Download Database Forensics

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
Document related concepts

Clusterpoint wikipedia , lookup

Database model wikipedia , lookup

Healthcare Cost and Utilization Project wikipedia , lookup

Transcript 
www.securityresearch.at
Database Forensics
Edgar Weippl
[email protected]
Presented by Johannes Heurix
[email protected]
Secure Business Austria
ISSI2009, NII
© 2004-2009 Secure Business Austria
Introduction
• Importance of database forensics
−Critical/sensitive information stored in databases, e.g. bank account data,
health data
www.securityresearch.at
−Loss caused by security incidents, corporate governance
• Aims of database forensics
−To find out what happened when
−To revert any unauthorized data manipulation operations
• Things to consider
−How to gain access to the system
−Live vs. dead system
−Integrity
−Images
−Data encryption
−Goal
[2]
© 2004-2009 Secure Business Austria
Information Sources
• Files
−MAC - (last) Modified time, Access time, Change/Create time (file
attributes)
www.securityresearch.at
−Timeline analysis
• Internal structures
−SQL Server artifacts: data cache, plan cache, VLF, error logs, ….
−Forensic tools (e.g. Windows Forensic Toolchest), automated scripts
−Volatility, file locks
• Logical structures (index)
−B-trees
−Different trees for different node entry sequences
[3]
© 2004-2009 Secure Business Austria
System breach suspected.
What now?
• Find out if system was actually breached
www.securityresearch.at
−Error logs – failed logins
−Plan cache – UNION, single quotes (‘), double dashes (--)
• Find out which data records were retrieved
−Data cache – recently accessed data pages
−Plan cache – cached database statements
−Server state – most recently executed statement by session
Source: Kevvie Fowler – SQL Server Forensic Analysis, Addison-Wesley
[4]
© 2004-2009 Secure Business Austria
www.securityresearch.at
Ongoing Research
[5]
© 2004-2009 Secure Business Austria
www.securityresearch.at
Pseudonymization of
Health Data
Thomas Neubauer
[email protected]
Johannes Heurix
[email protected]
Secure Business Austria
ISSI2009, NII
© 2004-2009 Secure Business Austria
Motivation
• Privacy is one of the fundamental issues in health care today,
especially when digitizing medical data
www.securityresearch.at
−Electronic health records (EHR) improve communication between health
care providers
• With interconnected systems comes highly sensitive and
personal information whose disclosure may cause serious
problems for the individual
−Insurance companies denying health coverage
−Employers denying employment
• Laws for the protection of privacy
−Health Insurance Portability and Accountability Act (HIPAA)
−European Directive 95/46/EC
• Secondary use of medical data in clinical studies
[7]
© 2004-2009 Secure Business Austria
Trade Off – Secondary Use
Cannot be reversed
Identifier retained
www.securityresearch.at
Identifier is removed
Anonymization
Reversible, but only by patient
Health data fully encrypted
Normal Secondary Use
Identifier replaced with
pseudonym
Privacy
Encryption
[8]
Link between patient and health data
Reversible under strictly
controlled circumstances
Transparency
Pseudonymization
© 2004-2009 Secure Business Austria
PIPE - Pseudonymization of
Information for Privacy in e-Health
Identification Data
www.securityresearch.at
Patient
Pseudonyms
?
Attacker
Trusted Health
Care Provider
Pseudonyms
Secondary User
(Research Institution)
Trusted Health
Care Provider
[9]
Health Data
© 2004-2009 Secure Business Austria
PIPE Benefits and Ongoing
Research
• Hull-based security architecture
−Combination of symmetric and asymmetric cryptography
−Multiple roles supported
www.securityresearch.at
• Patient as data owner
−Grants data access authorizations to trusted relatives and health care
providers
• Secondary use supported
−Secondary users gain access to health data without the ability to
reconnect the pseudonymized data to the corresponding patients
• Ongoing research
−Extension with advanced privacy-preserving query and retrieval
techniques
−Development of configurable pseudonymization workflows for different
domains
−Service-based centralized design
[10]
© 2004-2009 Secure Business Austria
Related documents
Austria
Austria
austria - Webnode
austria - Webnode
chapter 4, section 3 “lecture notes”
chapter 4, section 3 “lecture notes”
The country of Austria
The country of Austria
Document 61732
Document 61732
Austrian Climate Research Programme ACRP 7
Austrian Climate Research Programme ACRP 7
Cuisine Heritage of Germany, Austria and Switzerland
Cuisine Heritage of Germany, Austria and Switzerland
APPENDIX LOWER AUSTRIA
APPENDIX LOWER AUSTRIA
Life Sciences in the Heart of Europe From molecular biology to
Life Sciences in the Heart of Europe From molecular biology to
REVIEW GUIDE FOR THE LATE 19th CENTURY
REVIEW GUIDE FOR THE LATE 19th CENTURY
PowerPoint-Präsentation
PowerPoint-Präsentation
Ch 20 Reading Questions - Westerville City Schools
Ch 20 Reading Questions - Westerville City Schools
Executive Summary
Executive Summary
austria 1918 - Bildungsverlag Lemberger
austria 1918 - Bildungsverlag Lemberger
36-World War I
36-World War I
Economic Report Austria 2016 · Executive Summary
Economic Report Austria 2016 · Executive Summary
Austria: Strategic location for foreign investors
Austria: Strategic location for foreign investors
IST Austria Newsletter
IST Austria Newsletter
the future for business
the future for business
Green Building Technology and Sustainable Construction in Austria
Green Building Technology and Sustainable Construction in Austria
Social partnership in a Midlife Crisis
Social partnership in a Midlife Crisis
An Empire Executed - american history rules!
An Empire Executed - american history rules!