Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
DBKnot: A Transparent and Seamless, Pluggable Tamper Evident Database
Database integrity is crucial to organizations that rely on databases of important data. They suffer from the vulnerability to internal fraud. Database tampering by internal malicious employees with high technical authorization to their infrastructure or even compromised by externals is one of the i...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Published: |
AUC Knowledge Fountain
2020
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613419112235008 |
|---|---|
| access_status_str | Open Access |
| author | Khalil, Islam |
| author_browse | Khalil, Islam |
| author_facet | Khalil, Islam |
| author_sort | Khalil, Islam |
| collection | Thesis |
| description | Database integrity is crucial to organizations that rely on databases of important data. They suffer from the vulnerability to internal fraud. Database tampering by internal malicious employees with high technical authorization to their infrastructure or even compromised by externals is one of the important attack vectors.
This thesis addresses such challenge in a class of problems where data is appended only and is immutable. Examples of operations where data does not change is a) financial institutions (banks, accounting systems, stock market, etc., b) registries and notary systems where important data is kept but is never subject to change, and c) system logs that must be kept intact for performance and forensic inspection if needed. The target of the approach is implementation seamlessness with little-or-no changes required in existing systems.
Transaction tracking for tamper detection is done by utilizing a common hashtable that serially and cumulatively hashes transactions together while using an external time-stamper and signer to sign such linkages together. This allows transactions to be tracked without any of the organizations’ data leaving their premises and going to any third-party which also reduces the performance impact of tracking. This is done so by adding a tracking layer and embedding it inside the data workflow while keeping it as un-invasive as possible.
DBKnot implements such features a) natively into databases, or b) embedded inside Object Relational Mapping (ORM) frameworks, and finally c) outlines a direction of implementing it as a stand-alone microservice reverse-proxy. A prototype ORM and database layer has been developed and tested for seamlessness of integration and ease of use. Additionally, different models of optimization by implementing pipelining parallelism in the hashing/signing process have been tested in order to check their impact on performance.
Stock-market information was used for experimentation with DBKnot and the initial results gave a slightly less than 100% increase in transaction time by using the most basic, sequential, and synchronous version of DBKnot. Signing and hashing overhead does not show significant increase per record with the increased amount of data. A number of different alternate optimizations were done to the design that via testing have resulted in significant increase in performance. |
| format | Thesis |
| id | oai:fount.aucegypt.edu:etds-2558 |
| institution | American University in Cairo (Egypt) |
| last_indexed | 2026-06-10T12:35:50.652Z |
| license_str | Not specified — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from AUC Knowledge Fountain — bepress |
| publishDate | 2020 |
| publishDateRange | 2020 |
| publishDateSort | 2020 |
| publisher | AUC Knowledge Fountain |
| publisherStr | AUC Knowledge Fountain |
| record_format | dspace |
| source_str | AUC Knowledge Fountain — bepress |
| spelling | oai:fount.aucegypt.edu:etds-2558 DBKnot: A Transparent and Seamless, Pluggable Tamper Evident Database Khalil, Islam Database integrity is crucial to organizations that rely on databases of important data. They suffer from the vulnerability to internal fraud. Database tampering by internal malicious employees with high technical authorization to their infrastructure or even compromised by externals is one of the important attack vectors. This thesis addresses such challenge in a class of problems where data is appended only and is immutable. Examples of operations where data does not change is a) financial institutions (banks, accounting systems, stock market, etc., b) registries and notary systems where important data is kept but is never subject to change, and c) system logs that must be kept intact for performance and forensic inspection if needed. The target of the approach is implementation seamlessness with little-or-no changes required in existing systems. Transaction tracking for tamper detection is done by utilizing a common hashtable that serially and cumulatively hashes transactions together while using an external time-stamper and signer to sign such linkages together. This allows transactions to be tracked without any of the organizations’ data leaving their premises and going to any third-party which also reduces the performance impact of tracking. This is done so by adding a tracking layer and embedding it inside the data workflow while keeping it as un-invasive as possible. DBKnot implements such features a) natively into databases, or b) embedded inside Object Relational Mapping (ORM) frameworks, and finally c) outlines a direction of implementing it as a stand-alone microservice reverse-proxy. A prototype ORM and database layer has been developed and tested for seamlessness of integration and ease of use. Additionally, different models of optimization by implementing pipelining parallelism in the hashing/signing process have been tested in order to check their impact on performance. Stock-market information was used for experimentation with DBKnot and the initial results gave a slightly less than 100% increase in transaction time by using the most basic, sequential, and synchronous version of DBKnot. Signing and hashing overhead does not show significant increase per record with the increased amount of data. A number of different alternate optimizations were done to the design that via testing have resulted in significant increase in performance. 2020-10-13T07:00:00Z thesis application/pdf https://fount.aucegypt.edu/etds/1544 https://fount.aucegypt.edu/context/etds/article/2558/viewcontent/DBKnot_Thesis_V17.pdf Theses and Dissertations AUC Knowledge Fountain database security tamper detection Computer and Systems Architecture Data Storage Systems |
| spellingShingle | database security tamper detection Computer and Systems Architecture Data Storage Systems Khalil, Islam DBKnot: A Transparent and Seamless, Pluggable Tamper Evident Database |
| title | DBKnot: A Transparent and Seamless, Pluggable Tamper Evident Database |
| title_full | DBKnot: A Transparent and Seamless, Pluggable Tamper Evident Database |
| title_fullStr | DBKnot: A Transparent and Seamless, Pluggable Tamper Evident Database |
| title_full_unstemmed | DBKnot: A Transparent and Seamless, Pluggable Tamper Evident Database |
| title_short | DBKnot: A Transparent and Seamless, Pluggable Tamper Evident Database |
| title_sort | dbknot a transparent and seamless pluggable tamper evident database |
| topic | database security tamper detection Computer and Systems Architecture Data Storage Systems |
| url | https://fount.aucegypt.edu/etds/1544 https://fount.aucegypt.edu/context/etds/article/2558/viewcontent/DBKnot_Thesis_V17.pdf |
| work_keys_str_mv | AT khalilislam dbknotatransparentandseamlesspluggabletamperevidentdatabase |