These days, nearly every organization, no matter how small, has a database behind the scenes full of information critical to its operation. But somebody has to make sure that data is secure, and that's the problem Dr. Brajendra Panda has been grappling with since the beginning of his career.

"When I was doing my Ph.D., not many people talked about computer security, and it was a very small field," he says. "PCs did not even have logon IDs and passwords in those days." But he was intrigued, and got started working on database query processing with the military, one of the few organizations that was interested.

Now, of course, everyone is thinking about security. It's a broad field, with different areas focusing on controlling access, detecting intruders, and identifying and repairing malicious changes. Dr. Panda, however, isn't currently interested in these outsider threats.

"We have some idea about stopping outsiders from getting into the database. Once we notice that, we can completely prohibit them from accessing the database. But we cannot do that for insiders," Panda explains. Whether it's an employee working for a company or a potential customer browsing an online retailer's inventory, preventing access would mean preventing profit. "But these are legitimate users; if they start doing something wrong, what do we do? It's a more challenging problem."

The challenge has to be tackled from several directions.

One way is to develop user profiles, to identify unusual behavior. Building a picture of what applications the database is supposed to run, who does and does not have access to them, normal hours for access, and which data items are meant to be seen by which people will allow the system to identify suspicious behavior without interfering with the majority of users. "Based on these parameters, we detect any anomalies, and then we try to raise some kind of flags," Panda explains. For example, if an employee usually comes to the office at eight every morning, but one morning he logs into the database at six, the system will notice the anomaly, and watch his behaviour. If he just felt like rising early, he will be able to continue his work as usual, but if he continues to act suspiciously, perhaps accessing different applications or data, once the anomalies reach a threshold, the system will take action.

Another way to address insider threat is to locate critical database items and focus extra security in those areas. The trick is determining the important items automatically, and they key is investigating interdependence. If, for example, employees' yearly bonuses are dependent on their ranks within the company, changing an employee's rank will change the bonus as well, making the bonus dependent on the rank. Determining the dependency relationships between all the data items in a database will reveal which items have the most effect throughout the system, pinpointing the most critical items to protect.

Dr. Panda has been with the University of Arkansas since 2001. He currently receives funding from the U.S. Air Force Office of Scientific Research. His research translates to the classroom, as well; undergraduates have the opportunity to study with him in his Database Management Systems class, and graduates in his Computer Security and Computer Forensics classes.