Conference Paper

Methodologies for Detecting Covert Database

Center for Inf. Security Technol., Korea Univ., Seoul;
DOI: 10.1109/IIH-MSP.2008.258 Conference: Intelligent Information Hiding and Multimedia Signal Processing, 2008. IIHMSP '08 International Conference on
Source: IEEE Xplore

ABSTRACT Forensic accounting has recently gained great attention in the accounting and computer forensic fields since government regulations such as Health Insurance Portability and accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), sarbanes-oxley Act~cite{b1} (SOX) were introduced in the United States. Although these regulations force corporations to provide financial transparency, they still commit accounting frauds such as slush fund or tax evasion. moreover, companies have substituted paper-work with IT systems such as DBMS (database management system), EDMS (electronic document management system), and ERP (Enterprise Resource Planning) system. Since the majority of corporations use DBMS we should focus our attention on discovering financial information in a database server. However, frauds are difficult to observe and detect because the perpetrators did their best to conceal their fraudulent activities. In particular, we need to consider the case of a covert database server. This paper proposes a methodology for detecting covert database server, which would be helpful for forensic investigators. Therefore, we describe an example of covert database server and suggest several detection techniques. Finally, we provide our methodology according to classification of investigation cooperation.

0 Bookmarks
 · 
79 Views
  • [Show abstract] [Hide abstract]
    ABSTRACT: Many companies produce public financial statements as part of their annual accounts. These financial statements are audited by the Financial Supervisory Service (FSS) in Korea to identify their financial transparency (1). However, even if financial risk has been evaluated using fraud symptom analysis, fraudulent acts committed by fabricating financial statements and transactions may lead to creative accounting. The adverse impact of financial fraud is rapidly increasing worldwide; it affects both individuals and national economic systems. For example, fraudulent companies may be unable to raise funds; in the worst case, they may go into bankruptcy. Generally, the financial accounts of companies exist as digital accounting data in computer system. Database systems efficiently manage this digital data. Therefore, we are conducting research on digital forensic accounting to detect fraud factors in financial transactions. In this paper, we suggest methodologies for forensic accounting investigation. We explain the process and cycle of financial fraud investigation. We also propose forensic accounting techniques that can detected the fraud factors. The techniques are representatively included in a covert resource detection system. This uses financial and business data extraction techniques in the company's server, a data acquisition tool in an external file server, a forensic accounting tool to detect financial fraud factors.
    01/2009;
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we study tactical covert timing networks with dynamic spectrum access ca-pability amidst adversaries. We present a two-tier game framework to model the attack-defense scenario. There are very few studies available in the literature on covert timing channels with multiple parallel transmissions. This paper presents a new paradigm com-bining the time diversity provided by covert timing channels and frequency diversity pro-vided by dynamic spectrum switching, to combat jamming. The dynamic sensing of different spectrum bands and subsequent jamming by the attacker, and the camouflaging defense by the covert network are modeled as a two-tier game. We present a dynamic minimax camou-flaging strategy for the covert network and sensing and jamming strategies for the attacker. We compare the performance of our proposed equilibrium strategies with that of other well known strategies and demonstrate the effectiveness of our proposed solution. We use theo-retical analysis, simulations and testbed experiments to illustrate our ideas.
    Mobile Computing and Communications Review. 01/2009; 13.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Il problema della sicurezza di funzionamento, intesa sia come garanzia della correttezza delle operazioni che dell'impossibilità di alterare il funzionamento stesso in maniera più o meno volontaria, dei sistemi complessi hardware/software oggi in uso è sempre più sentito e importante, specie nel momento in cui si vuole assegnare ai sistemi stessi funzioni molto critiche ed affidare ad essi l'incolumità stessa degli esseri umani. Nonostante molti sforzi siano in corso al fine di ottenere risposte complete ed affidabili, non esistono ad oggi metodologie d'indagine che consentano di certificare la sicurezza di tali sistemi. Nella fattispecie si è rivolta l'attenzione alle SIM/USIM card. La sicurezza di tali sistemi può essere valutata sia sul piano hardware che su quello software. Dal punto di vista hardware si avverte, in modo sempre più crescente, l'esigenza di avere delle metodologie costruttive che siano tali da rendere il dispositivo robusto al reverse engineering a livello fisico. Sul fronte software vi è una continua ricerca volta alla creazione di sistemi operativi implementati con metodologie di verifica del codice sorgente. Inoltre sono in fase di studio sistemi di tipo sandbox che permettono l'esecuzione controllata di applicazioni installabili su smart card, il che è fondamentale per prevenire potenziali attacchi da parte di codice maligno. Nell'ambito delle telecomunicazioni, un'applicazione della smart card che ha indubbiamente preso piede è quella della SIM/USIM card. L'obbiettivo della ricerca in questo ambito è quello di sviluppare strumenti open-source [2][3] idonei all'acquisizione di tutti i dati digitali osservabili utili per un'analisi forense. A tal proposito è stato implementato uno strumento software, in linguaggio ANSI C e Perl, preposto all'acquisizione ed alla successiva interpretazione del contenuto osservabile di una SIM/USIM card. Questo si rivela estremamente utile per derivare elementi probatori che sono fondamentali nell'ambito di un'indagine giudiziaria.