IoT database forensics : an investigation on HarperDB Security

Marsh, R ORCID: https://orcid.org/0000-0003-0069-8552, Belguith, S ORCID: https://orcid.org/0000-0003-0069-8552 and Dargahi, T ORCID: https://orcid.org/0000-0002-0908-6483 2019, IoT database forensics : an investigation on HarperDB Security , in: ACM International Conference on Future Networks and Distributed Systems.

[img]
Preview
PDF - Published Version
Download (601kB) | Preview

Abstract

The data that are generated by several devices in the IoT realmrequire careful and real time processing. Recently, researchers haveconcentrated on the usage of cloud databases for storing such datato improve efficiency. HarperDB aims at producing a DBMS that isrelational and non-relational simultaneously, to help journeymendevelopers creating products and servers in the IoT space. Much ofwhat the HarperDB team has talked about has been achieved, butfrom a security perspective, a lot of improvements need to be made.The team has clearly focused on the problems that exist from adatabase and data point of view, creating a structure that is unique,fast, easy to use and has great potential to grow with a startup.The functionality and ease of use of this DBMS is not in question,however as the trade-off triangle to the right suggests, this doesentail an impact to security. In this paper, using multiple forensicmethodologies, we performed an in-depth forensic analysis onHarperDB and found several areas of extreme concern, such as lackof logging functionalities, basic level of authorisation, exposure ofusers’ access rights to any party using the database, There had to bea focus on preventative advice instead of reactive workarounds dueto the nature of the flaws found in HarperDB. As such, we providea number of recommendations for the users and developers.

Item Type: Conference or Workshop Item (Paper)
Schools: Schools > School of Computing, Science and Engineering > Salford Innovation Research Centre
Depositing User: Dr. Sana Belguith
Date Deposited: 08 Jul 2019 09:15
Last Modified: 01 Oct 2019 16:45
URI: http://usir.salford.ac.uk/id/eprint/51751

Actions (login required)

Edit record (repository staff only) Edit record (repository staff only)

Downloads

Downloads per month over past year