TTP: A Kit for Exploring Databases under the Hood for Security, Forensics and Data Recovery

TTP：用于探索数据库底层安全性、取证和数据恢复的工具包

• 批准号: 1743136
• 负责人: Jonathan Grier
• 金额: $ 8.83万
• 依托单位: Vesaria LLC d/b/a Grier Forensics
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-06-15 至 2020-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1743136&HistoricalAwards=false
• 关键词: TTP; Kit; Exploring; Databases; under

Database Management Systems (DBMS) have been used to store and process data in organizations for decades. Larger organizations use a variety of databases (commercial, open-source or custom-built) for different departments. However, neither users nor Database Administrators (DBAs) know where the data is stored or how it is processed. Most of the relational databases store internal data using universal principles that can be inferred and captured. This project builds tools that draw on these principles to offer x-ray vision into storage of many DBMS, illustrating exactly what is happening inside. This research benefits users at all levels: students, teachers, database users, DBAs and forensic analysts. Tools developed by the research team will let DBAs inspect storage and observe any leaking data and help forensic analysts discover what happened in a database during an attack. Users will be able to restore data that was deleted or recover in the face of a critical corruption event. The same tools also help students to better understand concepts of database operations in introductory courses and help them observe security vulnerabilities.Some DBMS' provide profiling and recovery tools, but the available functionality is always database-specific and varies wildly across different platforms. This research project standardizes basic profiling and data recovery capabilities and deliver a universal solution for most major relational DBMS. This solution will include recovery against corruption events that can cause data loss or incapacitate any modern DBMS; reconstruction of "unrecoverable" (i.e., discarded or deleted) data; and visualizing artifacts that will offer insight to forensic analysts. The tools built in this project will focus on providing easy-to-use and intuitive visualization of all deconstructed DBMS content from disk and RAM and recommend strategies for minimizing data leaks. Development and evaluation will be done in collaboration with IT professionals and academic DBAs as well as industry partners. This project will also produce a suite of standard benchmarks that can quantify data leakage and recovery rates for different databases. Finally, the visualization tools and benchmarks will be combined into training tutorials and student lessons both for database and security curricula.

数十年来，数据库管理系统 (DBMS) 一直用于组织中存储和处理数据。较大的组织为不同部门使用各种数据库（商业、开源或定制）。然而，用户和数据库管理员 (DBA) 都不知道数据存储在何处或如何处理。大多数关系数据库使用可以推断和捕获的通用原则来存储内部数据。该项目构建了利用这些原理的工具，为许多 DBMS 的存储提供 X 射线视觉，准确说明内部发生的情况。这项研究使各个级别的用户受益：学生、教师、数据库用户、DBA 和法医分析师。研究团队开发的工具将允许 DBA 检查存储并观察任何泄漏的数据，并帮助取证分析师发现攻击期间数据库中发生的情况。用户将能够恢复被删除的数据或在发生严重损坏事件时恢复。同样的工具还可以帮助学生更好地理解入门课程中数据库操作的概念，并帮助他们观察安全漏洞。一些 DBMS 提供分析和恢复工具，但可用的功能始终是特定于数据库的，并且在不同平台上差异很大。该研究项目标准化了基本分析和数据恢复功能，并为大多数主要关系 DBMS 提供了通用解决方案。该解决方案将包括针对可能导致数据丢失或使任何现代 DBMS 瘫痪的损坏事件进行恢复；重建“不可恢复”（即丢弃或删除）的数据；并将文物可视化，为法医分析师提供洞察力。该项目中构建的工具将专注于为磁盘和 RAM 中的所有解构 DBMS 内容提供易于使用且直观的可视化，并推荐最小化数据泄漏的策略。开发和评估将与 IT 专业人士、学术 DBA 以及行业合作伙伴合作完成。该项目还将产生一套标准基准，可以量化不同数据库的数据泄漏和恢复率。最后，可视化工具和基准将合并到数据库和安全课程的培训教程和学生课程中。

项目成果

Carving database storage to detect and trace security breaches

雕刻数据库存储以检测和跟踪安全漏洞

• DOI: 10.1016/j.diin.2017.06.006
• 发表时间: 2017
• 期刊: Digital Investigation
• 作者: Wagner, James;Rasin, Alexander;Glavic, Boris;Heart, Karen;Furst, Jacob;Bressan, Lucas;Grier, Jonathan
• 通讯作者: Grier, Jonathan