Forensic analysis of database tampering

Kyriacos Pavlou, Richard T. Snodgrass
2006 Proceedings of the 2006 ACM SIGMOD international conference on Management of data - SIGMOD '06  
Regulations and societal expectations have recently expressed the need to mediate access to valuable databases, even by insiders. One approach is tamper detection via cryptographic hashing. This article shows how to determine when the tampering occurred, what data was tampered with, and perhaps, ultimately, who did the tampering, via forensic analysis. We present four successively more sophisticated forensic analysis algorithms: the Monochromatic, RGBY, Tiled Bitmap, and a3D algorithms, and
more » ... acterize their "forensic cost" under worst-case, best-case, and averagecase assumptions on the distribution of corruption sites. A lower bound on forensic cost is derived, with RGBY and a3D being shown optimal for a large number of corruptions. We also provide validated cost formulae for these algorithms and recommendations for the circumstances in which each algorithm is indicated.
doi:10.1145/1142473.1142487 dblp:conf/sigmod/PavlouS06 fatcat:wxhmqcsfxbfahdluyboqs4ullm