Académique Documents
Professionnel Documents
Culture Documents
at
Database Forensics
Edgar Weippl
eweippl@securityresearch.at
Presented by Johannes Heurix
jheurix@securityresearch.at
Secure Business Austria
ISSI2009, NII
2004-2009 Secure Business Austria
Introduction
Importance of database forensics
Critical/sensitive information stored in databases, e.g. bank account data,
health data
www.securityresearch.at
Things to consider
How to gain access to the system
Live vs. dead system
Integrity
Images
Data encryption
Goal
[2]
Information Sources
Files
MAC - (last) Modified time, Access time, Change/Create time (file
attributes)
www.securityresearch.at
Timeline analysis
Internal structures
SQL Server artifacts: data cache, plan cache, VLF, error logs, .
Forensic tools (e.g. Windows Forensic Toolchest), automated scripts
Volatility, file locks
[3]
www.securityresearch.at
[4]
www.securityresearch.at
Ongoing Research
[5]
www.securityresearch.at
Pseudonymization of
Health Data
Thomas Neubauer
tneubauer@securityresearch.at
Johannes Heurix
jheurix@securityresearch.at
Secure Business Austria
ISSI2009, NII
2004-2009 Secure Business Austria
Motivation
Privacy is one of the fundamental issues in health care today,
especially when digitizing medical data
www.securityresearch.at
Identifier retained
www.securityresearch.at
Identifier is removed
Anonymization
Reversible, but only by patient
Health data fully encrypted
Privacy
Encryption
[8]
Transparency
Pseudonymization
2004-2009 Secure Business Austria
PIPE - Pseudonymization of
Information for Privacy in e-Health
Identification Data
www.securityresearch.at
Patient
Pseudonyms
Attacker
Trusted Health
Care Provider
Pseudonyms
Secondary User
(Research Institution)
Trusted Health
Care Provider
[9]
Health Data
2004-2009 Secure Business Austria
Ongoing research
Extension with advanced privacy-preserving query and retrieval
techniques
Development of configurable pseudonymization workflows for different
domains
Service-based centralized design
[10]