US security expert reveals WORM compromise

A visiting US academic has revealed a vulnerability in the disk versions of write once, read many file stores that allowed insiders to change or delete electronic records.

Speaking in Canberra this week, Singapore-based University of Illinois at Urbana-Champaign professor Marianne Winslett warned that insiders could subvert the security-toughened storage devices by "understanding their [the devices] indexes were not trustworthy".

“You just have to alter the index - which is on ordinary storage. It’s a piece of cake,” she said.

“If there’s an incriminating email on these secure servers, you just delete the relevant index pointing to the email and you’ll never find it again among all that data.”

Winslett said that write once, read many (WORM) security made other attacks almost impossible. For example, she said the systems were designed to stop attackers from putting forward the server's internal time to delete unwanted data.

But a favoured attack vector was to go back in time to before a document existed to delete it, she said.

“You say: the ‘system has crashed’ and you have to restart from one of your backups," Winslett said.

"You just start from a backup that is way old.”

Database security

Relational databases posed particular issues on WORM systems due to regular data changes, Winslett said.

She said it was possible to improve security on relational database systems by using keeping time-stamped copies of it and hash functions to speed integrity checks.

She said a solution was to use a modified version of the Berkeley DB (now owned by Oracle).

“My conclusion is that it is possible to make relational databases tamper-evident at low cost – less than 1 percent overhead on running transactions - and you can do periodic audits very quickly any time you want," she said.

But there would be little demand for more security unless it was mandated by regulators or IT auditors.

 “I’ll have to wait for the next big scandal where the data backups were not trustworthy and a tightened interpretation of the law will be required," Winslett said.

Despite the lack of impetus in the private sector, she noted that governments should consider making such security enhancements.

“As electronic records replace paper records, it becomes easy to make such alterations without leaving behind evidence that can be used to detect the changes and determine who made them”, she said.

”There’s no reason to trust your public records - which has got to be scary to every government.

"I bet [government] would be willing to pay a little bit more just to know it would be hard to tamper with their data records.”