权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

TTP: Small: A Kit for Exploring Databases under the Hood for Security, Forensics and Data Recovery

TTP：小型：用于探索数据库底层安全性、取证和数据恢复的套件

基本信息

批准号：
1656268
负责人：
Alexander Rasin
金额：
$ 26.48万
依托单位：
DePaul University
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2016
资助国家：
美国
起止时间：
2016-09-01 至 2020-08-31
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1656268&HistoricalAwards=false
关键词：
TTP Small Kit Exploring Databases

项目摘要

Database Management Systems (DBMS) have been used to store and process data in organizations for decades. Larger organizations use a variety of databases (commercial, open-source or custom-built) for different departments. However, neither users nor Database Administrators (DBAs) know exactly where the data is stored on the system or how it is processed. Most relational databases store internal data using universal principles that can be inferred and captured. This project will build tools that draw on these principles to offer x-ray vision into storage of many DBMS, illustrating exactly what is happening inside. This research benefits users from a variety of backgrounds: students, teachers, database users, DBAs and forensic analysts. Tools developed by the research team enable DBAs to inspect storage and observe any leaking data, thereby helping forensic analysts discover what happened in a database during an attack. Users are given the power to restore data that was deleted in the face of a critical corruption event and recover it. The same tools help students understand concepts of database operations by their use in introductory courses during which students observe security vulnerabilities. Some DBMS's provide profiling and recovery tools, but the functionality is always database-specific and varies wildly across different platforms. This research project standardizes basic profiling and data recovery capabilities and delivers a universal solution for most major relational DBMS. This solution includes recovery against corruption events that can cause data loss or incapacitate any modern DBMS; reconstruction of "unrecoverable" (i.e., discarded or deleted) data; and visualizing artifacts that offer insight to forensic analysts. The tools built in this project focus on providing easy-to-use and intuitive visualization of all deconstructed DBMS content from disk and RAM and recommend strategies for minimizing data leaks. Development and evaluation is done in collaboration with Information Technology (IT) professionals and academic DBAs as well as industry partners. This project also produces a suite of standard benchmarks that can quantify data leakage and recovery rates for different databases. Finally, the visualization tools and benchmarks are combined into training tutorials and student lessons both for database and security curriculums.

数据库管理系统（DBMS）在组织中用于存储和处理数据已有几十年的历史。较大的组织为不同的部门使用各种数据库（商业的、开源的或定制的）。但是，用户和数据库管理员（dba）都不知道数据在系统中的确切位置，也不知道数据是如何处理的。大多数关系数据库使用可以推断和捕获的通用原则存储内部数据。这个项目将构建一些工具，利用这些原理为许多DBMS的存储提供x光视图，并准确地说明内部发生了什么。这项研究使各种背景的用户受益：学生、教师、数据库用户、dba和取证分析人员。研究团队开发的工具使dba能够检查存储并观察任何泄漏的数据，从而帮助取证分析人员发现在攻击期间数据库中发生了什么。用户被赋予恢复在面临严重损坏事件时被删除的数据并恢复它的权力。同样的工具通过在入门课程中使用这些工具来帮助学生理解数据库操作的概念，在入门课程中，学生观察安全漏洞。一些DBMS提供了分析和恢复工具，但是功能总是特定于数据库的，并且在不同的平台上差异很大。这个研究项目标准化了基本的分析和数据恢复能力，并为大多数主要的关系DBMS提供了一个通用的解决方案。该解决方案包括对可能导致数据丢失或使任何现代DBMS丧失能力的损坏事件的恢复；重建“不可恢复”（即丢弃或删除）的数据；以及可视化的文物，为法医分析人员提供洞察力。在这个项目中构建的工具专注于提供易于使用和直观的可视化从磁盘和RAM中解构的所有DBMS内容，并推荐最小化数据泄漏的策略。开发和评估是与信息技术（IT）专业人员、学术dba以及行业合作伙伴合作完成的。该项目还生成了一套标准基准，可以量化不同数据库的数据泄漏和恢复速率。最后，可视化工具和基准被结合到数据库和安全课程的培训教程和学生课程中。