Database and Information Systems Security

 Dr. Gertz'z traditional research focus has been on various aspects of semantic integrity and data quality in databases (see Publications Web page). In the last years, he has extended this line of research to security related data integrity aspects as well as general database security themes. Thetwo most visible contributions in these areas are in the context of (1) authentic data publication schemes and (2) misuse detection in databases.

Authentic Data Publication
Michael Gertz, Prem Devanbu, Chip Martel and Philip Rogaway are working on novel approaches untrusted databases on the Internet (so-called data publishers) can use to prove to clients (data consumers) that answers to queries against their databases are correct. This framework provides data owners with a very convenient and scalable framework to let untrusted data publishers publish mission critical data in an authentic fashion. This aspect is very important and of high relevance for many practical application scenarios where the integrity of data plays a crucial role. This work has been funded by the highly competitive NSF-ITR program at a level of $786,465 in 2000. The initial work has been presented at the International Conference on Data and Applications Security 2000 in the context of relational databases. In this paper, we show that compact proofs for answers to certain relational queries can be computed efficiently using index structures that are based on a Merkle-Hash tree scheme. A more complete description of the efficient computation of compact proofs including important security results appear in the Journal of Computer Security. In two related works we (1) describe how our data publication framework contributes to increasing the availability of mission critical information on the Internet and thus provides an important aspect in information survivability, and (2) show how the data publication scheme can be used in the context of software configuration management over the Internet.

With the advancement of XML as data representation format on the Web, we started investigating authentic data publication schemes for XML data. At the highly visible ACM Conference on Computer and Communication Security (CCS-8), we presented an authentic data publication scheme for XML data. This approach utilizes document type definitions (DTDs) for constructing index structures used in efficiently computing proofs (verification objects) for answers to path queries against XML documents. A more detailed and extended description of this approach has recently been submitted for Journal publication. While in these works we assume that a DTD is associated with an XML document collection, in another paper we present a new approach that does not require a DTD but computes an authentication structure in form of ancestor trees from a collection of XML documents. A more formal and general framework for describing search and index structures for authenticating answers to queries against more general data sources has been submitted for Journal publication.

Personnel:
Michael Gertz (Computer Science)
Prem Devanbu (Computer Science)
Chip Martel (Computer Science)
Philip Rogaway (Computer Science)
Glen Nuckolls (Ph.D. student, Computer Science)

Funding:
NSF ITR Award: "Scalable and Secure Information Republication". This work is also mentioned on the NSF ITR Highlights page.

Publications:

  • Prem Devanbu, Michael Gertz, April Kwong, Chip Martel, Stuart G. Stubblebine: Flexible Authentication of XML Documents. Submitted for Journal publication, July 2002. [.pdf]
  • Prem Devanbu, Michael Gertz, Chip Martel, Stuart G. Stubblebine: Authentic Data Publication over the Internet. Accepted for publication in the Journal of Computer Security. [.pdf]
  • Prem Devanbu, Michael Gertz, April Kwong, Chip Martel, Stuart G. Stubblebine: Flexible Authentication of XML Documents. In Eighth ACM Conference on Computer and Communications Security (CCS-8), 136-146, ACM, 2001. [.pdf]
  • April Kwong, Michael Gertz: Authentic Publication of XML Document Data. In Proceedings of the 2nd International Conference on Web Information Systems Engineering (WISE'01), 331-340, IEEE Computer Society, 2001.
  • Prem Devanbu, Michael Gertz, Chip Martel, Stuart G. Stubblebine: Authentic Third-party Data Publication. In 14th IFIP 11.3 Working Conference in Database Security,101-112, Kluwer, 2000.[.ps]  [.pdf]
  • Premkumar Devanbu, Michael Gertz, Stuart Stubblebine: Security for Automated, Distributed Configuration Management. In Proceedings, ICSE 99 Workshop on Software Engineering over the Internet, 1999. [.ps] [.pdf]