91ֱ computer science professor James Wagner has been awarded a three-year, $158,000 Louisiana Board of Regents research grant to help detect internal threats on secure database systems.
Wagner, whose primary research interest is in cybersecurity related to the prevention and detection of data tampering, will design a framework that relies on digital forensics to detect malicious activities performed by insiders—or attackers who gained similar privileges—for database systems.
Security mechanisms are designed to keep attackers from gaining access to systems or specific data. However, there remains a threat from administrators within an organization who have the ability to bypass or disable security mechanisms, Wagner said. Those could include disgruntled employees leaking data or individuals accepting bribes in exchange for proprietary information.
“It is essentially impossible to secure your system against someone who has the keys to the kingdom, so to speak,” said Wagner.
Wagner’s research will detect such activity by connecting low-level system information collected through digital forensics using provenance graphs. This will ultimately allow system activity to be reverse engineered using memory snapshots.
Even if an individual can bypass all of the security mechanisms and logging, they cannot hide how their activity is processed in memory, Wagner said. The research aims to collect these memory artifacts to rebuild a trusted log of system activities.
Wagner will demonstrate this framework for relational database systems, including PostgreSQL, MySQL, Oracle, IBM DB2 and Microsoft SQL Server. Future work will generalize these methods to all systems.
Wagner also will explore additional applications for this work, such as detailing data exfiltration following an attack, profiling system performance, and evaluating reproducible environments.
