The University of Arizona
(none)

   τBerkeleyDB



Transaction-Time Support and Auditing in BerkeleyDB

Transaction-time support in a database allows it to store all the information that was ever entered into the system. All data, changed and deleted included, can be retrieved at a later stage thus forming a complete historical trace of the temporal evolution of the data. Such support is useful for answering complex temporal queries as well as highly applicable to the domains of provenance and audit log security. In this project we have provided transaction-time support to BerkeleyDB with minimum memory overhead while maintaining the high performance of the original system.

We have developed mechanisms within BerkeleyDB, based on cryptographically strong one-way hash functions, that prevent an intruder, including an auditor or an employee or even an unknown bug within the DBMS itself, from silently corrupting the database. The DBMS stores additional information in the database to enable a separate validator to examine the database along with this extra information and state conclusively whether the audit log has been compromised. We have shown with our implementation that the overhead for auditing is low and that the validator can efficiently and correctly determine if the database has been compromised. We also provide a systematic means of performing forensic analysis after such tampering has been uncovered, to determine who, when, and what, through the Dragoon system.

With Radu Sion and Marianne Winslett, we are developing a DBMS architecture that supports a spectrum of approaches to regulatory compliance, each appropriate for a particular domain, and each with different tradeoffs between security and efficiency.


People

Faculty:
Radu Sion (Stony Brook University)
Richard T. Snodgrass (Director)
Marianne Winslett (University of Illinois)

Graduate Students:
Kyriacos Pavlou
Rui Zhang (Chief Programmer)

Previous Faculty:
Christian S. Collberg

Previous Graduate Students:
Ricardo Carlos
Haifeng He
Huilong Huang
Qing Ju
Yong Liang
Yuhong Liu
Supratik Maitra
Kalyani Mandapaka
Mingde Qiu
Minjun Seo
Manigantan Sethuraman
Shilong (Stanley) Yao
Seunghwan You
Man Zhang

AuditFall07 Fall 2007 members (left to right): Huilong Huang, Qing Ju, Rick Snodgrass, Kyriacos Pavlou, and Ricardo Carlos
Photo by Rui Zhang


Funding

nsf2 Achieving Compliant Databases
National Science Foundation, IIS-0803229
September 2008 to March 2012 (Marianne Winslett, PI and Radu Sion and Richard T. Snodgrass, co-PIs)
nsf2 Tamperproof Audit Logs
National Science Foundation, IIS-0415101
September 2005 to August 2008 (Richard T. Snodgrass, PI and Christian Collberg, PI)
surety.com Surety LLC
Provided access to their AbsoluteProof (R) product
for digital notarization.

Publications

Soumyadeb Mitra, Marianne Winslett, Richard T. Snodgrass, and Shashank Yaduvanshi, "An Architecture for Regulatory Compliant Database Management," in Proceedings of the International Conference on Data Engineering (ICDE), 12 pages, Shanghai, China, 2009. (pdf)

David Lomet, Richard T. Snodgrass, and Christian S. Jensen, "Exploiting the Lock Manager for Timestamping," in Proceedings of the Ninth International Database Engineering and Applications Symposium (IDEAS 2005), Montreal, Canada, July 2005. (pdf)

Richard T. Snodgrass, Stanley Yao and Christian Collberg, "Tamper Detection in Audit Logs," In Proceedings of the International Conference on Very Large Databases, Toronto, Canada, August–September 2004, pp. 504–515. (pdf)

Mani Sethuraman, "Implementation and Evaluation of a Partitioned Store for Transaction-Time Databases," TimeCenter TR-76, December 2003. (pdf)

Link to Internal resources


News

"Capturing the ‘when’ of life by better integration of time, information" (article in a special section of the Arizona Daily Star, November 25, 2012)

"UA Shares NSF Grant for Research on Securing Databases" (UA news story, October 3, 2008)

"Keeping Your DBA Honest" (article in American Banker, January 22, 2008)

Concepts and constructs from our prior work have been included in the SQL:2011 standard and have been implemented in the IBM DB2 for zOS, Oracle 9i, 10g, and 11g, and Teradata 13.10 and 14 database management systems. The Oracle workspace manager temporal constructs permit tracing of actions on data as well as the ability to perform database forensics, as elaborated in the book "Oracle Forensics: Oracle Security Best Practices", by Paul M. Wright.


τBerkeleyDB Software

The following is the beta version of the τBerkeleyDB system, which includes transaction-time support.

The τBerkeleyDB system is dependent on the Beecrypt 4.1.2 and BerkeleyDB 3.2.9 systems.

Please first read the Overview of Installation and the Installation Instructions before downloading the system.

release_0.3.tar.gz

BerkeleyDB 3.2.9 can be downloaded here or from the official site at http://download.oracle.com/berkeley-db/db-3.2.9.tar.gz

Beecrypt 4.1.2 can be downloaded here or from the official site at http://sourceforge.net/projects/beecrypt/files/beecrypt/4.1.2/beecrypt-4.1.2.tar.gz/download



Webmaster: Kyri Pavlou