Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A visiting US academic has revealed a vulnerability in the disk versions of write once, read many file stores that allowed insiders to change or delete electronic records.
Speaking in Canberra this week, Singapore-based University of Illinois at Urbana-Champaign professor Marianne Winslett warned that insiders could subvert the security-toughened storage devices by "understanding their [the devices] indexes were not trustworthy".
“You just have to alter the index - which is on ordinary storage. It’s a piece of cake,” she said.
“If there’s an incriminating email on these secure servers, you just delete the relevant index pointing to the email and you’ll never find it again among all that data.”
Winslett said that write once, read many (WORM) security made other attacks almost impossible. For example, she said the systems were designed to stop attackers from putting forward the server's internal time to delete unwanted data.
But a favoured attack vector was to go back in time to before a document existed to delete it, she said.
“You say: the ‘system has crashed’ and you have to restart from one of your backups," Winslett said.
"You just start from a backup that is way old.”
Database security
Relational databases posed particular issues on WORM systems due to regular data changes, Winslett said.
She said it was possible to improve security on relational database systems by using keeping time-stamped copies of it and hash functions to speed integrity checks.
She said a solution was to use a modified version of the Berkeley DB (now owned by Oracle).
“My conclusion is that it is possible to make relational databases tamper-evident at low cost – less than 1 percent overhead on running transactions - and you can do periodic audits very quickly any time you want," she said.
But there would be little demand for more security unless it was mandated by regulators or IT auditors.
“I’ll have to wait for the next big scandal where the data backups were not trustworthy and a tightened interpretation of the law will be required," Winslett said.
Despite the lack of impetus in the private sector, she noted that governments should consider making such security enhancements.
“As electronic records replace paper records, it becomes easy to make such alterations without leaving behind evidence that can be used to detect the changes and determine who made them”, she said.
”There’s no reason to trust your public records - which has got to be scary to every government.
"I bet [government] would be willing to pay a little bit more just to know it would be hard to tamper with their data records.”
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.