3 research outputs found

    The impact of triggers on forensic acquisition and analysis of databases

    Get PDF
    An aspect of database forensics that has not received much attention in the academic research community yet is the presence of database triggers. Database triggers and their implementations have not yet been thoroughly analysed to establish what possible impact they could have on digital forensic analysis methods and processes. This paper firstly attempts to establish if triggers could be used as an anti-forensic mechanism in databases to potentially disrupt or even thwart forensic investigations. Secondly, it explores if triggers could be used to manipulate ordinary database actions for nefarious purposes and at the same time implicate innocent parties. The database triggers as defined in the SQL standard were studied together with a number of database trigger implementations. This was done in order to establish what aspects of a trigger might have an impact on digital forensic analysis. It is demonstrated in this paper that certain database forensic acquisition and analysis methods are impacted by the possible presence of non-data triggers. This is specific to databases that provide non-data trigger implementations. Furthermore, it finds that the forensic interpretation and attribution processes should be extended to include the handling and analysis of all database triggers. This is necessary to enable a more accurate attribution of actions in all databases that provide any form of trigger implementations.β€œThe Role of Triggers in Database Forensics”, by Werner Hauger and Martin Olivier which appeared in the Proceedings of Information Security South African (ISSA) 2014, Johannesburg, 13 & 14 August 2014.http://www.saiee.org.za/DirectoryDisplay/DirectoryCMSPages.aspx?name=Publications#id=1588&dirname=ARJ&dirid=337am2016Computer Scienc

    Methodology of optimization of data flow effects based on integration structural systems analysis and risk

    Get PDF
    Π£ Π΄ΠΎΠΊΡ‚ΠΎΡ€ΡΠΊΠΎΡ˜ Π΄ΠΈΡΠ΅Ρ€Ρ‚Π°Ρ†ΠΈΡ˜ΠΈ истраТиван јС ΠΏΡ€ΠΎΠ±Π»Π΅ΠΌ ΠΎΠΏΡ‚ΠΈΠΌΠΈΠ·Π°Ρ†ΠΈΡ˜Π΅ Π΅Ρ„Π΅ΠΊΠ°Ρ‚Π° ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠ° ΠΏΠΎΠ΄Π°Ρ‚Π°ΠΊΠ° ΠΊΠΎΠ΄ ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½ΠΈΡ… систСма ΠΈ Ρ€Π°Π·Π²ΠΎΡ˜ ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΎΠ»ΠΎΠ³ΠΈΡ˜Π΅ Π·Π° Сфикасно ΡƒΠΏΡ€Π°Π²Ρ™Π°ΡšΠ° процСсима ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠ° ΠΏΠΎΠ΄Π°Ρ‚Π°ΠΊΠ°. ΠœΠ΅Ρ‚ΠΎΠ΄ΠΎΠ»ΠΎΡˆΠΊΠΈ процСс Π·Π° ΠΎΠΏΡ‚ΠΈΠΌΠΈΠ·Π°Ρ†ΠΈΡ˜Ρƒ Π΅Ρ„Π΅ΠΊΠ°Ρ‚Π° ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠ° ΠΏΠΎΠ΄Π°Ρ‚Π°ΠΊΠ° Ρ‡ΠΈΠ½Π΅: ΠΈΠ΄Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΡ˜Π° процСса ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠ° ΠΏΠΎΠ΄Π°Ρ‚Π°ΠΊΠ°, структурна Π΄Π΅ΠΊΠΎΠΌΠΏΠΎΠ·ΠΈΡ†ΠΈΡ˜Π° процСса ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠ° ΠΏΠΎΠ΄Π°Ρ‚Π°ΠΊΠ°, ΠΈΠ΄Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΡ˜Π° ΠΈΠ½Π΄ΠΈΠΊΠ°Ρ‚ΠΎΡ€Π° Π·Π° ΠΏΡ€Π°Ρ›Π΅ΡšΠ΅ Π΅Ρ„Π΅ΠΊΠ°Ρ‚Π° ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠ°, Ρ˜Π΅Π΄ΠΈΠ½ΠΈΡ†Π΅ ΠΌΠ΅Ρ€Π΅ ΠΈΠ½Π΄ΠΈΠΊΠ°Ρ‚ΠΎΡ€Π° Π΅Ρ„Π΅ΠΊΠ°Ρ‚Π° ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠ°, ΠΈΠ΄Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΡ˜Π° ΠΎΠ³Ρ€Π°Π½ΠΈΡ‡Π΅ΡšΠ° ΠΈΠ½Π΄ΠΈΠΊΠ°Ρ‚ΠΎΡ€Π° Π΅Ρ„Π΅ΠΊΠ°Ρ‚Π° ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠ° ΠΏΠΎΠ΄Π°Ρ‚Π°ΠΊΠ°, ΠΈΠ΄Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΡ˜Π° Ρ€ΠΈΠ·ΠΈΠΊΠ° Π΅Ρ„Π΅ΠΊΠ°Ρ‚Π° ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠ° ΠΏΠΎΠ΄Π°Ρ‚Π°ΠΊΠ° ΠΈ ΡƒΡ‚Π²Ρ€Ρ’ΠΈΠ²Π°ΡšΠ΅ Π°ΠΊΡ†ΠΈΠΎΠ½ΠΈΡ… ΠΌΠ΅Ρ€Π° Π·Π° ΠΌΠΈΡ‚ΠΈΠ³Π°Ρ†ΠΈΡ˜Ρƒ Ρ€ΠΈΠ·ΠΈΠΊΠ° Π΅Ρ„Π΅ΠΊΠ°Ρ‚Π° ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠ° ΠΏΠΎΠ΄Π°Ρ‚Π°ΠΊΠ°. Π•Π»Π΅ΠΌΠ΅Π½Ρ‚ΠΈ ΠΎΠ΄ посСбног Π·Π½Π°Ρ‡Π°Ρ˜Π° Π·Π° ΠΏΡ€Π΅Π΄Π»ΠΎΠΆΠ΅Π½Ρƒ ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΎΠ»ΠΎΠ³ΠΈΡ˜Ρƒ Π·Π° ΠΎΠΏΡ‚ΠΈΠΌΠΈΠ·Π°Ρ†ΠΈΡ˜Ρƒ Π΅Ρ„Π΅ΠΊΠ°Ρ‚Π° ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠ° ΠΏΠΎΠ΄Π°Ρ‚Π°ΠΊΠ° су: ΠΈΡ‚Π΅Ρ€Π°Ρ‚ΠΈΠ²Π½ΠΈ софтвСрски процСс, структурна систСмска Π°Π½Π°Π»ΠΈΠ·Π°, Π΅Ρ„Π΅ΠΊΡ‚ΠΈ ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠ° ΠΏΠΎΠ΄Π°Ρ‚Π°ΠΊΠ°, ΠΈΠΌΠΏΠ»Π΅ΠΌΠ΅Π½Ρ‚Π°Ρ†ΠΈΡ˜Π° надглСдања систСма, Ρ…ΠΈΠ±Ρ€ΠΈΠ΄Π½ΠΈ приступ Ρƒ Π°Π½Π°Π»ΠΈΠ·ΠΈ Ρ€ΠΈΠ·ΠΈΠΊΠ° Ρƒ Ρ„Π°Π·ΠΈ ΠΎΠ΄Ρ€ΠΆΠ°Π²Π°ΡšΠ° софтвСра ΠΈ CASE Π°Π»Π°Ρ‚ΠΈ. ΠŸΠΎΡΠΌΠ°Ρ‚Ρ€Π°Ρ˜ΡƒΡ›ΠΈ првСнствСно трансакционС ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π΅ систСмС ΠΏΡ€Π΅Π΄Π»ΠΎΠΆΠ΅Π½Π° јС Π½ΠΎΠ²Π° ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΎΠ»ΠΎΠ³ΠΈΡ˜Π° ΠΎΠΏΡ‚ΠΈΠΌΠΈΠ·Π°Ρ†ΠΈΡ˜Π΅ Π΅Ρ„Π΅ΠΊΠ°Ρ‚Π° ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠ° ΠΏΠΎΠ΄Π°Ρ‚Π°ΠΊΠ° са ΠΈΠ½Ρ‚Π΅Π³Ρ€Π°Ρ†ΠΈΡ˜ΠΎΠΌ ББА ΠΈ Π°Π½Π°Π»ΠΈΠ·Π΅ Ρ€ΠΈΠ·ΠΈΠΊΠ° Ρƒ ΠΎΠ±Π»ΠΈΠΊΡƒ Ρ…ΠΈΠ±Ρ€ΠΈΠ΄Π½Π΅ ΠΌΠΎΠ΄ΠΈΡ„ΠΈΠΊΠΎΠ²Π°Π½Π΅ FMEA ΠΌΠ΅Ρ‚ΠΎΠ΄Π΅. ΠŸΡ€Π΅Π΄Π»ΠΎΠΆΠ΅Π½Π° ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΎΠ»ΠΎΠ³ΠΈΡ˜Π° ΠΏΠΎΠ΄Ρ€Π°Π·ΡƒΠΌΠ΅Π²Π° ΠΈΡ‚Π΅Ρ€Π°Ρ‚ΠΈΠ²Π½ΠΈ ΠΈ ΠΈΠ½ΠΊΡ€Π΅ΠΌΠ΅Π½Ρ‚Π°Π»Π½ΠΈ ΠΌΠΎΠ΄Π΅Π» софтвСрског процСса ΠΊΠ°ΠΎ основу Π·Π° ΡƒΡΠΏΠ΅ΡˆΠ½Ρƒ ΠΏΡ€ΠΈΠΌΠ΅Π½Ρƒ Ρƒ пракси. ΠœΠΎΠ΄ΠΈΡ„ΠΈΠΊΠΎΠ²Π°Π½Π° Ρ…ΠΈΠ±Ρ€ΠΈΠ΄Π½Π° FMEA ΠΌΠ΅Ρ‚ΠΎΠ΄Π° која сС посматрано Ρƒ контСксту софтвСрског процСса домСнског софтвСра, Π½Π°Π»Π°Π·ΠΈ ΠΏΠΎΠ·ΠΈΡ†ΠΈΠΎΠ½ΠΈΡ€Π°Π½Π° Ρƒ Ρ„Π°Π·ΠΈ ΠΎΠ΄Ρ€ΠΆΠ°Π²Π°ΡšΠ°, ΠΊΠ°ΠΎ свој Ρ€Π΅Π·ΡƒΠ»Ρ‚Π°Ρ‚ дајС списак ΠΌΠ΅Ρ€Π° којС сС ΠΏΡ€ΠΈΠΌΠ΅ΡšΡƒΡ˜Ρƒ ΠΊΠ°ΠΎ активности ΠΌΠΎΠ΄ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΡ˜Π΅ ΠΈ наставка Ρ€Π°Π·Π²ΠΎΡ˜Π° софтвСрског Ρ€Π΅ΡˆΠ΅ΡšΠ°. НСкС ΠΎΠ΄ Ρ‚Π°ΠΊΠΎ дСфинисаних активности Π½Π°Π»Π°Π·Π΅ сС Ρƒ Ρ„Π°Π·ΠΈ дизајна, Π½Π΅ΠΊΠ΅ Ρƒ Ρ„Π°Π·ΠΈ ΠΈΠΌΠΏΠ»Π΅ΠΌΠ΅Π½Ρ‚Π°Ρ†ΠΈΡ˜Π΅ дизајна, Π½Π΅ΠΊΠ΅ ΠΌΠΎΠ³Ρƒ Π΄Π° сС простиру Π½Π° вишС Ρ„Π°Π·Π° активности, Π°Π»ΠΈ Ρƒ сваком ΡΠ»ΡƒΡ‡Π°Ρ˜Ρƒ Π½Π°Π»Π°Π·Π΅ сС Ρƒ Ρ€Π°Π½ΠΈΡ˜ΠΈΠΌ Ρ„Π°Π·Π°ΠΌΠ° софтвСрског процСса, слСдСћСг циклуса. Π‘ Π΄Ρ€ΡƒΠ³Π΅ странС, ΠΊΠ°ΠΎ ΡƒΠ»Π°Π· ΠΈ прСдуслов Π·Π° Ρ€Π΅Π°Π»ΠΈΠ·Π°Ρ†ΠΈΡ˜Ρƒ ΠΎΠ²Π°ΠΊΠ²Π΅ ΠΏΡ€Π΅Π΄Π»ΠΎΠΆΠ΅Π½Π΅ ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΎΠ»ΠΎΠ³ΠΈΡ˜Π΅, користС сС Π΅Π»Π΅ΠΌΠ΅Π½Ρ‚ΠΈ, посСбно Ρ…ΠΈΡ˜Π΅Ρ€Π°Ρ€Ρ…ΠΈΡ˜Π° Π΄Π΅ΠΊΠΎΠΌΠΏΠΎΠ½ΠΎΠ²Π°Π½ΠΈΡ… процСса, спровСдСнС ББА ΠΈΠ· Ρ€Π°Π½ΠΈΡ˜ΠΈΡ… Ρ„Π°Π·Π° софтвСрског ΠΏΡ€ΠΎΡ†Π΅Π° ΠΈΠ· ΠΏΡ€Π΅Ρ…ΠΎΠ΄Π½ΠΈΡ… ΠΈΡ‚Π΅Ρ€Π°Ρ†ΠΈΡ˜Π°. Ова Π΄ΡƒΠ°Π»Π½Π° мСђузависност, Π·Π°ΠΏΠΎΡ‡ΠΈΡšΠ΅ условом ΠΈΠ½ΠΈΡ†ΠΈΡ˜Π°Π»Π½ΠΎ спровСдСнС структурнС систСмскС Π°Π½Π°Π»ΠΈΠ·Π΅...In the doctoral dissertation, the problem of optimizing the effects of data flow in information systems and the development of a methodology for efficient management of data flow processes was researched. The methodological process for optimizing the effects of data flow consists of: identification of data flow processes, structural decomposition of data flow processes, identification of indicators for monitoring flow effects, units of measure of flow effect indicators, identification of data flow effect limiters, identification of data flow risk effects and determination of action measures for risk mitigation of data flow effects. Elements of special importance for the proposed methodology for optimizing the effects of data flow are: iterative software process, structural system analysis, data flow effects, implementation of system monitoring, hybrid approach in risk analysis in the software maintenance phase and CASE tools. Observing primarily transactional information systems, a new methodology for optimizing the effects of data flow with the integration of SSA and risk analysis in the form of a hybrid modified FMEA method has been proposed. The proposed methodology implies an iterative and incremental model of the software process as a basis for successful application in practice. The modified hybrid FMEA method, which observed in the context of the software process of domain software, is positioned in the maintenance phase, as its result provides a list of measures that are applied as modification activities and extension of the development of the software solution. Some of the activities thus defined are in the design phase, some in the design implementation phase, some may extend to more phases of activity, but in any case they are in the earlier stages of the software process, of the next cycle. On the other hand, as an input and a precondition for the realization of such a proposed methodology, elements are used, especially the hierarchy of decomposed processes, implemented SSA from earlier phases of the software process from the previous iterations. This dual interdependence begins with the condition of the initially conducted structural system analysis..

    SELECT Triggers For Data Auditing

    No full text
    Abstractβ€”Auditing is a key part of the security infrastructure in a database system. While commercial database systems provide mechanisms such as triggers that can be used to track and log any changes made to β€œsensitive ” data using UPDATE queries, they are not useful for tracking accesses to sensitive data using complex SQL queries, which is important for many applications given recent laws such as HIPAA. In this paper, we propose the notion of SELECT triggers that extends triggers to work for SELECT queries in order to facilitate data auditing. We discuss the challenges in integrating SELECT triggers in a database system including specification, semantics as well as efficient implementation techniques. We have prototyped our framework in a commercial database system and present an experimental evaluation of our framework using the TPC-H benchmark. I
    corecore