|
Warning: The download time has expired please click on the item to try again.
 ABSTRACT
The use of any modern computer system leaves unintended traces of expired data and remnants of users' past activities. In this paper, we investigate the unintended persistence of data stored in database systems. This data can be recovered by forensic analysis, and it poses a threat to privacy. First, we show how data remnants are preserved in database table storage, the transaction log, indexes, and other system components. Our evaluation of several real database systems reveals that deleted data is not securely removed from database storage and that users have little control over the persistence of deleted data. Second, we address the problem of unintended data retention by proposing a set of system transparency criteria: data retention should be avoided when possible, evident to users when it cannot be avoided, and bounded in time. Third, we propose specific techniques for secure record deletion and log expunction that increase the transparency of database systems, making them more resistant to forensic analysis.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
A. Ailamaki, S. Krishnamurthy, S. Papadimitriou, and B. Schroeder. "PostgreSQL", Chapter 26 of Database System Concepts. McGraw-Hill, 5th edition, 2006.
|
| |
2
|
Berkeley db xml. Available at www.sleepycat.com.
|
| |
3
|
|
| |
4
|
P. A. Bernstein and E. Newcomer. Principles of Transaction Processing. Morgan Kaufmann, 1997.
|
| |
5
|
D. Boneh and R. J. Lipton. A revocable backup system. In USENIX Security Symposium, pages 91--96, 1996.
|
| |
6
|
S. Byers. Scalable Exploitation of, and Responses to Information Leakage Through Hidden Data in Published Documents, April 2003.
|
| |
7
|
R. Card, T. Tso, and S. Tweedie. Design and implementation of the second extended filesystem. In Proc. Dutch International Symposium on Linux, 2004.
|
| |
8
|
B. Carrier. Sleuth toolkit / Autopsy forensic browser. Available at www.sleuthkit.org.
|
| |
9
|
|
| |
10
|
E. Casey. Digital Evidence and Computer Crime. Elsevier, 2nd edition, 2004.
|
| |
11
|
Jim Chow , Ben Pfaff , Tal Garfinkel , Kevin Christopher , Mendel Rosenblum, Understanding data lifetime via whole system simulation, Proceedings of the 13th conference on USENIX Security Symposium, p.22-22, August 09-13, 2004, San Diego, CA
|
| |
12
|
Jim Chow , Ben Pfaff , Tal Garfinkel , Mendel Rosenblum, Shredding your garbage: reducing data lifetime through secure deallocation, Proceedings of the 14th conference on USENIX Security Symposium, p.22-22, July 31-August 05, 2005, Baltimore, MD
|
| |
13
|
National Industrial Security Program Operating Manual DoD 5220.22-M. www.dss.mil/isec/nispom_0195.pdf, Jan 1995.
|
| |
14
|
Encase forensic. Available at www.guidancesoftware.com.
|
| |
15
|
R. Edmonds. Justice department hid parts of report criticizing diversity effort. Associated Press/USA Today, October 2003.
|
| |
16
|
U.S. Family Educational Rights and Privacy Act (FERPA). www.ed.gov/offices/OII/fpco/ferpa.
|
| |
17
|
S. L. Garfinkel. Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable. PhD thesis, M.I.T., 2005.
|
| |
18
|
|
 |
19
|
|
| |
20
|
|
| |
21
|
M. Goodrich, M. Atallah, and R. Tamassia. Indexing information for data forensics. In Applied Cryptography and Network Security Conference (ACNS), pages 206--221, 2005.
|
| |
22
|
T. Grieve. The decline and fall of the enron empire. Salon Magazine, October 2003.
|
| |
23
|
P. Gutmann. Secure Deletion of Data from Magnetic and Solid-State Memory. In Proc. USENIX Security Symposium, July 1996.
|
| |
24
|
U.S. health insurance portability and accountability act (HIPAA). www.hhs.gov/ocr/hipaa.
|
| |
25
|
N. M. Haller. The S/Key One-Time Password System. In Proc. ISOC Symposium on Network and Distributed System Security, Feb. 1994.
|
| |
26
|
B. Klimt and Y. Yang. Introducing the Enron Corpus. In Proc. Conference on Email and Anti-Spam (CEAS), July 2004.
|
| |
27
|
|
| |
28
|
|
| |
29
|
Magnetic storage device procedures. The National Security Agency Central Security Service (NSA/CSS) Policy Manual.
|
| |
30
|
M. Naor and V. Teague. Anti-persistence: History Independent Data Structures. In Proc. Symposium Theory of Computing, May 2001.
|
| |
31
|
|
| |
32
|
R. Perlman. The ephemerizer: Making data disappear. Technical Report TR-2005-140, Sun Microsystems, 2005.
|
| |
33
|
Z. Peterson, R. Burns, J. Herring, A. Stubblefield, and A. Rubin. Secure Deletion for a Versioning File System. In Proc. File And Storage Technologies (FAST), pages 143--154, December 2005.
|
| |
34
|
R. Ramakrishnan and J. Gehrke. Database Management Systems. McGraw-Hill, 2000.
|
| |
35
|
R L. Rivest. The RC4 encryption algorithm, Mar 1992.
|
| |
36
|
|
| |
37
|
J. M. Rosenbaum. In defense of the delete key. The Green Bag, 3, 2000.
|
| |
38
|
Sqlite. Available at www.sqlite.org.
|
| |
39
|
Secure hash standard. Federal Information Processing Standards Publication (FIPS PUB), 180(1), April 1995.
|
| |
40
|
J. Shetty and J. Adibi. The enron email dataset database schema and brief statistical report. Technical report, Information Sciences Institute, 2004.
|
| |
41
|
A. Silberchatz, H. Korth, and S. Sudarshan. Database System Concepts. McGraw-Hill, 5th edition, 2006.
|
| |
42
|
R. T. Snodgrass, S. S. Yao, and C. Collberg. Tamper detection in audit logs. In VLDB Conference, 2004.
|
| |
43
|
|
CITED BY 3
|
|
Nicolas Anciaux , Luc Bouganim , Harold van Heerde , Philippe Pucheral , Peter M.G. Apers, Data degradation: making private data less sensitive over time, Proceeding of the 17th ACM conference on Information and knowledge management, October 26-30, 2008, Napa Valley, California, USA
|
|
|
|
|
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
H.2