3 research outputs found
The impact of triggers on forensic acquisition and analysis of databases
An aspect of database forensics that has not received much attention in the academic
research community yet is the presence of database triggers. Database triggers and their
implementations have not yet been thoroughly analysed to establish what possible impact they could
have on digital forensic analysis methods and processes. This paper firstly attempts to establish if
triggers could be used as an anti-forensic mechanism in databases to potentially disrupt or even thwart
forensic investigations. Secondly, it explores if triggers could be used to manipulate ordinary database
actions for nefarious purposes and at the same time implicate innocent parties. The database triggers
as defined in the SQL standard were studied together with a number of database trigger
implementations. This was done in order to establish what aspects of a trigger might have an impact
on digital forensic analysis. It is demonstrated in this paper that certain database forensic acquisition
and analysis methods are impacted by the possible presence of non-data triggers. This is specific to
databases that provide non-data trigger implementations. Furthermore, it finds that the forensic
interpretation and attribution processes should be extended to include the handling and analysis of all
database triggers. This is necessary to enable a more accurate attribution of actions in all databases
that provide any form of trigger implementations.βThe Role of Triggers in Database Forensicsβ, by Werner Hauger and Martin Olivier which appeared in the Proceedings of Information Security South
African (ISSA) 2014, Johannesburg, 13 & 14 August 2014.http://www.saiee.org.za/DirectoryDisplay/DirectoryCMSPages.aspx?name=Publications#id=1588&dirname=ARJ&dirid=337am2016Computer Scienc
Methodology of optimization of data flow effects based on integration structural systems analysis and risk
Π£ Π΄ΠΎΠΊΡΠΎΡΡΠΊΠΎΡ Π΄ΠΈΡΠ΅ΡΡΠ°ΡΠΈΡΠΈ ΠΈΡΡΡΠ°ΠΆΠΈΠ²Π°Π½ ΡΠ΅ ΠΏΡΠΎΠ±Π»Π΅ΠΌ ΠΎΠΏΡΠΈΠΌΠΈΠ·Π°ΡΠΈΡΠ΅ Π΅ΡΠ΅ΠΊΠ°ΡΠ°
ΠΏΡΠΎΡΠΎΠΊΠ° ΠΏΠΎΠ΄Π°ΡΠ°ΠΊΠ° ΠΊΠΎΠ΄ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΎΠ½ΠΈΡ
ΡΠΈΡΡΠ΅ΠΌΠ° ΠΈ ΡΠ°Π·Π²ΠΎΡ ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ»ΠΎΠ³ΠΈΡΠ΅ Π·Π° Π΅ΡΠΈΠΊΠ°ΡΠ½ΠΎ
ΡΠΏΡΠ°Π²ΡΠ°ΡΠ° ΠΏΡΠΎΡΠ΅ΡΠΈΠΌΠ° ΠΏΡΠΎΡΠΎΠΊΠ° ΠΏΠΎΠ΄Π°ΡΠ°ΠΊΠ°. ΠΠ΅ΡΠΎΠ΄ΠΎΠ»ΠΎΡΠΊΠΈ ΠΏΡΠΎΡΠ΅Ρ Π·Π° ΠΎΠΏΡΠΈΠΌΠΈΠ·Π°ΡΠΈΡΡ
Π΅ΡΠ΅ΠΊΠ°ΡΠ° ΠΏΡΠΎΡΠΎΠΊΠ° ΠΏΠΎΠ΄Π°ΡΠ°ΠΊΠ° ΡΠΈΠ½Π΅: ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΡΠ° ΠΏΡΠΎΡΠ΅ΡΠ° ΠΏΡΠΎΡΠΎΠΊΠ° ΠΏΠΎΠ΄Π°ΡΠ°ΠΊΠ°,
ΡΡΡΡΠΊΡΡΡΠ½Π° Π΄Π΅ΠΊΠΎΠΌΠΏΠΎΠ·ΠΈΡΠΈΡΠ° ΠΏΡΠΎΡΠ΅ΡΠ° ΠΏΡΠΎΡΠΎΠΊΠ° ΠΏΠΎΠ΄Π°ΡΠ°ΠΊΠ°, ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΡΠ° ΠΈΠ½Π΄ΠΈΠΊΠ°ΡΠΎΡΠ°
Π·Π° ΠΏΡΠ°ΡΠ΅ΡΠ΅ Π΅ΡΠ΅ΠΊΠ°ΡΠ° ΠΏΡΠΎΡΠΎΠΊΠ°, ΡΠ΅Π΄ΠΈΠ½ΠΈΡΠ΅ ΠΌΠ΅ΡΠ΅ ΠΈΠ½Π΄ΠΈΠΊΠ°ΡΠΎΡΠ° Π΅ΡΠ΅ΠΊΠ°ΡΠ° ΠΏΡΠΎΡΠΎΠΊΠ°,
ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΡΠ° ΠΎΠ³ΡΠ°Π½ΠΈΡΠ΅ΡΠ° ΠΈΠ½Π΄ΠΈΠΊΠ°ΡΠΎΡΠ° Π΅ΡΠ΅ΠΊΠ°ΡΠ° ΠΏΡΠΎΡΠΎΠΊΠ° ΠΏΠΎΠ΄Π°ΡΠ°ΠΊΠ°,
ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΡΠ° ΡΠΈΠ·ΠΈΠΊΠ° Π΅ΡΠ΅ΠΊΠ°ΡΠ° ΠΏΡΠΎΡΠΎΠΊΠ° ΠΏΠΎΠ΄Π°ΡΠ°ΠΊΠ° ΠΈ ΡΡΠ²ΡΡΠΈΠ²Π°ΡΠ΅ Π°ΠΊΡΠΈΠΎΠ½ΠΈΡ
ΠΌΠ΅ΡΠ° Π·Π°
ΠΌΠΈΡΠΈΠ³Π°ΡΠΈΡΡ ΡΠΈΠ·ΠΈΠΊΠ° Π΅ΡΠ΅ΠΊΠ°ΡΠ° ΠΏΡΠΎΡΠΎΠΊΠ° ΠΏΠΎΠ΄Π°ΡΠ°ΠΊΠ°. ΠΠ»Π΅ΠΌΠ΅Π½ΡΠΈ ΠΎΠ΄ ΠΏΠΎΡΠ΅Π±Π½ΠΎΠ³ Π·Π½Π°ΡΠ°ΡΠ° Π·Π°
ΠΏΡΠ΅Π΄Π»ΠΎΠΆΠ΅Π½Ρ ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ»ΠΎΠ³ΠΈΡΡ Π·Π° ΠΎΠΏΡΠΈΠΌΠΈΠ·Π°ΡΠΈΡΡ Π΅ΡΠ΅ΠΊΠ°ΡΠ° ΠΏΡΠΎΡΠΎΠΊΠ° ΠΏΠΎΠ΄Π°ΡΠ°ΠΊΠ° ΡΡ:
ΠΈΡΠ΅ΡΠ°ΡΠΈΠ²Π½ΠΈ ΡΠΎΡΡΠ²Π΅ΡΡΠΊΠΈ ΠΏΡΠΎΡΠ΅Ρ, ΡΡΡΡΠΊΡΡΡΠ½Π° ΡΠΈΡΡΠ΅ΠΌΡΠΊΠ° Π°Π½Π°Π»ΠΈΠ·Π°, Π΅ΡΠ΅ΠΊΡΠΈ ΠΏΡΠΎΡΠΎΠΊΠ°
ΠΏΠΎΠ΄Π°ΡΠ°ΠΊΠ°, ΠΈΠΌΠΏΠ»Π΅ΠΌΠ΅Π½ΡΠ°ΡΠΈΡΠ° Π½Π°Π΄Π³Π»Π΅Π΄Π°ΡΠ° ΡΠΈΡΡΠ΅ΠΌΠ°, Ρ
ΠΈΠ±ΡΠΈΠ΄Π½ΠΈ ΠΏΡΠΈΡΡΡΠΏ Ρ Π°Π½Π°Π»ΠΈΠ·ΠΈ
ΡΠΈΠ·ΠΈΠΊΠ° Ρ ΡΠ°Π·ΠΈ ΠΎΠ΄ΡΠΆΠ°Π²Π°ΡΠ° ΡΠΎΡΡΠ²Π΅ΡΠ° ΠΈ CASE Π°Π»Π°ΡΠΈ.
ΠΠΎΡΠΌΠ°ΡΡΠ°ΡΡΡΠΈ ΠΏΡΠ²Π΅Π½ΡΡΠ²Π΅Π½ΠΎ ΡΡΠ°Π½ΡΠ°ΠΊΡΠΈΠΎΠ½Π΅ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΎΠ½Π΅ ΡΠΈΡΡΠ΅ΠΌΠ΅
ΠΏΡΠ΅Π΄Π»ΠΎΠΆΠ΅Π½Π° ΡΠ΅ Π½ΠΎΠ²Π° ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ»ΠΎΠ³ΠΈΡΠ° ΠΎΠΏΡΠΈΠΌΠΈΠ·Π°ΡΠΈΡΠ΅ Π΅ΡΠ΅ΠΊΠ°ΡΠ° ΠΏΡΠΎΡΠΎΠΊΠ° ΠΏΠΎΠ΄Π°ΡΠ°ΠΊΠ° ΡΠ°
ΠΈΠ½ΡΠ΅Π³ΡΠ°ΡΠΈΡΠΎΠΌ Π‘Π‘Π ΠΈ Π°Π½Π°Π»ΠΈΠ·Π΅ ΡΠΈΠ·ΠΈΠΊΠ° Ρ ΠΎΠ±Π»ΠΈΠΊΡ Ρ
ΠΈΠ±ΡΠΈΠ΄Π½Π΅ ΠΌΠΎΠ΄ΠΈΡΠΈΠΊΠΎΠ²Π°Π½Π΅ FMEA
ΠΌΠ΅ΡΠΎΠ΄Π΅. ΠΡΠ΅Π΄Π»ΠΎΠΆΠ΅Π½Π° ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ»ΠΎΠ³ΠΈΡΠ° ΠΏΠΎΠ΄ΡΠ°Π·ΡΠΌΠ΅Π²Π° ΠΈΡΠ΅ΡΠ°ΡΠΈΠ²Π½ΠΈ ΠΈ ΠΈΠ½ΠΊΡΠ΅ΠΌΠ΅Π½ΡΠ°Π»Π½ΠΈ
ΠΌΠΎΠ΄Π΅Π» ΡΠΎΡΡΠ²Π΅ΡΡΠΊΠΎΠ³ ΠΏΡΠΎΡΠ΅ΡΠ° ΠΊΠ°ΠΎ ΠΎΡΠ½ΠΎΠ²Ρ Π·Π° ΡΡΠΏΠ΅ΡΠ½Ρ ΠΏΡΠΈΠΌΠ΅Π½Ρ Ρ ΠΏΡΠ°ΠΊΡΠΈ.
ΠΠΎΠ΄ΠΈΡΠΈΠΊΠΎΠ²Π°Π½Π° Ρ
ΠΈΠ±ΡΠΈΠ΄Π½Π° FMEA ΠΌΠ΅ΡΠΎΠ΄Π° ΠΊΠΎΡΠ° ΡΠ΅ ΠΏΠΎΡΠΌΠ°ΡΡΠ°Π½ΠΎ Ρ ΠΊΠΎΠ½ΡΠ΅ΠΊΡΡΡ
ΡΠΎΡΡΠ²Π΅ΡΡΠΊΠΎΠ³ ΠΏΡΠΎΡΠ΅ΡΠ° Π΄ΠΎΠΌΠ΅Π½ΡΠΊΠΎΠ³ ΡΠΎΡΡΠ²Π΅ΡΠ°, Π½Π°Π»Π°Π·ΠΈ ΠΏΠΎΠ·ΠΈΡΠΈΠΎΠ½ΠΈΡΠ°Π½Π° Ρ ΡΠ°Π·ΠΈ
ΠΎΠ΄ΡΠΆΠ°Π²Π°ΡΠ°, ΠΊΠ°ΠΎ ΡΠ²ΠΎΡ ΡΠ΅Π·ΡΠ»ΡΠ°Ρ Π΄Π°ΡΠ΅ ΡΠΏΠΈΡΠ°ΠΊ ΠΌΠ΅ΡΠ° ΠΊΠΎΡΠ΅ ΡΠ΅ ΠΏΡΠΈΠΌΠ΅ΡΡΡΡ ΠΊΠ°ΠΎ Π°ΠΊΡΠΈΠ²Π½ΠΎΡΡΠΈ
ΠΌΠΎΠ΄ΠΈΡΠΈΠΊΠ°ΡΠΈΡΠ΅ ΠΈ Π½Π°ΡΡΠ°Π²ΠΊΠ° ΡΠ°Π·Π²ΠΎΡΠ° ΡΠΎΡΡΠ²Π΅ΡΡΠΊΠΎΠ³ ΡΠ΅ΡΠ΅ΡΠ°. ΠΠ΅ΠΊΠ΅ ΠΎΠ΄ ΡΠ°ΠΊΠΎ Π΄Π΅ΡΠΈΠ½ΠΈΡΠ°Π½ΠΈΡ
Π°ΠΊΡΠΈΠ²Π½ΠΎΡΡΠΈ Π½Π°Π»Π°Π·Π΅ ΡΠ΅ Ρ ΡΠ°Π·ΠΈ Π΄ΠΈΠ·Π°ΡΠ½Π°, Π½Π΅ΠΊΠ΅ Ρ ΡΠ°Π·ΠΈ ΠΈΠΌΠΏΠ»Π΅ΠΌΠ΅Π½ΡΠ°ΡΠΈΡΠ΅ Π΄ΠΈΠ·Π°ΡΠ½Π°, Π½Π΅ΠΊΠ΅
ΠΌΠΎΠ³Ρ Π΄Π° ΡΠ΅ ΠΏΡΠΎΡΡΠΈΡΡ Π½Π° Π²ΠΈΡΠ΅ ΡΠ°Π·Π° Π°ΠΊΡΠΈΠ²Π½ΠΎΡΡΠΈ, Π°Π»ΠΈ Ρ ΡΠ²Π°ΠΊΠΎΠΌ ΡΠ»ΡΡΠ°ΡΡ Π½Π°Π»Π°Π·Π΅ ΡΠ΅ Ρ
ΡΠ°Π½ΠΈΡΠΈΠΌ ΡΠ°Π·Π°ΠΌΠ° ΡΠΎΡΡΠ²Π΅ΡΡΠΊΠΎΠ³ ΠΏΡΠΎΡΠ΅ΡΠ°, ΡΠ»Π΅Π΄Π΅ΡΠ΅Π³ ΡΠΈΠΊΠ»ΡΡΠ°. Π‘ Π΄ΡΡΠ³Π΅ ΡΡΡΠ°Π½Π΅, ΠΊΠ°ΠΎ ΡΠ»Π°Π· ΠΈ
ΠΏΡΠ΅Π΄ΡΡΠ»ΠΎΠ² Π·Π° ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΡΡ ΠΎΠ²Π°ΠΊΠ²Π΅ ΠΏΡΠ΅Π΄Π»ΠΎΠΆΠ΅Π½Π΅ ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ»ΠΎΠ³ΠΈΡΠ΅, ΠΊΠΎΡΠΈΡΡΠ΅ ΡΠ΅ Π΅Π»Π΅ΠΌΠ΅Π½ΡΠΈ,
ΠΏΠΎΡΠ΅Π±Π½ΠΎ Ρ
ΠΈΡΠ΅ΡΠ°ΡΡ
ΠΈΡΠ° Π΄Π΅ΠΊΠΎΠΌΠΏΠΎΠ½ΠΎΠ²Π°Π½ΠΈΡ
ΠΏΡΠΎΡΠ΅ΡΠ°, ΡΠΏΡΠΎΠ²Π΅Π΄Π΅Π½Π΅ Π‘Π‘Π ΠΈΠ· ΡΠ°Π½ΠΈΡΠΈΡ
ΡΠ°Π·Π°
ΡΠΎΡΡΠ²Π΅ΡΡΠΊΠΎΠ³ ΠΏΡΠΎΡΠ΅Π° ΠΈΠ· ΠΏΡΠ΅Ρ
ΠΎΠ΄Π½ΠΈΡ
ΠΈΡΠ΅ΡΠ°ΡΠΈΡΠ°. ΠΠ²Π° Π΄ΡΠ°Π»Π½Π° ΠΌΠ΅ΡΡΠ·Π°Π²ΠΈΡΠ½ΠΎΡΡ, Π·Π°ΠΏΠΎΡΠΈΡΠ΅
ΡΡΠ»ΠΎΠ²ΠΎΠΌ ΠΈΠ½ΠΈΡΠΈΡΠ°Π»Π½ΠΎ ΡΠΏΡΠΎΠ²Π΅Π΄Π΅Π½Π΅ ΡΡΡΡΠΊΡΡΡΠ½Π΅ ΡΠΈΡΡΠ΅ΠΌΡΠΊΠ΅ Π°Π½Π°Π»ΠΈΠ·Π΅...In the doctoral dissertation, the problem of optimizing the effects of data flow in
information systems and the development of a methodology for efficient management
of data flow processes was researched. The methodological process for optimizing the
effects of data flow consists of: identification of data flow processes, structural
decomposition of data flow processes, identification of indicators for monitoring flow
effects, units of measure of flow effect indicators, identification of data flow effect
limiters, identification of data flow risk effects and determination of action measures for
risk mitigation of data flow effects. Elements of special importance for the proposed
methodology for optimizing the effects of data flow are: iterative software process,
structural system analysis, data flow effects, implementation of system monitoring,
hybrid approach in risk analysis in the software maintenance phase and CASE tools.
Observing primarily transactional information systems, a new methodology for
optimizing the effects of data flow with the integration of SSA and risk analysis in the
form of a hybrid modified FMEA method has been proposed. The proposed
methodology implies an iterative and incremental model of the software process as a
basis for successful application in practice. The modified hybrid FMEA method, which
observed in the context of the software process of domain software, is positioned in the
maintenance phase, as its result provides a list of measures that are applied as
modification activities and extension of the development of the software solution. Some
of the activities thus defined are in the design phase, some in the design implementation
phase, some may extend to more phases of activity, but in any case they are in the
earlier stages of the software process, of the next cycle. On the other hand, as an input
and a precondition for the realization of such a proposed methodology, elements are
used, especially the hierarchy of decomposed processes, implemented SSA from earlier
phases of the software process from the previous iterations. This dual interdependence
begins with the condition of the initially conducted structural system analysis..
SELECT Triggers For Data Auditing
AbstractβAuditing is a key part of the security infrastructure in a database system. While commercial database systems provide mechanisms such as triggers that can be used to track and log any changes made to βsensitive β data using UPDATE queries, they are not useful for tracking accesses to sensitive data using complex SQL queries, which is important for many applications given recent laws such as HIPAA. In this paper, we propose the notion of SELECT triggers that extends triggers to work for SELECT queries in order to facilitate data auditing. We discuss the challenges in integrating SELECT triggers in a database system including specification, semantics as well as efficient implementation techniques. We have prototyped our framework in a commercial database system and present an experimental evaluation of our framework using the TPC-H benchmark. I