UA Shares NSF Grant for Research on Securing Databases

Computer science professor Richard Snodgrass will help lead a project with funding from the National Science Foundation.
Oct. 3, 2008
Richard T. Snodgrass, UA professor of computer science
Richard T. Snodgrass, UA professor of computer science

A project is underway to develop a system that would be able to detect and track even minute changes in electronic data systems that hold sensitive and private information.

University of Arizona computer science professor Richard T. Snodgrass and his colleagues have spent years working to strengthen safeguards for digital records.

The team of researchers from the UA and two other institutions has just received a joint grant from the National Science Foundation to advance their work, which is especially relevant given recent financial scandals and also because of recently mandated federal laws against white-collar crime.

"If I change a cell, the product would think the whole document is changed,” Snodgrass said, adding that the system would help users comply with regulations and also increase accountability within their respective practices.

“What we’re doing is taking those techniques to an individual cell level," he said. "This will help companies to be compliant with these laws and, just as important, help the public to know that these regulations are being followed.”

Snodgrass is a co-principal investigator on a three-year NSF grant totaling $870,000 that will allow researchers to develop and study a system of creating databases that are far more secure and advanced in tracking information changes, while retaining their high performance.

"Primarily, we’re creating new functionality to enable the database to do something it can’t do now, and to do it efficiently,” said Snodgrass, who specializes in tamper detection, database design, temporal databases and the science of computation.

The team is working to create a system that would be able to detect and track changes made, and to tie those changes to a single source – but without sacrificing performance for security. The project has implications for any business that uses a database to store information that is of a critical nature.

The grant – "III-COR Medium: Collaborative Research: Achieving Compliant Databases” – will be split among the UA, Stony Brook University and the University of Illinois at Urbana-Champaign.

The challenge, Snodgrass said, will be in making sure that the system is in compliance and, at the same time, prevents insiders “with super-user powers” from improperly changing the stored information.

All of this is increasingly important to ensure secure databases not only for best business practices, but also because of government mandates, Snodgrass said.

“Many laws are now on the books because of Enron and others,” said Snodgrass, who added that the UA’s grant amount is about $280,000.

“These laws say that changes to the financial record need to be monitored and that only certain people can make changes,” he said. 

One such law is what is commonly known as the Sarbanes-Oxley Act – one that the U.S. Congress passed in 2002 after a series of financial scandals surfaced in companies like Enron, Tyco and WorldCom.

The act, as it reads, was created to “protect investors by improving the accuracy and reliability of corporate disclosures.” The federal law makes it illegal to destroy, alter or falsify records, among other things. It also called for the creation of an oversight board and strengthened sanctions against those who commit white-collar crimes.

“There are many products that help support these laws," Snodgrass said. "The problem is that those systems don’t work if you have a database like an Excel spreadsheet."