Affiliation:
1. University of Arizona, Tucson, AZ
Abstract
Regulations and societal expectations have recently expressed the need to mediate access to valuable databases, even by insiders. One approach is tamper detection via cryptographic hashing. This article shows how to determine when the tampering occurred, what data was tampered with, and perhaps, ultimately, who did the tampering, via forensic analysis. We present four successively more sophisticated forensic analysis algorithms: the Monochromatic, RGBY, Tiled Bitmap, and a3D algorithms, and characterize their “forensic cost” under worst-case, best-case, and average-case assumptions on the distribution of corruption sites. A lower bound on forensic cost is derived, with RGBY and a3D being shown optimal for a large number of corruptions. We also provide validated cost formulæ for these algorithms and recommendations for the circumstances in which each algorithm is indicated.
Funder
National Science Foundation
Division of Information and Intelligent Systems
Publisher
Association for Computing Machinery (ACM)
Reference33 articles.
1. Enabling the 21st century health care information technology revolution
2. Partitioned storage for temporal databases
3. Notions of upward compatibility of temporal query languages;Bair J.;Bus. Inform.,1997
4. Lecture Notes in Computer Science;Barbará D.
5. Carvey H. and Kleiman D. 2007. Windows Forensics and Incident Recovery Syngres. Carvey H. and Kleiman D. 2007. Windows Forensics and Incident Recovery Syngres.
Cited by
34 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献