News Column

Patent Application Titled "Destruction of Sensitive Information" Published Online

June 3, 2014



By a News Reporter-Staff News Editor at Information Technology Newsweekly -- According to news reporting originating from Washington, D.C., by VerticalNews journalists, a patent application by the inventors Cherel, Thomas (Saint-Eustache, FR); Milman, Ivan M. (Austin, TX); Oberhofer, Martin (Bondorf, DE); Padilla, Donald A. (Albuquerque, NM), filed on November 15, 2012, was made available online on May 22, 2014.

The assignee for this patent application is International Business Machines Corporation.

Reporters obtained the following quote from the background information supplied by the inventors: "Today, Personally Identifiable Information (PII) is stored in many commercial software systems, such as hierarchical, columnar, and relational database systems, as well as in Hadoop/Big Data processing infrastructures. Conventional systems may protect PII with, for example access restrictions using authentication and authorizations.

"In addition, conventional systems may protect PII with, for example, encryption. Such encryption includes encryption of data at rest (backups, etc.) and encryption on data in transmission (e.g., by encrypting the communication channel (e.g., Secure Socket Layer (SSL)), by encrypting the data in transfer (message encryption), by a combination of encrypting the communication channel and the data in transfer, and by audit trails).

"Some conventional systems detect PII in a database. However, PII is just one example of sensitive information, and there are other types of sensitive information (such as salary information, performance reviews, confidential product plans, etc.).

"Within conventional database systems, sensitive information (e.g., PII) once it is no longer needed should be destroyed. However, some conventional systems do not properly destroy such sensitive information. For example, if a table containing sensitive information is dropped in a database, but no measure is taken to overwrite the appropriate areas on the hard disk where the table was stored, this leaves the sensitive information on the hard disk vulnerable to hard disk discovery tools.

"A single node database system may be described as a database installed on a server that has 4 tablespaces, where: tablespace TS1 contains the tables T1, T2 and T3, where tablespace TS2 contains the tables T4, T5, and T6, where tablespace TS3 contains the tables T7, T8 and T9, and where tablespace TS4 contains the tables T10 and T11. As storage for the database, there are two storage systems, each containing six hard disks where, in the two storage systems: eight of the hard disks have file systems managed by an operating system and four of the hard disks are used as raw devices, which means there are no file systems managed by the operating system on these four hard disks.

"With reference to the single node database system, assume that the tablespace TS4 has been created with the following Statement 1 using the four raw devices:

"TABLE-US-00001 Statement 1 CREATE TABLESPACE T4 MANAGED BY DATABASE USING (DEVICE '/dev/rhdisk0' 10000, DEVICE '/dev/rhdisk1' 10000, DEVICE '/dev/rhdisk2' 10000, DEVICE '/dev/rhdisk3' 10000 )

"With Statement 1, table T10 and table T11 are created in tablespace TS4. Assume table T10 contains sensitive information (e.g., PII) and is dropped. In this scenario, conventional techniques used with file systems for deleting PII cannot be used to ensure that the portions of the four raw devices that contained the sensitive information are securely deleted (e.g., by overwriting the sensitive information several times with zeros, etc.) so that the information is not recoverable with disk recovery tools. This is because the operating system and file system can not affect the hard disks used as raw devices that are managed by the database.

"Continuing with the example of the single node database system, assume that the tablespace TS1 has been created with the following statement 2:

"TABLE-US-00002 Statement 2 CREATE TABLESPACE T1 MANAGED BY DATABASE USING (FILE 'C.\db2\file1' 1 M, FILE 'D:\db2\file2' 1 M) AUTORESIZE YES INCREASESIZE 2 M MAXSIZE 100 M

"In this case, tablespace TS1 uses two file containers with an initial size of 1 megabyte (MB), a growth rate of 2 megabytes and a maximal size of 100 megabytes. A file container may be described as a file on a file system. This means, tables T1, T2 and T3 in tablespace TS1 can allocate jointly a maximum size of 200 MB (2 file containers with a maximum size of 100 megabytes each). Now, assume T2 is a table containing sensitive information and T2 is dropped. Unlike the scenario using Statement 1, there is now a file system layer between the operating system and the database. However, only the database knows which portions of the two file containers file1 and file2 were used by the database, and, thus, need to be cleaned (e.g., by overwriting the appropriate portions with zeros, etc.) to ensure the sensitive information cannot be recovered. Therefore, the well understood techniques used with file systems for deleting PII can not be used to ensure that the portions that contained the sensitive information are securely deleted.

"A multi-node database system includes multiple nodes. A node may be described as a separate computing device, such as a server system. For this example, a database is partitioned across multiple nodes. As storage for the database, there are three storage systems accessed by Network Attached Storage (NAS), with each of the storage systems containing six hard disks where, in two storage systems: six of the hard disks have file systems managed by an operating system, six of the hard disks are used as raw devices and do not have file systems managed by the operating system, and four of the hard disks have Encrypting File Systems (EFS).

"A tablespace may span across one or more nodes. A partition group clause may be used to adjust the number of nodes that the tablespace may span in a fine granular manner. A table may be split across several partitions.

"If combined with file system techniques, such as, Global Parallel File System (GPFS), there is an additional abstraction layer between the storage devices and the file systems involved, hiding from the file space consumers such as the database the details of the underlying physical storage hardware to improve business resiliency).

"Similarly to the single node database system, with a multi-node database system, it is difficult to destroy sensitive information when a tablespace is dropped.

"In conventional systems, only the database knows which portions of a hard disk/file system belongs to a table and should be cleaned for destruction of sensitive information.

"Some conventional systems use file system encryption techniques. Such file system encryption techniques may not be used in case of high-end performance requirements on the database because of their performance impact and Input/Output (I/O) operations are a performance constraint for any database operations. Moreover, in case of raw devices, there is no file system involved, and so these file system encryption techniques are unavailable."

In addition to obtaining background information on this patent application, VerticalNews editors also obtained the inventors' summary information for this patent application: "Provided are a method, computer program product, and system for deleting sensitive information in a database. One or more objects in a database that are accessed by a statement are identified. It is determined that at least one object among the identified one or more objects contains sensitive information by checking an indicator for the at least one object. One or more security policies associated with the at least one object are identified. The identified one or more security policies are implemented for the at least one object to delete sensitive information.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

"Referring now to the drawings in which like reference numbers represent corresponding parts throughout:

"FIG. 1 illustrates a computing environment in accordance with certain embodiments.

"FIG. 2 illustrates a computing environment in accordance with certain alternative embodiments.

"FIG. 3 illustrates an example a table in a database catalog in accordance with certain embodiments.

"FIG. 4 illustrates, in a flow diagram, operations for storing data in the database catalog in accordance with certain embodiments.

"FIG. 5 illustrates, in a flow diagram, operations for processing a statement with secure deletion of sensitive information in accordance with certain embodiments. FIG. 5 if formed by FIG. 5A and FIG. 5B.

"FIG. 6 illustrates, in a flow diagram, operations for implementing one or more security policies in accordance with certain embodiments.

"FIG. 7 illustrates a computing environment with a single server in accordance with certain embodiments.

"FIG. 8 illustrates a computing environment with a single server in accordance with certain alternative embodiments.

"FIG. 9 depicts a cloud computing node in accordance with certain embodiments.

"FIG. 10 depicts a cloud computing environment in accordance with certain embodiments.

"FIG. 11 depicts abstraction model layers in accordance with certain embodiments."

For more information, see this patent application: Cherel, Thomas; Milman, Ivan M.; Oberhofer, Martin; Padilla, Donald A. Destruction of Sensitive Information. Filed November 15, 2012 and posted May 22, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=728&p=15&f=G&l=50&d=PG01&S1=20140515.PD.&OS=PD/20140515&RS=PD/20140515

Keywords for this news article include: Information Technology, International Business Machines Corporation, Information and Data Encoding and Encryption.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Information Technology Newsweekly


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters