EAGER-TC: Limiting Effect of RAM-Scraping Attacks in DBMSs
University Of California-Irvine, Irvine CA
Investigators
Abstract
This proposal explores effective solutions to RAM scraping attacks in the context of data management workloads. Recent studies identify RAM scraping attacks, wherein an adversary installs malware to steal memory resident data, as one of the major causes of data thefts in enterprise information systems. Proposed research explores new vulnerabilities introduced by RAM scraping and develops practical solutions that offer the right blend of security against such attacks while keeping performance degradation (due to cost/overhead of security scheme) within acceptable limits. The research team will explore realistic attack scenarios, model adversarial capabilities and constraints for typical DBMSs (e.g., small duration repeated attacks, effects of buffering and data lifetime, presence of concurrent queries, bandwidth limits, etc.), design criteria of a risk-aware query optimization that can account for a variety of disclosure risks emanating from RAM-scraping malwares; and develop optimization techniques that simultaneously optimize performance and reduce disclosure risks. Proposed research also explores the threat of RAM-scraping attacks for the emerging cloud-based data processing frameworks like MapReduce. Intellectual Merit: The proposed research represents the first attempt towards a new direction of research , viz. mitigating impact of RAM scraping attacks in the context of DBMS workloads, that has not been addressed by the database research community at large. The proposed approach of redesigning a query optimizer to explore tradeoffs between performance and disclosure risks represents a significant innovation in query processing and memory management in the database management area. Furthermore, exploration of RAM scraping attacks in MapReduce style cloud-based data processing frameworks represents new innovation in cloud security. Broader Impact: The results of this EAGER grant will help launch a new line of research within database security community ? viz., risk aware database management that balances data exposure risks from RAM scraping attacks with performance degradation in a variety of adversarial settings. The proposed research could also make a significant impact on the DBMS vendors and data service providers in the emerging cloud computing framework. For further information see the project web site at the URL: http://www.ics.uci.edu/~projects/privacygroup/projects.html
View original record on NSF Award Search →