The broader impact/commercial potential of this I-Corps project is to address and mitigate the ongoing problem of pervasive data breaches. It will provide forensic analysts with tools for investigating database management systems (DBMS), currently a black box in most investigations. It will do so by combining previously developed forensic analysis approaches with user-friendly interpretation and reports. For existing data monitoring security solutions, this project will eliminate the security gaps that remain exploitable in cybersecurity tools. Current security solutions can only react to the logged activity, leaving a variety of hacks (e.g., abusing super-privileges or hacking) to bypass the log records. The outcome of this project will detect and report malicious data access stemming from actions that bypassed existing security mechanisms.
This I-Corps project will develop new approaches for presenting digital artifacts from a database to forensic and security analysts. Rather than merely present the individual forensic artifacts, this project will target creation of evidential reports supporting user search and providing chain-of-custody guarantees sufficient as evidence. By tracing the data flow occurring inside the database, this project will enable interpretation and sound evidence in cases of malicious data access or tampering within a database.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
