Spurred by financial scandals and privacy concerns, governments worldwide have moved to ensure confidence in digital records by regulating their retention and deletion. The goal of this project is to develop and explore a database management system (DBMS) architecture that supports a spectrum of approaches to regulatory compliance, thereby extending the level of protection afforded by conventional file-based compliance storage servers to the vast amounts of structured data residing in databases. The key challenge of this work is to provide compliance assurances for the DBMS, even against insiders with super-user powers, while balancing the need for trustworthiness against the conflicting requirements for scalable performance guarantees and low cost. The resulting architecture provides tunable tradeoffs between security and performance, through a spectrum of techniques ranging from tamper detection to tamper prevention for data, indexes, logs, and metadata; tunable vulnerability windows; tunable granularities of protection; careful use of magnetic disk as a cache and of secure coprocessors on the DBMS platform and compliance storage server platform; and judicious retargeting of an on-disk encryption unit.
This work enables compliance laws to be applied to business, government, and personal data now stored in databases, increasing societal confidence in such data. A new web course on compliance data management will raise the computer science community's awareness of compliance issues and will help train a new generation of professionals cognizant of these challenges and solutions. The software prototypes and technical papers describing them will be disseminated through the project's web site http://web.crypto.cs.sunysb.edu/cdb/
Spurred by financial scandals and privacy concerns, governments worldwide have moved to ensure confidence in digital records by regulating their retention and deletion. These new requirements have led to a huge market for compliance storage servers, which guarantee that data are not overwritten before the end of their mandatory retention period. These servers are intended for preserving data at a file-level granularity—email,spreadsheets, reports, instant messages. Unfortunately, the write-once nature of compliance devices makes them very resistant to the insider attacks at the heart of compliance regulations, but also makes it very hard to lay out, update, index, query, and (eventually) delete database records efficiently. Our goal was to meet this challenge by developing and exploringa DBMS architecture that supports a spectrum of approaches to regulatory compliance, each appropriate for a particular domain, and each with different tradeoffs between security and efficiency. In this project, we have extended this level of protection to the vast amounts of structured data residing in databases. We have developed a database management system architecture that supports a spectrum of approaches to regulatory compliance. At the University of Arizona, our focus has been on developing algorithms to very efficiently detect tampering of a database as well as algorithms to perform subsequent forensic analysis to determine when, who, and ultimately why the tampering took place. Such algorithms will go far in discouraging people from even attempting to tamper the database. This allows companies and users with valuable information stored in a database to provide compliance assurances, even against insiders with superuser powers, while balancing the need for trustworthiness against the conflicting requirements for high performance and low cost.
