论文信息 - Whodunit: An Auditing Tool for Detecting Data Breaches

Whodunit: An Auditing Tool for Detecting Data Breaches

Commercial database systems provide support to maintain an audit trail that can be analyzed offline to identify potential threats to data security. We present a tool that performs data auditing that asks for an audit trail of all users and queries that referenced sensitive data, for example “find all queries and corresponding users that referenced John Doe’s salary in the last six months”. Our tool: (1) handles complex SQL queries including constructs such as grouping, aggregation and subqueries, (2) has privacy guarantees, and (3) incorporates novel optimization techniques for efficiently auditing a large workload of complex SQL queries.

Raghav Kaushik | Ravishankar Ramamurthy

[1] Daniel Fabbri,et al. PolicyReplay: Misconfiguration-Response Queries for Data Breach Reporting , 2010, Proc. VLDB Endow..

[2] Sushil Jajodia,et al. The inference problem: a survey , 2002, SKDD.

[3] Rajeev Motwani,et al. Auditing SQL Queries , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[4] Dan Suciu,et al. A formal analysis of information disclosure in data exchange , 2004, SIGMOD '04.

[5] Christos Faloutsos,et al. Auditing Compliance with a Hippocratic Database , 2004, VLDB.

[6] Ron Natan. Oracle Audit Vault , 2009 .

[7] Ashwin Machanavajjhala,et al. On the efficiency of checking perfect privacy , 2006, PODS '06.

[8] Raghav Kaushik,et al. Efficient auditing for complex SQL queries , 2011, SIGMOD '11.