Database Management Systems (DBMSes) secure data against regular users through defensive mechanisms such as access control, and against privileged users with detection mechanisms such as audit logging. Interestingly, these security mechanisms are built into the DBMS and are thus only useful for monitoring or stopping operations that are executed through the DBMS API. Any access that involves directly modifying database files (at file system level) would, by definition, bypass any and all security layers built into the DBMS itself. In this paper, we propose and evaluate an approach that detects direct modifications to database files that have already bypassed the DBMS and its internal security mechanisms. Our approach applies forensic analysis to first validate database indexes and then compares index state with data in the DBMS tables. We show that indexes are much more difficult to modify and can be further fortified with hashing. Our approach supports most relational DBMSes by leveraging index structures that are already built into the system to detect database storage tampering that would currently remain undetectable.
Grier Forensics is an elite team of scientists, engineers, and businesspeople who provide solutions for clients across the federal government, academia and commercial sector. We strive to advance mission capabilities through the power of science. Our solutions are at the leading edge of innovation with capabilities including anonymous internet, airborne cyber defense, media exploitation, as well as research and development.
10451 Mill Run Circle, Suite 910
Owings Mills, MD 21117
Grier Forensics is a proud sponsor of QL+, Engineering Quality of Life for Those Who Served
© 2019-2020 Grier Forensics, Inc. All Rights Reserved