Professional Paranoid

My research interests cover the design and analysis of security techniques and systems, with a sideline in various obscure security-related areas such as the recovery of deleted data from magnetic media, and whatever else happens to catch my interest. To view some of the documents referenced on this page you’ll need a copy of the free Adobe Acrobat reader software (note: This link takes you to Acrobat 5.1, which avoids the very buggy and unstable Acrobat 6 or the bloated mess that is Acrobat 7 which Adobe will force on you if you get it from their main download site). Alternatively, if you’re running Windows, you can try the Foxit PDF Reader, which is what the Acrobat reader would be if it lost about 15MB of bloat and ran about 50 times faster than it does.

One of the most popular pages that I maintain is my security resource link farm, a huge (around 1/2MB) collection of links to security and encryption products, companies, papers, conferences, e-commerce and digital cash, security and intelligence agencies, smart cards, digital certificates and CA’s, standards and publications, security problems and holes, and anything else vaguely related to encryption and security. If you’re looking for anything in this area…

Peter Gutmann’s Home Page


Best Practices For Preserving Security

The centralisation of branch office servers and storage enables enterprises to more effectively manage and secure critical business information.

By moving servers out of branch offices and consolidating IT infrastructure to fewer, purpose-built data centres, enterprises can protect vital business resources through tight physical security and well-defined access procedures.

In addition, server centralisation reduces sensitive user credential stores, helping to ensure that this information remains protected from unauthorised access.

BIOS: Technology Means Business

Intrusion recovery for databases and file systems

Recovery of lost or damaged data in a post-intrusion detection scenario is difficult task since database management systems are not designed to deal with malicious committed transactions. Recovery of lost or damaged initialization vectors for data encryption is also a difficult task since this information is critical to recover for a successful decryption of data. Self-securing data turns data-store solutions into active parts of an intrusion survival strategy. Few existing methods developed for this purpose heavily rely on logs and require that the log must not be purged. This causes the log grow tremendously and, since scanning the huge log takes enormous amount of time, recovery becomes a complex and prolonged process.

In this research, we have used data dependency approach to log only selected database columns and selected fields in flat file records. During damage assessment and recovery, we rely on a secure ‘evidence-quality’ log and skip parts of the log that contain unaffected columns. This paper introduces how self-securing data enhances an administrator’s ability to detect, diagnose, and recover from intrusions. First, data-at-rest intrusion detection offers a new observation point for noticing suspect activity. Second, post-hoc intrusion diagnosis starts with a plethora of normally unavailable information. Finally, post-intrusion recovery is reduced to recover a pre-intrusion data image retained by the server. Combined, these features can improve an organization’s ability to survive successful digital intrusions of critical data items.


Any computer system that is connected to a network is vulnerable to information attacks. In spite of all preventive measures, savvy intruders manage to sneak through and damage sensitive data. Initial damage later spreads to other parts of the database when a legitimate transaction updates valid data…

Security Park – Intrusion recovery for databases and file systems