Verity: Blockchains to Detect Insider Attacks in DBMS

Integrity and security of the data in database systems are typically maintained with access control policies and firewalls. However, insider attacks -- where someone with an intimate knowledge of the system and administrative privileges tampers with the data -- pose a unique challenge. Measures like append only logging prove to be insufficient because an attacker with administrative privileges can alter logs and login records to eliminate the trace of attack, thus making insider attacks hard to detect. In this paper, we propose Verity -- first of a kind system to the best of our knowledge. Verity serves as a dataless framework by which any blockchain network can be used to store fixed-length metadata about tuples from any SQL database, without complete migration of the database. Verity uses a formalism for parsing SQL queries and query results to check the respective tuples' integrity using blockchains to detect insider attacks. We have implemented our technique using Hyperledger Fabric, Composer REST API, and SQLite database. Using TPC-H data and SQL queries of varying complexity and types, our experiments demonstrate that any overhead of integrity checking remains constant per tuple in a query's results, and scales linearly.

[1]  Yi Hu,et al.  Insider Threat in Database Systems: Preventing Malicious Users' Activities in Databases , 2009, 2009 Sixth International Conference on Information Technology: New Generations.

[2]  B. Panda,et al.  A Knowledge-Base Model for Insider Threat Prediction , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[3]  Yi Hu,et al.  A data mining approach for database intrusion detection , 2004, SAC '04.

[4]  N. A. Shaikh,et al.  Towards an automated multiagent system to monitor user activities against insider threat , 2008, 2008 International Symposium on Biometrics and Security Technologies.

[5]  Dimitris Gritzalis,et al.  An Insider Threat Prediction Model , 2010, TrustBus.

[6]  Sven Helmer,et al.  EthernityDB - Integrating Database Functionality into a Blockchain , 2018, ADBIS.

[7]  Paulo B. Góes,et al.  Confidentiality via Camouflage: The CVC Approach to Disclosure Limitation When Answering Queries to Databases , 2002, Oper. Res..

[8]  Matthew L Collins,et al.  Common Sense Guide to Mitigating Insider Threats, Fifth Edition , 2016 .

[9]  Paulo B. Góes,et al.  Privacy Protection of Binary Confidential Data Against Deterministic, Stochastic, and Insider Threat , 2002, Manag. Sci..

[10]  Shambhu J. Upadhyaya,et al.  Detecting Masquerading Users in a Document Management System , 2006, 2006 IEEE International Conference on Communications.

[11]  James B. D. Joshi,et al.  A trust-and-risk aware RBAC framework: tackling insider threat , 2012, SACMAT '12.

[12]  Jae Kwon,et al.  Tendermint : Consensus without Mining , 2014 .

[13]  Srikanth V. Krishnamurthy,et al.  Cyber Deception: Virtual Networks to Defend Insider Reconnaissance , 2016, MIST@CCS.

[14]  Shambhu J. Upadhyaya,et al.  Security policies to mitigate insider threat in the document control domain , 2004, 20th Annual Computer Security Applications Conference.

[15]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[16]  Shamik Sural,et al.  Two-stage database intrusion detection by combining multiple evidence and belief update , 2013, Inf. Syst. Frontiers.

[17]  Sattar Hashemi,et al.  Detecting intrusion transactions in databases using data item dependencies and anomaly analysis , 2008, Expert Syst. J. Knowl. Eng..

[18]  Raghu Ramakrishnan,et al.  Database Management Systems , 1976 .

[19]  Abhinav Srivastava,et al.  Weighted Intra-transactional Rule Mining for Database Intrusion Detection , 2006, PAKDD.

[20]  Michael Gertz,et al.  DEMIDS: A Misuse Detection System for Database Systems , 2000, IICIS.

[21]  Sushil Jajodia,et al.  Mining Malicious Corruption of Data with Hidden Markov Models , 2002, DBSec.

[22]  Elisa Bertino,et al.  Intrusion detection in RBAC-administered databases , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[23]  Helena Handschuh SHA Family (Secure Hash Algorithm) , 2005, Encyclopedia of Cryptography and Security.

[24]  Xin Jin,et al.  Database Intrusion Detection Using Role Profiling with Role Hierarchy , 2009, Secure Data Management.

[25]  Yuval Elovici,et al.  Insight Into Insiders and IT , 2018, ACM Comput. Surv..

[26]  Michael Huth,et al.  Towards an Access-Control Framework for Countering Insider Threats , 2010, Insider Threats in Cyber Security.

[27]  Jun Ma,et al.  An Active Data Leakage Prevention Model for Insider Threat , 2011, 2011 2nd International Symposium on Intelligence Information Processing and Trusted Computing.

[28]  Ram D. Gopal,et al.  New Approaches to Disclosure Limitation While Answering Queries to a Database: Protecting Numerical Confidential Data against Insider Threat Based on Data or Algorithms , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[29]  Yuval Elovici,et al.  Insight into Insiders: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures , 2018, ArXiv.

[30]  Paul Benjamin Lowry,et al.  Increasing Accountability Through User-Interface Design Artifacts: A New Approach to Addressing the Problem of Access-Policy Violations , 2015, MIS Q..

[31]  V. Devita,et al.  We Have Met the Enemy and He Is Us , 2011 .

[32]  Daniel A. Menascé,et al.  Stopping the Insider Threat : the case for implementing integrated autonomic defense mechanisms in computing systems , 2010 .

[33]  Praveen Gauravaram,et al.  Cryptographic Hash Functions , 2010, Encyclopedia of Information Assurance.

[34]  Victor C. S. Lee,et al.  Intrusion detection in real-time database systems via time signatures , 2000, Proceedings Sixth IEEE Real-Time Technology and Applications Symposium. RTAS 2000.