Secure audit logs to support computer forensics
ACM Transactions on Information and System Security (TISSEC)
Approximating block accesses in database organizations
Communications of the ACM
Database Management Systems
Threats to privacy in the forensic analysis of database systems
Proceedings of the 2007 ACM SIGMOD international conference on Management of data
GhostDB: querying visible and hidden data without leaks
Proceedings of the 2007 ACM SIGMOD international conference on Management of data
Shredding your garbage: reducing data lifetime through secure deallocation
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Tamper detection in audit logs
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Forensic analysis of database tampering
ACM Transactions on Database Systems (TODS)
Lest we remember: cold-boot attacks on encryption keys
Communications of the ACM - Security in the Browser
Query Optimization in Encrypted Relational Databases by Vertical Schema Partitioning
SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management
Enabling secure query processing in the cloud using fully homomorphic encryption
Proceedings of the Second Workshop on Data Analytics in the Cloud
Hi-index | 0.02 |
Many DBMS products in the market provide built in encryption support to deal with the security concerns of the organizations. This solution is quite effective in preventing data leakage from compromised/stolen storage devices. However, recent studies show that a significant part of the leaked records have been done so by using specialized malwares that can access the main memory of systems. These malwares can easily capture the sensitive information that are decrypted in the memory including the cryptographic keys used to decrypt them. This can further compromise the security of data residing on disk that are encrypted with the same keys. In this paper we quantify the disclosure risk of encrypted data in a relational DBMS for main memory-based attacks and propose modifications to the standard query processing mechanism to minimize such risks. Specifically, we propose query optimization techniques and disclosure models to design a data-sensitivity aware query optimizer. We implemented a prototype DBMS by modifying both the storage engine and optimizer of MySQL-InnoDB server. The experimental results show that the disclosure risk of such attacks can be reduced dramatically while incurring a small performance overhead in most cases.