TY - JOUR
T1 - Generalizing database forensics
AU - Pavlou, Kyriacos E.
AU - Snodgrass, Richard T.
N1 - Funding Information:
This work was supported in part by the Army Research Office under contract DAAL 03- 86- K0109. L.M. Ewerbring acknowledges a travel grant from the Mathematical Sciences Institute of Cornell University
PY - 2013/6
Y1 - 2013/6
N2 - In this article we present refinements on previously proposed approaches to forensic analysis of database tampering.We significantly generalize the basic structure of these algorithms to admit new characterizations of the "where" axis of the corruption diagram. Specifically, we introduce page-based partitioning as well as attribute-based partitioning along with their associated corruption diagrams. We compare the structure of all the forensic analysis algorithms and discuss the various design choices available with respect to forensic analysis. We characterize the forensic cost of the newly introduced algorithms, compare their forensic cost, and give our recommendations. We then introduce a comprehensive taxonomy of the types of possible corruption events, along with an associated forensic analysis protocol that consolidates all extant forensic algorithms and the corresponding type(s) of corruption events they detect. The result is a generalization of these algorithms and an overarching characterization of the process of database forensic analysis, thus providing a context within the overall operation of a DBMS for all existing forensic analysis algorithms.
AB - In this article we present refinements on previously proposed approaches to forensic analysis of database tampering.We significantly generalize the basic structure of these algorithms to admit new characterizations of the "where" axis of the corruption diagram. Specifically, we introduce page-based partitioning as well as attribute-based partitioning along with their associated corruption diagrams. We compare the structure of all the forensic analysis algorithms and discuss the various design choices available with respect to forensic analysis. We characterize the forensic cost of the newly introduced algorithms, compare their forensic cost, and give our recommendations. We then introduce a comprehensive taxonomy of the types of possible corruption events, along with an associated forensic analysis protocol that consolidates all extant forensic algorithms and the corresponding type(s) of corruption events they detect. The result is a generalization of these algorithms and an overarching characterization of the process of database forensic analysis, thus providing a context within the overall operation of a DBMS for all existing forensic analysis algorithms.
KW - A3D Algorithm
KW - Attribute-based partitioning
KW - Compliant records
KW - Corruption event taxonomy
KW - Forensic analysis algorithm
KW - Forensic analysis protocol
KW - Forensic cost
KW - Monochromatic Algorithm
KW - Page-based partitioning
UR - http://www.scopus.com/inward/record.url?scp=84880389355&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84880389355&partnerID=8YFLogxK
U2 - 10.1145/2487259.2487264
DO - 10.1145/2487259.2487264
M3 - Article
AN - SCOPUS:84880389355
SN - 0362-5915
VL - 38
JO - ACM Transactions on Database Systems
JF - ACM Transactions on Database Systems
IS - 2
M1 - 12
ER -