Achieving Database Information Accountability in the Cloud

Abstract: Abstract-Regulations and societal expectations have recently emphasized the need to mediate access to valuable databases. Fraud occurs when a person (mostly an insider) tampers illegally with a database. Data owners would like to be assured that such tampering has not occurred, or if it does, that it will be quickly discovered. The problem is exacerbated with data stored in cloud databases such as Amazon's Relational Database Service (RDS) or Microsoft's SQL Azure Database. In our previous work we have shown t… Show more

“…For instance, a naive employee, ignoring company security policies becomes an internal threat [13], if installing an unauthorised application in his mobile device introduces malware that was not specifically targeting the organisation, but may create the perfect opportunity for an undetected and unknown outsider to access corporate information assets [22] [25]. Meanwhile, databases may be tampered with by a reckless highly-trusted employee who is trying to deceive the organisation [26] by misusing his access credentials [27]. Hence, although these illegal actions may be investigated if proper auditing is enabled, in the BYOD context, it is more difficult to audit and control trusted insiders' actions [12] because digital investigations might be challenged by the following internal threat contexts.…”

Bring Your Own Disclosure: Analysing BYOD Threats to Corporate Information

“…For instance, a naive employee, ignoring company security policies becomes an internal threat [13], if installing an unauthorised application in his mobile device introduces malware that was not specifically targeting the organisation, but may create the perfect opportunity for an undetected and unknown outsider to access corporate information assets [22] [25]. Meanwhile, databases may be tampered with by a reckless highly-trusted employee who is trying to deceive the organisation [26] by misusing his access credentials [27]. Hence, although these illegal actions may be investigated if proper auditing is enabled, in the BYOD context, it is more difficult to audit and control trusted insiders' actions [12] because digital investigations might be challenged by the following internal threat contexts.…”

Bring Your Own Disclosure: Analysing BYOD Threats to Corporate Information

“…Few probable solutions have been proposed [54] towards managing trust of participant cloud data centers across specific jurisdictions around.…”

Review on Cloud Forensics: An Open Discussion on Challenges and Capabilities

CDBFIP: Common Database Forensic Investigation Processes for Internet of Things