Shubham Sahai, Medha Atre, Shubham Sharma, Rahul Gupta, S. Shukla
{"title":"Verity:基于区块链的框架来检测DBMS中的内部攻击","authors":"Shubham Sahai, Medha Atre, Shubham Sharma, Rahul Gupta, S. Shukla","doi":"10.1109/Blockchain50366.2020.00012","DOIUrl":null,"url":null,"abstract":"Integrity and security of databases are maintained with access control policies and firewalls. However, insider attacks – where someone with administrative privileges tampers with the data – pose a unique challenge. In this paper, we propose Verity – first of a kind system to the best of our knowledge – to detect insider attacks in databases. Verity serves as a dataless framework by which any blockchain network can be used to store fixed-length fingerprints of tuples from any SQL database, without complete migration of the data. Verity uses a formalism for intercepting SQL queries and their results to check the respective tuples’ integrity using the fingerprints stored on the blockchain, and detect an insider attack. We have implemented our technique using Hyperledger Fabric, and SQLite database. Using TPC-H data and CRUD (Create, Read, Update, Delete) SQL queries of varying complexity and nestings, our experiments demonstrate that any overhead of tuple integrity checking remains constant per tuple in a query’s results, and scales linearly.","PeriodicalId":109440,"journal":{"name":"2020 IEEE International Conference on Blockchain (Blockchain)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Verity: Blockchain Based Framework to Detect Insider Attacks in DBMS\",\"authors\":\"Shubham Sahai, Medha Atre, Shubham Sharma, Rahul Gupta, S. Shukla\",\"doi\":\"10.1109/Blockchain50366.2020.00012\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Integrity and security of databases are maintained with access control policies and firewalls. However, insider attacks – where someone with administrative privileges tampers with the data – pose a unique challenge. In this paper, we propose Verity – first of a kind system to the best of our knowledge – to detect insider attacks in databases. Verity serves as a dataless framework by which any blockchain network can be used to store fixed-length fingerprints of tuples from any SQL database, without complete migration of the data. Verity uses a formalism for intercepting SQL queries and their results to check the respective tuples’ integrity using the fingerprints stored on the blockchain, and detect an insider attack. We have implemented our technique using Hyperledger Fabric, and SQLite database. Using TPC-H data and CRUD (Create, Read, Update, Delete) SQL queries of varying complexity and nestings, our experiments demonstrate that any overhead of tuple integrity checking remains constant per tuple in a query’s results, and scales linearly.\",\"PeriodicalId\":109440,\"journal\":{\"name\":\"2020 IEEE International Conference on Blockchain (Blockchain)\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE International Conference on Blockchain (Blockchain)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/Blockchain50366.2020.00012\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE International Conference on Blockchain (Blockchain)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/Blockchain50366.2020.00012","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Verity: Blockchain Based Framework to Detect Insider Attacks in DBMS
Integrity and security of databases are maintained with access control policies and firewalls. However, insider attacks – where someone with administrative privileges tampers with the data – pose a unique challenge. In this paper, we propose Verity – first of a kind system to the best of our knowledge – to detect insider attacks in databases. Verity serves as a dataless framework by which any blockchain network can be used to store fixed-length fingerprints of tuples from any SQL database, without complete migration of the data. Verity uses a formalism for intercepting SQL queries and their results to check the respective tuples’ integrity using the fingerprints stored on the blockchain, and detect an insider attack. We have implemented our technique using Hyperledger Fabric, and SQLite database. Using TPC-H data and CRUD (Create, Read, Update, Delete) SQL queries of varying complexity and nestings, our experiments demonstrate that any overhead of tuple integrity checking remains constant per tuple in a query’s results, and scales linearly.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
