Research Statement
Research Statement
Research Statement
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Research</strong> <strong>Statement</strong><br />
Jeff Pittges<br />
Motivation<br />
External attacks on computer systems are well publicized and well recognized as a<br />
serious problem. However, insiders perpetrate over 80 percent of all security breaches.<br />
Until recently corporations rarely reported data leakage (i.e., the loss of confidential<br />
information). Emerging regulations, including the Health Insurance Portability and<br />
Accountability Act (HIPAA), require corporations to protect sensitive information and<br />
publicly disclose security breaches. Analysts estimate that data leakage costs<br />
corporations over a billion dollars a year. Consequently, data security, data leakage, and<br />
privacy are becoming urgent challenges for the database community [1].<br />
Most database security architectures rely on a fortress security model in which access to<br />
the database management system (DBMS) is strictly controlled while the data within the<br />
database is stored in the clear. Not only is the data unprotected from attackers who<br />
circumvent the access controls, the data is also unprotected from authorized personnel<br />
thereby creating unnecessary threats to privacy and security.<br />
Solution<br />
One solution to this problem is to apply fine-grained role-based access privileges, but this<br />
approach still leaves the data exposed. Most popular database management systems<br />
allow database administrators to encrypt data thereby applying the principle of Defensein-Depth<br />
[10]. Data encryption adds a layer of protection but it is still possible to recover<br />
the original data by decrypting the encrypted data [4, 5, 6].<br />
A Translucent Database [7, 8] uses one-way hash functions and other cryptographic<br />
algorithms to obfuscate the original data without destroying the function of the data. For<br />
example, the Unix password file applies a one-way hash function to each password<br />
before the password is stored in the file. Each time a user logs into the system the hash<br />
function is applied to the password entered by the user and the result is compared with<br />
the user password stored in the password file. If an attacker gains access to the contents<br />
of the password file it is impossible for the attacker to obtain the original data thereby<br />
preventing access to the user passwords.<br />
Translucent data is secure and translucent data renders attacks uninteresting because the<br />
data has no value to the attacker. Translucent data also protects privacy because<br />
authorized users are unable to view the original data. The Microsoft Hailstorm project<br />
[9], an online store of personal information including an individual’s calendar, contacts,<br />
and credit card numbers, was built on the concept of a translucent database.
The techniques to create a translucent database are readily available to any application<br />
developer. However, implementing translucency in the application layer creates an<br />
undesirable dependency between the application and the database. There are also<br />
database performance considerations. Finally, application developers are not given time<br />
to implement security features and when time is allocated for security, few developers<br />
have the necessary skills to implement security features correctly. The goal of my<br />
research is to extend database management systems to provide native support for<br />
translucency thereby increasing data security and privacy and reducing data leakage.<br />
Plan<br />
The Oracle Database 10g provides a built-in package named DBMS_CRYPTO that<br />
provides functions for generating keys, managing keys, and encrypting and decrypting<br />
data [10]. However, Oracle’s DBMS_CRYPTO package uses a block cipher rather than<br />
applying encryption to specific data columns as discussed in [4]. A block cipher requires<br />
the DBMS to encrypt and decrypt data as the data moves between main memory and<br />
disk. Therefore, the data in main memory is exposed as clear text and the query<br />
execution engine does not operate on encrypted data. Hence, Oracle 10g does not<br />
provide native support for data encryption. I plan to build on the research presented<br />
above by: (1) developing native DBMS support for cryptography, (2) extending the<br />
cryptographic functions supported by the DBMS to include one-way hash algorithms, and<br />
(3) developing a framework that makes security far more accessible to practitioners. To<br />
my knowledge, no similar work exists in the published literature. Furthermore, I am<br />
optimistic the recent NSF CyberTrust and CyberInfrastructure programs will continue to<br />
support such security-related research.<br />
The first step in my research plan is to extend the Data Definition Language (DDL) and<br />
Data Manipulation Language (DML) to support policy-based security. Consider a<br />
security policy stating that all HIPAA data must be encrypted. The database<br />
administrator (DBA) should be able to define a HIPAA data type and when a database<br />
table is defined with a column of type HIPAA the DBMS should automatically encrypt<br />
the data. The DDL statements used to create the table should allow the DBA to select the<br />
cryptographic algorithm from a set of algorithms natively supported by the DBMS. The<br />
first step of my research will create a mechanism for implementing policy-based security<br />
within the DBMS that is easily accessible to practitioners.<br />
The theoretical constructs developed in the first step of my research will lack significant<br />
impact unless they can be implemented and tested in realistic scenarios. My 15 years of<br />
database experience are rife with examples of promising ideas that have been shelved due<br />
to the absence of rigorous testing academic research requires. Drawing on this<br />
experience, the second step of my research plan is to implement a system that supports<br />
the constructs developed in the first step. This system will serve as a tool to evaluate the<br />
results of the first step and guide further research. This system may be developed by<br />
extending an existing open source database such as MySQL. This work should provide<br />
interesting projects for students and challenging programming assignments for computer<br />
science classes.
While the first and second steps of my research will demonstrate the ability to store data<br />
securely, the full extend of my research goals may only be realized if the DBMS is able<br />
to operate on translucent data without recovering the original data thereby enhancing the<br />
security of the data and protecting privacy. Therefore, the third step of my research plan<br />
will develop functions that operate directly on translucent data. These functions include<br />
searching, partial matching, and data mining operations that are efficient while preserving<br />
data security and privacy.<br />
References<br />
1. Database Security (Common Sense Principles).<br />
http://www.governmentsecurity.org/articles/DatabaseSecurityCommonsensePrinciples.php<br />
2. Database Security Issues: Inference.<br />
3. http://databases.about.com/od/security/l/aainference.htm<br />
4. Mattsson, Ulf T. A Database Encryption Solution that is Protecting Against External<br />
and Internal Threats, Meeting Regulatory Requirements. February 25, 2005.<br />
http://database.ittoolbox.com/white-papers/a-database-encryption-solution-that-is-<br />
protecting-against-external-and-internal-threats-meeting-regulatory-requirements-<br />
4266<br />
5. Newman, Aaron C. Encryption of Data at Rest. May 28, 2002.<br />
http://database.ittoolbox.com/white-papers/encryption-of-data-at-rest-1922<br />
6. MacVittie, Don. Time is Right for Database Encryption. December 9, 2003.<br />
http://www.networkcomputing.com/showitem.jhtml;jsessionid=ZWGY32WNMZH0<br />
EQSNDBCCKHY?articleID=16401578<br />
7. Wayner, Peter. Translucent Databases. Baltimore: Flyzone Press. 2002.<br />
8. Garfinkel, Simon. Protecting Privacy with Translucent Databases. August 2, 2002.<br />
http://www.oreillynet.com/pub/a/network/2002/08/02/simson.html<br />
9. Microsoft Hailstorm. http://xml.coverpages.org/hailstorm.html<br />
10. Nanda, Arup. Encrypt Your Data Assets. Oracle Magazine. January/February 2005.<br />
http://www.oracle.com/technology/oramag/oracle/05-jan/o15security.html