Research Statement
Research Statement
Research Statement
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
The techniques to create a translucent database are readily available to any application<br />
developer. However, implementing translucency in the application layer creates an<br />
undesirable dependency between the application and the database. There are also<br />
database performance considerations. Finally, application developers are not given time<br />
to implement security features and when time is allocated for security, few developers<br />
have the necessary skills to implement security features correctly. The goal of my<br />
research is to extend database management systems to provide native support for<br />
translucency thereby increasing data security and privacy and reducing data leakage.<br />
Plan<br />
The Oracle Database 10g provides a built-in package named DBMS_CRYPTO that<br />
provides functions for generating keys, managing keys, and encrypting and decrypting<br />
data [10]. However, Oracle’s DBMS_CRYPTO package uses a block cipher rather than<br />
applying encryption to specific data columns as discussed in [4]. A block cipher requires<br />
the DBMS to encrypt and decrypt data as the data moves between main memory and<br />
disk. Therefore, the data in main memory is exposed as clear text and the query<br />
execution engine does not operate on encrypted data. Hence, Oracle 10g does not<br />
provide native support for data encryption. I plan to build on the research presented<br />
above by: (1) developing native DBMS support for cryptography, (2) extending the<br />
cryptographic functions supported by the DBMS to include one-way hash algorithms, and<br />
(3) developing a framework that makes security far more accessible to practitioners. To<br />
my knowledge, no similar work exists in the published literature. Furthermore, I am<br />
optimistic the recent NSF CyberTrust and CyberInfrastructure programs will continue to<br />
support such security-related research.<br />
The first step in my research plan is to extend the Data Definition Language (DDL) and<br />
Data Manipulation Language (DML) to support policy-based security. Consider a<br />
security policy stating that all HIPAA data must be encrypted. The database<br />
administrator (DBA) should be able to define a HIPAA data type and when a database<br />
table is defined with a column of type HIPAA the DBMS should automatically encrypt<br />
the data. The DDL statements used to create the table should allow the DBA to select the<br />
cryptographic algorithm from a set of algorithms natively supported by the DBMS. The<br />
first step of my research will create a mechanism for implementing policy-based security<br />
within the DBMS that is easily accessible to practitioners.<br />
The theoretical constructs developed in the first step of my research will lack significant<br />
impact unless they can be implemented and tested in realistic scenarios. My 15 years of<br />
database experience are rife with examples of promising ideas that have been shelved due<br />
to the absence of rigorous testing academic research requires. Drawing on this<br />
experience, the second step of my research plan is to implement a system that supports<br />
the constructs developed in the first step. This system will serve as a tool to evaluate the<br />
results of the first step and guide further research. This system may be developed by<br />
extending an existing open source database such as MySQL. This work should provide<br />
interesting projects for students and challenging programming assignments for computer<br />
science classes.
Change language