Tamperproof Audit Logs
防篡改审计日志
基本信息
- 批准号:0415101
- 负责人:
- 金额:$ 33万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Standard Grant
- 财政年份:2005
- 资助国家:美国
- 起止时间:2005-09-01 至 2009-08-31
- 项目状态:已结题
- 来源:
- 关键词:
项目摘要
An audit log enumerates the changes, and often the accesses, that have been applied to a database. Audit logs are considered good practice for business systems, and are required by federal regulations for secure systems, drug approval data, medical information disclosure, financial records, and electronic voting. Given the central role of audit logs, it is critical that they are correct and unalterable.Mechanisms are developed, for implementation within a database management system (DBMS), based on cryptographically strong one-way hash functions, that prevent an intruder, including an auditor or an employee or even an unknown bug within the DBMS itself, from silently corrupting the audit log. The DBMS thus stores additional information in the database to enable a separate audit log validator to examine the database along with this extra information and state conclusively whether the audit log has been compromised, thus supporting tamper detection. Using a secure audit log replication protocol and the validator, tamperproof audit logs result. Good performance is essential: tamperproof audit logs will only realistically be used if their overhead is small.This research will enable an important and highly desirable capability to be added to existing database management systems: tamperproof audit logs. By instituting tamperproof audit logs, US federal regulations in many domains can be more effectively applied, lending confidence to the business leaders, government officials, and citizens who depend on these critical medical, financial, and voting systems. The PI will work closely with vendors to ensure that the approaches are consistent with existing technologies.This work is being developed on the open-source BerkeleyDB and MySQL systems, as an extension of these two systems and updates will be available via the project's Web site (http://www.cs.arizona.edu/tau/Audit/).
审计日志枚举已应用于数据库的更改(通常是访问)。审计日志被认为是业务系统的良好实践,并且是安全系统、药物批准数据、医疗信息披露、财务记录和电子投票的联邦法规所要求的。鉴于审计日志的核心作用,它们的正确性和不可更改性至关重要。开发了一些机制,用于在数据库管理系统(DBMS)中实现,基于加密的强单向哈希函数,可以防止入侵者(包括审计员或员工,甚至是DBMS本身中的未知错误)悄然损坏审计日志。因此,DBMS将附加信息存储在数据库中,以使单独的审计日志验证器能够检查数据库沿着该附加信息,并最终声明审计日志是否已被泄露,从而支持篡改检测。使用安全的审计日志复制协议和验证器,可以实现防篡改的审计日志。良好的业绩至关重要:防篡改审计日志只有在其开销很小的情况下才能实际使用。2这项研究将使一个重要的和高度期望的能力被添加到现有的数据库管理系统中:防篡改审计日志。通过建立防篡改审计日志,美国联邦法规在许多领域都可以得到更有效的应用,从而为依赖这些关键医疗、金融和投票系统的商界领袖、政府官员和公民提供信心。PI将与供应商密切合作,以确保这些方法与现有技术保持一致,这项工作正在开放源码BerkeleyDB和MySQL系统上进行,作为这两个系统的扩展,更新将通过项目网站(http://www.cs.arizona.edu/tau/Audit/)提供。
项目成果
期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
数据更新时间:{{ journalArticles.updateTime }}
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Richard Snodgrass其他文献
Richard Snodgrass的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('Richard Snodgrass', 18)}}的其他基金
PFI AIR-TT: Improving Data Base Management System Performance Through Micro-Specialization
PFI AIR-TT:通过微专业化提高数据库管理系统性能
- 批准号:
1413780 - 财政年份:2014
- 资助金额:
$ 33万 - 项目类别:
Standard Grant
III: Small: Extending and Automating Dynamic Specialization of Database Management Systems
III:小型:扩展和自动化数据库管理系统的动态专业化
- 批准号:
1318343 - 财政年份:2013
- 资助金额:
$ 33万 - 项目类别:
Standard Grant
INSPIRE Track 1: Arizona-NOAO Temporal Analysis and Response to Events System (ANTARES)
INSPIRE 轨道 1:亚利桑那州 - NOAO 时间分析和事件响应系统 (ANTARES)
- 批准号:
1344024 - 财政年份:2013
- 资助金额:
$ 33万 - 项目类别:
Continuing Grant
III: Small: Using Empirical Generalization to Develop Predictive Models of DBMS Processing
III:小:使用经验概括来开发 DBMS 处理的预测模型
- 批准号:
1016205 - 财政年份:2010
- 资助金额:
$ 33万 - 项目类别:
Continuing Grant
CPATH-2: Collaborative Research: A Field Guide to the Science of Computation
CPATH-2:协作研究:计算科学领域指南
- 批准号:
0938948 - 财政年份:2009
- 资助金额:
$ 33万 - 项目类别:
Standard Grant
III-COR Medium: Collaborative Research: Achieving Compliant Databases
III-COR 媒介:协作研究:实现合规数据库
- 批准号:
0803229 - 财政年份:2008
- 资助金额:
$ 33万 - 项目类别:
Continuing Grant
Enabling the Commerical Realization of Temporal Databases
使能时态数据库商业化
- 批准号:
9632569 - 财政年份:1996
- 资助金额:
$ 33万 - 项目类别:
Standard Grant
Designing, Querying and Implementing Spatiotemporal Databases
设计、查询和实现时空数据库
- 批准号:
9302244 - 财政年份:1993
- 资助金额:
$ 33万 - 项目类别:
Continuing Grant
相似海外基金
AuditSageAI - AI powered audit chatbot making auditing accessible to all
AuditSageAI - 人工智能驱动的审计聊天机器人,使所有人都可以进行审计
- 批准号:
10100010 - 财政年份:2024
- 资助金额:
$ 33万 - 项目类别:
Collaborative R&D
AI Trust Audit - A novel solution and process to advance trust in the compliance and risk of AI systems in radiology
AI 信任审计 - 一种新颖的解决方案和流程,可提高放射学中 AI 系统合规性和风险的信任
- 批准号:
10076466 - 财政年份:2023
- 资助金额:
$ 33万 - 项目类别:
Grant for R&D
EAGER: SHF: Verified Audit Layers for Safe Machine Learning
EAGER:SHF:用于安全机器学习的经过验证的审计层
- 批准号:
2318724 - 财政年份:2023
- 资助金额:
$ 33万 - 项目类别:
Standard Grant
Development, multi-ancestry international validation, algorithmic audit, and prospective silent trial evaluation of PRISM - A globally accessible, patient-oriented artificial intelligence-based model to predict the presence of clinically significant prost
PRISM 的开发、多祖先国际验证、算法审核和前瞻性静默试验评估 - 一种全球可访问、面向患者的基于人工智能的模型,用于预测具有临床意义的前列腺的存在
- 批准号:
479908 - 财政年份:2023
- 资助金额:
$ 33万 - 项目类别:
Operating Grants
Voluntary National Retail Food Regulatory Program Standards Self-Assessment & Verification Audit Online Workshop
自愿国家零售食品监管计划标准自我评估
- 批准号:
10722279 - 财政年份:2023
- 资助金额:
$ 33万 - 项目类别:
Can audit and feedback be applied to target healthcare professionals recruitment and retention behaviour in RCTs? A mixed methods exploration
审计和反馈是否可以应用于随机对照试验中目标医疗保健专业人员的招聘和保留行为?
- 批准号:
2889285 - 财政年份:2023
- 资助金额:
$ 33万 - 项目类别:
Studentship
CAREER: Enabling Users to Audit the Integrity of Their Cloud Services
职业:使用户能够审核其云服务的完整性
- 批准号:
2237295 - 财政年份:2023
- 资助金额:
$ 33万 - 项目类别:
Continuing Grant
Audit Quality and Corporate Investment Strategy: Evidence from Japan
审计质量和企业投资策略:来自日本的证据
- 批准号:
23K18800 - 财政年份:2023
- 资助金额:
$ 33万 - 项目类别:
Grant-in-Aid for Research Activity Start-up
Automated Pre-Demolition Audit for Increased Reusability of Building Materials (APAIR) - A Circular Economy Approach
提高建筑材料可重复使用性的自动化拆除前审核 (APAIR) - 循环经济方法
- 批准号:
10076464 - 财政年份:2023
- 资助金额:
$ 33万 - 项目类别:
Grant for R&D
Development of remote dosimetry audit technology for 3D image-guided brachytherapy
3D图像引导近距离放射治疗远程剂量测定审核技术的开发
- 批准号:
22K07787 - 财政年份:2022
- 资助金额:
$ 33万 - 项目类别:
Grant-in-Aid for Scientific Research (C)