
MADES - A Multi-Layered, Adaptive, Distributed Event StoreMADES - A Multi-Layered, Adaptive, Distributed Event Store
MADES - A Multi-Layered, Adaptive, Distributed Event StoreTilmann Rabl
 
Bitcoin blockchains and distributed satellite management control
Bitcoin blockchains and distributed satellite management controlBitcoin blockchains and distributed satellite management control
Bitcoin blockchains and distributed satellite management controlramycaspi
 
Secure auditing and deduplicating data in cloud
Secure auditing and deduplicating data in cloudSecure auditing and deduplicating data in cloud
Secure auditing and deduplicating data in cloudPvrtechnologies Nellore
 
Privacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storagePrivacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storageparry prabhu
 
Privacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storagePrivacy preserving public auditing for regenerating-code-based cloud storage
Privacy preserving public auditing for regenerating-code-based cloud storageLeMeniz Infotech
 
Secure auditing and deduplicating data in cloud
Secure auditing and deduplicating data in cloudSecure auditing and deduplicating data in cloud
Secure auditing and deduplicating data in cloudCloudTechnologies
 
Predictive Business Process Monitoring with LSTM Neural Networks
Predictive Business Process Monitoring with LSTM Neural NetworksPredictive Business Process Monitoring with LSTM Neural Networks
Predictive Business Process Monitoring with LSTM Neural NetworksMarlon Dumas
 
Privacy preserving public auditing for regenerating code based cloud storage
Privacy preserving public auditing for regenerating code based cloud storagePrivacy preserving public auditing for regenerating code based cloud storage
Privacy preserving public auditing for regenerating code based cloud storagekitechsolutions
 
TCP connection management in SDN
TCP connection management in SDNTCP connection management in SDN
TCP connection management in SDNChao Chen
 
Hard real time db tsp
Hard real time db tspHard real time db tsp
Hard real time db tspPradeep Kumar TS
 
PERFORMING INITIATIVE DATA PREFETCHING IN DISTRIBUTED FILE SYSTEMS FOR CLOUD ...
PERFORMING INITIATIVE DATA PREFETCHING IN DISTRIBUTED FILE SYSTEMS FOR CLOUD ...PERFORMING INITIATIVE DATA PREFETCHING IN DISTRIBUTED FILE SYSTEMS FOR CLOUD ...
PERFORMING INITIATIVE DATA PREFETCHING IN DISTRIBUTED FILE SYSTEMS FOR CLOUD ...I3E Technologies
 
Privacy preserving public auditing for regenerating-code-based
Privacy preserving public auditing for regenerating-code-basedPrivacy preserving public auditing for regenerating-code-based
Privacy preserving public auditing for regenerating-code-basedNagamalleswararao Tadikonda
 
Toward secure and dependable
Toward secure and dependableToward secure and dependable
Toward secure and dependableIMPULSE_TECHNOLOGY
 
Cooperative provable data possession for
Cooperative provable data possession forCooperative provable data possession for
Cooperative provable data possession forIMPULSE_TECHNOLOGY
 
Provable multi copy dynamic data possession in cloud computing systems
Provable multi copy dynamic data possession in cloud computing systemsProvable multi copy dynamic data possession in cloud computing systems
Provable multi copy dynamic data possession in cloud computing systemsNagamalleswararao Tadikonda
 
Real time databases
Real time databasesReal time databases
Real time databasesNipuna Hewamadduma
 
Secure distributed deduplication systems with improved reliability
Secure distributed deduplication systems with improved reliabilitySecure distributed deduplication systems with improved reliability
Secure distributed deduplication systems with improved reliabilityPvrtechnologies Nellore
 
Secure cloud storage with data dynamic using secure network coding technique
Secure cloud storage with data dynamic using secure network coding techniqueSecure cloud storage with data dynamic using secure network coding technique
Secure cloud storage with data dynamic using secure network coding techniqueVenkat Projects
 
A hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplicationA hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplicationAdz91 Digital Ads Pvt Ltd
 
SECURE AUDITING AND DEDUPLICATING DATA IN CLOUD
SECURE AUDITING AND DEDUPLICATING DATA IN CLOUDSECURE AUDITING AND DEDUPLICATING DATA IN CLOUD
SECURE AUDITING AND DEDUPLICATING DATA IN CLOUDNexgen Technology
 
Session19 Globus
Session19 GlobusSession19 Globus
Session19 GlobusISSGC Summer School
 
Aquarius - A Data-Centric approach to CORBA fault-tolerance
Aquarius - A Data-Centric approach to CORBA fault-toleranceAquarius - A Data-Centric approach to CORBA fault-tolerance
Aquarius - A Data-Centric approach to CORBA fault-toleranceBarak Merimovich
 
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud StoragePrivacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage1crore projects
 
Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...
Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...
Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...neirew J
 
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENTINTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENTijccsa
 
DATA PROVENENCE IN PUBLIC CLOUD
DATA PROVENENCE IN PUBLIC CLOUDDATA PROVENENCE IN PUBLIC CLOUD
DATA PROVENENCE IN PUBLIC CLOUDijsrd.com
 
Proactive ops for container orchestration environments
Proactive ops for container orchestration environmentsProactive ops for container orchestration environments
Proactive ops for container orchestration environmentsDocker, Inc.
 
Efficient Implementation of Proof of Retrievability (OPOR) In Cloud Computing...
Efficient Implementation of Proof of Retrievability (OPOR) In Cloud Computing...Efficient Implementation of Proof of Retrievability (OPOR) In Cloud Computing...
Efficient Implementation of Proof of Retrievability (OPOR) In Cloud Computing...IJERA Editor
 
DESIGN, IMPLEMENTATION AND PERFORMANCE ANALYSIS OF CONCURRENCY CONTROL ALGORI...
DESIGN, IMPLEMENTATION AND PERFORMANCE ANALYSIS OF CONCURRENCY CONTROL ALGORI...DESIGN, IMPLEMENTATION AND PERFORMANCE ANALYSIS OF CONCURRENCY CONTROL ALGORI...
DESIGN, IMPLEMENTATION AND PERFORMANCE ANALYSIS OF CONCURRENCY CONTROL ALGORI...ijdms
 
Periodic Auditing of Data in Cloud Using Random Bits
Periodic Auditing of Data in Cloud Using Random BitsPeriodic Auditing of Data in Cloud Using Random Bits
Periodic Auditing of Data in Cloud Using Random BitsIJTET Journal
 

More Related Content

What's hot

TCP connection management in SDN
TCP connection management in SDNTCP connection management in SDN
TCP connection management in SDNChao Chen
 
PERFORMING INITIATIVE DATA PREFETCHING IN DISTRIBUTED FILE SYSTEMS FOR CLOUD ...
PERFORMING INITIATIVE DATA PREFETCHING IN DISTRIBUTED FILE SYSTEMS FOR CLOUD ...PERFORMING INITIATIVE DATA PREFETCHING IN DISTRIBUTED FILE SYSTEMS FOR CLOUD ...
PERFORMING INITIATIVE DATA PREFETCHING IN DISTRIBUTED FILE SYSTEMS FOR CLOUD ...I3E Technologies
 
Privacy preserving public auditing for regenerating-code-based
Privacy preserving public auditing for regenerating-code-basedPrivacy preserving public auditing for regenerating-code-based
Privacy preserving public auditing for regenerating-code-basedNagamalleswararao Tadikonda
 
Cooperative provable data possession for
Cooperative provable data possession forCooperative provable data possession for
Cooperative provable data possession forIMPULSE_TECHNOLOGY
 
Provable multi copy dynamic data possession in cloud computing systems
Provable multi copy dynamic data possession in cloud computing systemsProvable multi copy dynamic data possession in cloud computing systems
Provable multi copy dynamic data possession in cloud computing systemsNagamalleswararao Tadikonda
 
Secure distributed deduplication systems with improved reliability
Secure distributed deduplication systems with improved reliabilitySecure distributed deduplication systems with improved reliability
Secure distributed deduplication systems with improved reliabilityPvrtechnologies Nellore
 
Secure cloud storage with data dynamic using secure network coding technique
Secure cloud storage with data dynamic using secure network coding techniqueSecure cloud storage with data dynamic using secure network coding technique
Secure cloud storage with data dynamic using secure network coding techniqueVenkat Projects
 
A hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplicationA hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplicationAdz91 Digital Ads Pvt Ltd
 
SECURE AUDITING AND DEDUPLICATING DATA IN CLOUD
SECURE AUDITING AND DEDUPLICATING DATA IN CLOUDSECURE AUDITING AND DEDUPLICATING DATA IN CLOUD
SECURE AUDITING AND DEDUPLICATING DATA IN CLOUDNexgen Technology
 

What's hot (13)

TCP connection management in SDN
TCP connection management in SDNTCP connection management in SDN
TCP connection management in SDN
 
Hard real time db tsp
Hard real time db tspHard real time db tsp
Hard real time db tsp
 
PERFORMING INITIATIVE DATA PREFETCHING IN DISTRIBUTED FILE SYSTEMS FOR CLOUD ...
PERFORMING INITIATIVE DATA PREFETCHING IN DISTRIBUTED FILE SYSTEMS FOR CLOUD ...PERFORMING INITIATIVE DATA PREFETCHING IN DISTRIBUTED FILE SYSTEMS FOR CLOUD ...
PERFORMING INITIATIVE DATA PREFETCHING IN DISTRIBUTED FILE SYSTEMS FOR CLOUD ...
 
Privacy preserving public auditing for regenerating-code-based
Privacy preserving public auditing for regenerating-code-basedPrivacy preserving public auditing for regenerating-code-based
Privacy preserving public auditing for regenerating-code-based
 
Toward secure and dependable
Toward secure and dependableToward secure and dependable
Toward secure and dependable
 
Cooperative provable data possession for
Cooperative provable data possession forCooperative provable data possession for
Cooperative provable data possession for
 
Provable multi copy dynamic data possession in cloud computing systems
Provable multi copy dynamic data possession in cloud computing systemsProvable multi copy dynamic data possession in cloud computing systems
Provable multi copy dynamic data possession in cloud computing systems
 
Real time databases
Real time databasesReal time databases
Real time databases
 
Secure distributed deduplication systems with improved reliability
Secure distributed deduplication systems with improved reliabilitySecure distributed deduplication systems with improved reliability
Secure distributed deduplication systems with improved reliability
 
Secure cloud storage with data dynamic using secure network coding technique
Secure cloud storage with data dynamic using secure network coding techniqueSecure cloud storage with data dynamic using secure network coding technique
Secure cloud storage with data dynamic using secure network coding technique
 
A hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplicationA hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplication
 
SECURE AUDITING AND DEDUPLICATING DATA IN CLOUD
SECURE AUDITING AND DEDUPLICATING DATA IN CLOUDSECURE AUDITING AND DEDUPLICATING DATA IN CLOUD
SECURE AUDITING AND DEDUPLICATING DATA IN CLOUD
 
Session19 Globus
Session19 GlobusSession19 Globus
Session19 Globus
 

Similar to D flores trust-com19-pres

Aquarius - A Data-Centric approach to CORBA fault-tolerance
Aquarius - A Data-Centric approach to CORBA fault-toleranceAquarius - A Data-Centric approach to CORBA fault-tolerance
Aquarius - A Data-Centric approach to CORBA fault-toleranceBarak Merimovich
 
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud StoragePrivacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage1crore projects
 
Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...
Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...
Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...neirew J
 
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENTINTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENTijccsa
 
DATA PROVENENCE IN PUBLIC CLOUD
DATA PROVENENCE IN PUBLIC CLOUDDATA PROVENENCE IN PUBLIC CLOUD
DATA PROVENENCE IN PUBLIC CLOUDijsrd.com
 
Proactive ops for container orchestration environments
Proactive ops for container orchestration environmentsProactive ops for container orchestration environments
Proactive ops for container orchestration environmentsDocker, Inc.
 
Efficient Implementation of Proof of Retrievability (OPOR) In Cloud Computing...
Efficient Implementation of Proof of Retrievability (OPOR) In Cloud Computing...Efficient Implementation of Proof of Retrievability (OPOR) In Cloud Computing...
Efficient Implementation of Proof of Retrievability (OPOR) In Cloud Computing...IJERA Editor
 
DESIGN, IMPLEMENTATION AND PERFORMANCE ANALYSIS OF CONCURRENCY CONTROL ALGORI...
DESIGN, IMPLEMENTATION AND PERFORMANCE ANALYSIS OF CONCURRENCY CONTROL ALGORI...DESIGN, IMPLEMENTATION AND PERFORMANCE ANALYSIS OF CONCURRENCY CONTROL ALGORI...
DESIGN, IMPLEMENTATION AND PERFORMANCE ANALYSIS OF CONCURRENCY CONTROL ALGORI...ijdms
 
Periodic Auditing of Data in Cloud Using Random Bits
Periodic Auditing of Data in Cloud Using Random BitsPeriodic Auditing of Data in Cloud Using Random Bits
Periodic Auditing of Data in Cloud Using Random BitsIJTET Journal
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)ijceronline
 
SecCloudPro: A Novel Secure Cloud Storage System for Auditing and Deduplication
SecCloudPro: A Novel Secure Cloud Storage System for Auditing and DeduplicationSecCloudPro: A Novel Secure Cloud Storage System for Auditing and Deduplication
SecCloudPro: A Novel Secure Cloud Storage System for Auditing and DeduplicationIJCERT
 
Estimating the Total Costs of Your Cloud Analytics Platform
Estimating the Total Costs of Your Cloud Analytics PlatformEstimating the Total Costs of Your Cloud Analytics Platform
Estimating the Total Costs of Your Cloud Analytics PlatformDATAVERSITY
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Scalable scheduling of updates in streaming data warehouses
Scalable scheduling of updates in streaming data warehousesScalable scheduling of updates in streaming data warehouses
Scalable scheduling of updates in streaming data warehousesFinalyear Projects
 
REAL TIME PROJECTS IEEE BASED PROJECTS EMBEDDED SYSTEMS PAPER PUBLICATIONS M...
REAL TIME PROJECTS IEEE BASED PROJECTS EMBEDDED SYSTEMS PAPER PUBLICATIONS M...REAL TIME PROJECTS IEEE BASED PROJECTS EMBEDDED SYSTEMS PAPER PUBLICATIONS M...
REAL TIME PROJECTS IEEE BASED PROJECTS EMBEDDED SYSTEMS PAPER PUBLICATIONS M...Finalyear Projects
 
A Survey on Provable Multi-copy Dynamic Data Possession in Cloud Computing Sy...
A Survey on Provable Multi-copy Dynamic Data Possession in Cloud Computing Sy...A Survey on Provable Multi-copy Dynamic Data Possession in Cloud Computing Sy...
A Survey on Provable Multi-copy Dynamic Data Possession in Cloud Computing Sy...IRJET Journal
 
Survey on Division and Replication of Data in Cloud for Optimal Performance a...
Survey on Division and Replication of Data in Cloud for Optimal Performance a...Survey on Division and Replication of Data in Cloud for Optimal Performance a...
Survey on Division and Replication of Data in Cloud for Optimal Performance a...IJSRD
 

Similar to D flores trust-com19-pres (20)

Aquarius - A Data-Centric approach to CORBA fault-tolerance
Aquarius - A Data-Centric approach to CORBA fault-toleranceAquarius - A Data-Centric approach to CORBA fault-tolerance
Aquarius - A Data-Centric approach to CORBA fault-tolerance
 
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud StoragePrivacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage
 
Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...
Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...
Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...
 
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENTINTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
 
DATA PROVENENCE IN PUBLIC CLOUD
DATA PROVENENCE IN PUBLIC CLOUDDATA PROVENENCE IN PUBLIC CLOUD
DATA PROVENENCE IN PUBLIC CLOUD
 
Proactive ops for container orchestration environments
Proactive ops for container orchestration environmentsProactive ops for container orchestration environments
Proactive ops for container orchestration environments
 
Efficient Implementation of Proof of Retrievability (OPOR) In Cloud Computing...
Efficient Implementation of Proof of Retrievability (OPOR) In Cloud Computing...Efficient Implementation of Proof of Retrievability (OPOR) In Cloud Computing...
Efficient Implementation of Proof of Retrievability (OPOR) In Cloud Computing...
 
DESIGN, IMPLEMENTATION AND PERFORMANCE ANALYSIS OF CONCURRENCY CONTROL ALGORI...
DESIGN, IMPLEMENTATION AND PERFORMANCE ANALYSIS OF CONCURRENCY CONTROL ALGORI...DESIGN, IMPLEMENTATION AND PERFORMANCE ANALYSIS OF CONCURRENCY CONTROL ALGORI...
DESIGN, IMPLEMENTATION AND PERFORMANCE ANALYSIS OF CONCURRENCY CONTROL ALGORI...
 
Periodic Auditing of Data in Cloud Using Random Bits
Periodic Auditing of Data in Cloud Using Random BitsPeriodic Auditing of Data in Cloud Using Random Bits
Periodic Auditing of Data in Cloud Using Random Bits
 
[IJET-V2I2P9] Authors:Reshma A. Hegde1, Madhura Prakash
[IJET-V2I2P9] Authors:Reshma A. Hegde1, Madhura Prakash[IJET-V2I2P9] Authors:Reshma A. Hegde1, Madhura Prakash
[IJET-V2I2P9] Authors:Reshma A. Hegde1, Madhura Prakash
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
SecCloudPro: A Novel Secure Cloud Storage System for Auditing and Deduplication
SecCloudPro: A Novel Secure Cloud Storage System for Auditing and DeduplicationSecCloudPro: A Novel Secure Cloud Storage System for Auditing and Deduplication
SecCloudPro: A Novel Secure Cloud Storage System for Auditing and Deduplication
 
Review_2013
Review_2013Review_2013
Review_2013
 
An4201262267
An4201262267An4201262267
An4201262267
 
Estimating the Total Costs of Your Cloud Analytics Platform
Estimating the Total Costs of Your Cloud Analytics PlatformEstimating the Total Costs of Your Cloud Analytics Platform
Estimating the Total Costs of Your Cloud Analytics Platform
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
Scalable scheduling of updates in streaming data warehouses
Scalable scheduling of updates in streaming data warehousesScalable scheduling of updates in streaming data warehouses
Scalable scheduling of updates in streaming data warehouses
 
REAL TIME PROJECTS IEEE BASED PROJECTS EMBEDDED SYSTEMS PAPER PUBLICATIONS M...
REAL TIME PROJECTS IEEE BASED PROJECTS EMBEDDED SYSTEMS PAPER PUBLICATIONS M...REAL TIME PROJECTS IEEE BASED PROJECTS EMBEDDED SYSTEMS PAPER PUBLICATIONS M...
REAL TIME PROJECTS IEEE BASED PROJECTS EMBEDDED SYSTEMS PAPER PUBLICATIONS M...
 
A Survey on Provable Multi-copy Dynamic Data Possession in Cloud Computing Sy...
A Survey on Provable Multi-copy Dynamic Data Possession in Cloud Computing Sy...A Survey on Provable Multi-copy Dynamic Data Possession in Cloud Computing Sy...
A Survey on Provable Multi-copy Dynamic Data Possession in Cloud Computing Sy...
 
Survey on Division and Replication of Data in Cloud for Optimal Performance a...
Survey on Division and Replication of Data in Cloud for Optimal Performance a...Survey on Division and Replication of Data in Cloud for Optimal Performance a...
Survey on Division and Replication of Data in Cloud for Optimal Performance a...
 

More from Denys A. Flores, PhD

Conozca cómo evadir el ataque de los hackers
Conozca cómo evadir el ataque de los hackersConozca cómo evadir el ataque de los hackers
Conozca cómo evadir el ataque de los hackersDenys A. Flores, PhD
 
Memorias del Campus Party Quito 2014
Memorias del Campus Party Quito 2014Memorias del Campus Party Quito 2014
Memorias del Campus Party Quito 2014Denys A. Flores, PhD
 
Memorias del Campus Party Quito 2013
Memorias del Campus Party Quito 2013Memorias del Campus Party Quito 2013
Memorias del Campus Party Quito 2013Denys A. Flores, PhD
 

More from Denys A. Flores, PhD (8)

Conozca cómo evadir el ataque de los hackers
Conozca cómo evadir el ataque de los hackersConozca cómo evadir el ataque de los hackers
Conozca cómo evadir el ataque de los hackers
 
eDem&eGov 2014
eDem&eGov 2014eDem&eGov 2014
eDem&eGov 2014
 
Memorias del Campus Party Quito 2014
Memorias del Campus Party Quito 2014Memorias del Campus Party Quito 2014
Memorias del Campus Party Quito 2014
 
eDem&eGov 2013
eDem&eGov 2013eDem&eGov 2013
eDem&eGov 2013
 
Memorias del Campus Party Quito 2013
Memorias del Campus Party Quito 2013Memorias del Campus Party Quito 2013
Memorias del Campus Party Quito 2013
 
TrustCom-16 - Paper ID 227
TrustCom-16 - Paper ID 227TrustCom-16 - Paper ID 227
TrustCom-16 - Paper ID 227
 
WPCCS 16 Presentation
WPCCS 16 PresentationWPCCS 16 Presentation
WPCCS 16 Presentation
 
Database forensics
Database forensicsDatabase forensics
Database forensics
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

D flores trust-com19-pres

  • 1. Hybrid Logical Clocks for DB Forensics Filing the Gap between Chain of Custody and Database Auditing. Denys A. Flores & Arshad Jhumka Rotorua, New Zealand August 6th, 2019
  • 2. Topics  The Insider Adversary and Transactional Databases  Proactive Database Forensics  Towards a Forensically-Aware DB Architecture  Vector Clocks vs. Hybrid Logical Clocks  Proposed Forensic Controllers  Results  Conclusions and Future Work
  • 3. Databases are in everything…
  • 4. The Insider Adversary and Transactional Databases Database Forensics allows investigating malicious DML operations (inserts, updates, deletes) performed by trusted insiders who could misuse their privileged access [1]. Database audit records become important evidence for investigating privileged access misuse in order to disclose or contaminate [2] sensitive transactional information [3]. Admissibility of audit records is challenged due to the lack of accountability and forensic features within the database environment. As a result, malicious insiders may cover up their activities by making them look as authorized [4].
  • 5. Reactive vs. Proactive Database Forensics Reactive DB Forensics Aims reconstructing the ‘original’ DB state [5] - bottom-up. Adapts traditional forensic techniques such as table-relationship analysis [7] and data file carving [8]. Challenges evidence admissibility due to lack of formalization [9] Leads to conjectures about insider behavior as evidence may be partially recovered or unavailable. Proactive DB Forensics Uses pre-designed forensic features of a DB [6] for auditing insider activities – top-down. Generates, collects and preserves DB audit records [10] within a forensically ready environment. Admissibility depends on properly justifying Chain of Custody in the system operation. Audit records provide more insider activity traces which may not be possible to identify within reactively recovered evidence.
  • 6. Chain of Custody (CoCCoCCoCCoC) Describes the evidence continuum, providing an unbroken accountability trail to justify every action performed on a piece of evidence, in accordance with 4 generally accepted principles [12]: Building an accurate timeline of events is key!
  • 7. CoC-based System Properties CoC properties: Role segregation, provenance, event timelining and causality We aim to build an accurate timeline about the occurrence of DML operations. In distributed systems with high concurrency, causality violations may happen unexpectedly. Its difficult to certainly know whether an event ‘happen before’ another. Vector Clocks and Hybrid Logical Clocks have been used to solve this problem.
  • 8. Vector Clocks (VCVCVCVC) vs. Hybrid Logical Clocks (HLCHLCHLCHLC) VC logical timestamps Vm.τ[i] in Tι, representing the current observed logical clock value of each audit store Fi ∈ FDB. Notice that size(Vm) = |FDB| . Used in multi-version databases, HLC logical timestamps Vm.τm composed of tuples <pt, l, c> representing instant physical time, maximum physical time and a concurrency flag, respectively.
  • 10. Forensically-Aware Distributed DB Architecture A. Concurrent DMLDMLDMLDML Request Generator: A Master Event Generator (MeGen) and Client Event Generators (CeGen), implemented in JMeter in master- slave mode in order to produce synthetic workload to emulate concurrent DML requests. B. Transactional (NNNNDBDBDBDB) and Forensic (FFFFDBDBDBDB) Databases: implemented in MSSQL Server 2014 with operative (DBuser), administrative (DBadmin) and forensic (DBforensics) roles enabled. For HLC, these databases are deployed in Linked Server mode and synchronised with an NTP-based time service. C. Proactive Database Forensic Controllers: implemented using Common Language Runtime (CLR) C# Assemblies, and deployed as triggers and stored procedures in their respective databases with exclusive enable/disable permissions assigned to DBforensics.
  • 11. Generation and Collection of Audit Records
  • 12. Preservation of Audit Records • A timeline Tι ∈ FDB is a sequence of timestamps Vm, such that: • VC Timestamp (logical order): • HLC Timestamp (logical order + Unix Time):
  • 13. Collection and Preservation of Audit Records
  • 15. 7. Conclusions and Future Work HLCHLCHLCHLC is more scalable and accurate than our previous VCVCVCVC –based proposal Without any optimization, 70% of transactions with HLCHLCHLCHLC commit in up to 3.5 secs (test 720 operations per test scenario) However, a baseline has been established for developing more research in the field of proactive DB Forensics and CoC admissibility of audit records. Future work involves: (a) Formally proving the architecture’s correctness in terms of compliance with CoC-based system properties (b) Improving overhead during timeline construction to perform better with high transactional workload (more than 10,000 operations per test scenario)
  • 16. Denys A. Flores PhD Candidate Department of Computer Science University of Warwick email: d.flores-armas@warwick.ac.uk web: go.warwick.ac.uk/dflores Thank You!