Alexander Rasin

Alexander Rasin

Is your Database Leaking Encrypted Data?

Forensic tools often operate in adversarial conditions, without cooperation from the device owner. Storage encryption (either device-drive or software) prevents forensic tools from accessing and reconstructing data in persistent storage. Meanwhile, RAM and its cache can provide an alternate source of decrypted data to forensic tools. Prior data encryption research considered disk partition encryption, encryption in file systems, and client-side encryption. However, such work does not account for encryption in database management systems (DBMS). DBMSes manage their own storage instead of relying on the operating system with native DBMS support for disk and RAM cache management, access control configuration, and built-in encryption features.
The first part of this talk teaches the basic principles of disk-to-RAM data flow within a DBMS. We describe different allocated RAM areas and their purpose in major relational DBMSes (including  Oracle, SQL Server, PostgreSQL, and MySQL). We also survey the built-in encryption features available in these DBMSes, including deployment trade-offs. The second part of this talk describes DBMS encryption vulnerabilities through examples. We discuss SQL operations that potentially expose decrypted data in RAM. We also demonstrate the quantity of data cached by SQL queries and the lifecycle of that data in memory.

Adam Baso

Adam Baso

Crowdsourcing and Collaborative Product Development at Wikipedia

The early days of the open web encouraged a collaborative model of software development – technology built from the ground up, systems that were developed collectively and without hierarchy. For the past two decades, Wikipedia has succeeded to a large degree because of that collaborative model. It invites contributions, from our content down to our code. This talk will discuss how to build a truly participatory product development model, the opportunities and challenges Wikipedia has faced as a result of its open approach to technology platforms, and what the future looks like.