Events & News
Computer Science Colloquium
| Category | Lecture |
| Date | Tuesday, November 20, 2007 |
| Time | 11:00 am |
| Location | GS 906 |
| Details | Light refreshments served in the 9th floor atrium at 10:45 AM. |
| Speaker | Kyriacos Pavlou |
| Affiliation | Computer Science |
Forensic Analysis of Database Tampering
Mechanisms now exist that detect tampering of a database, through the use of cryptographically-strong hash functions. This paper addresses the next problem, that of determining who, when, and what, by providing a systematic means of performing forensic analysis after such tampering has been uncovered. We utilize a schematic representation termed a "corruption diagram" to fully analyze the original proposal, that of a linked sequence of hash values. We examine the various kinds of intrusions that are possible, including retroactive, introactive, backdating, and postdating intrusions. We then evaluate successively more sophisticated forensic analysis algorithms: the monochromatic, RGBY, tiled-bitmap, and a3D algorithms, and characterize the "forensic strength" of these algorithms. A lower bound on forensic strength is provided. We show how forensic analysis can efficiently extract a good deal of information concerning a corruption event.