Forensic attribution in NoSQL databases

Hauger and Olivier

2017

Citation information

W. Hauger and M. S. Olivier. “Forensic attribution in NoSQL databases”. In: 2017 Information Security for South Africa (ISSA). Ed. by H. S. Venter et al. IEEE, Aug. 2017, pp. 74–82

Abstract

NoSQL databases have gained a lot of popularity over the last few years. They are now used in many new system implementations that work with vast amounts of data. This data will typically also include sensitive information that needs to be secured. NoSQL databases are also underlying a number of cloud implementations which are increasingly being used to store sensitive information by various organisations. This has made NoSQL databases a new target for hackers and other state sponsored actors. Forensic examinations of compromised systems will need to be conducted to determine what exactly transpired and who was responsible. This paper examines specifically if NoSQL databases have security features that leave relevant traces so that accurate forensic attribution can be conducted. The seeming lack of default security measures such as access control and logging has prompted this examination. A survey into the top ranked NoSQL databases was conducted to establish what authentication and authorisation features are available. Additionally the provided logging mechanisms were also examined since access control without any auditing would not aid forensic attribution tremendously. Some of the surveyed NoSQL databases do not provide adequate access control mechanisms and logging features that leave relevant traces to allow forensic attribution to be done using those. The other surveyed NoSQL databases did provide adequate mechanisms and logging traces for forensic attribution, but they are not enabled or configured by default. This means that in many cases they might not be available, leading to insufficient information to perform accurate forensic attribution even on those databases.

Definitive version

The definitive version of the paper is available from the publisher.
DOI: 10.1109/ISSA.2017.8251777

BibTeX reference

@inproceedings(nosqlattribution,
author={Werner Hauger and Martin S Olivier},
title={Forensic attribution in {NoSQL} databases},
booktitle={2017 Information Security for South Africa (ISSA)},
month={8},
year={2017},
editor={H S Venter and M Loock and M Coetzee and M M Eloff and J H P Eloff},
pages={74--82},
publisher={IEEE} )


[Publications] [Home]
Page maintained by Martin Olivier
Record refreshed: March 21, 2019

Beta version of new bibliography database; please report errors (or copyright violations) that may have slipped in.