Audit logging is a fundamental component of a comprehensive data security and privacy infrastructure. It is complementary to other access control and security mechanisms, and is particularly useful for recording inappropriate data access by insiders. Recent legislation and regulatory oversight require organizations in a variety of domains to maintain audit logs tracking their use of data, and commercial database systems are beginning to provide support for automatically recording all data accesses.
The first main goal of this project is to develop tools to support easy and proactive analysis of logged information. The system will leverage the strengths of both declarative queries (e.g., SQL) and statistical anomaly detection. Using the new framework, for example, rather than simply flagging incoming queries as anomalous based on a pre-trained set of profiles or rules, an analyst will be able to craft custom exploratory queries and visual representations. In support of such a tool, the research team at RPI will design and build an independent subsystem, called Splash, which extends the functionality of a relational DBMS to incorporate support for managing statistical models.
Though audit logs are collected in the name of security and accountability, in certain situations the logs themselves may pose a risk to the privacy of users who access an underlying database. The second main goal of this project is to develop tools for managing the privacy risks associated with collecting and storing audit logs. Students will be engaged throughout the research program. The software will be distributed through open source software.
We are all concerned about our privacy. Yet, it is often necessary for us to store private information in databases to get the services we would like, be they medical, financial, or other personal services. Ideally we wish to allow our service providers to access exactly as much information they need to provide us with service, and no more. Achieving this ideal is a challenge. One popular technique is to allow service providers unfettered access to the database, audit their accesses, and threaten them with dire consequences if they make inappropriate accesses. (For example, this is typical in hospitals, where only a handful of personnel may actually participate in the care of any one patient, but thousands of hospital employees have access to the records). While it is easy to log accesses, actually auditing them is hard. If we could cheaply identify suspicious accesses, we could focus our investigative efforts on these. This is the problem this project has made significant strides towards addressing. Given a log of database accesses and some relevant service information, the techniques developed in this project identify the accesses that are potentially inappropriate. Over the life of this project, these techniques have become increasingly sophisticated, starting from simply considering explicit patient appointments with caregivers to the organizational structure of the service provider and the typical work flow. The goal is to catch inappropriate accesses while flagging as few false positives for investigation as possible. Ideas from this project have been implemented in the context of patient information in a hospital setting, and are the basis for a start up company.