Skip to main content
SpringerLink
Log in

Trusted Recovery

  • Chapter
Secure Data Management in Decentralized Systems

Part of the book series: Advances in Information Security ((ADIS,volume 33))

Abstract

Database security concerns the confidentiality, integrity, and availability of data stored in a database. A broad span of research from access control [16],[20],[48], to inference control [1], to multilevel secure databases [50],[56], and to multilevel secure transaction processing [4], addresses primarily how to protect the security of a database, especially its confidentiality. However, very limited research has been done on how to survive successful database attacks, which can seriously impair the integrity and availability of a database. Experience with data-intensive applications such as credit card billing, banking, air traffic control, logistics management, inventory tracking, and online stock trading, has shown that a variety of attacks do succeed to fool traditional database protection mechanisms. In fact, we must recognize that not all attacks — even obvious ones — can be averted at their outset. Attacks that succeed, to some degree at least, are unavoidable. With cyber attacks on data- intensive Internet applications, i.e., e-commerce systems, becoming an ever more serious threat to our economy, society, and everyday lives, attack resilient database systems that can survive malicious attacks are a significant concern.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. R. Adam. Security-Control Methods for Statistical Database: A Comparative Study. ACM Computing Surveys, 21(4), 1989.

    Google Scholar 

  2. P. Ammann, S. Jajodia, and P. Liu. Recovery from malicious transactions. IEEE Transaction on Knowledge and Data Engineering, 14(5):1167–1185, 2002.

    Article  Google Scholar 

  3. P. Ammann, S. Jajodia, C.D. McCollum, and B.T. Blaustein. Surviving information warfare attacks on databases. In Proceedings of the IEEE Symposium on Security and Privacy, pages 164–174, Oakland, CA, May 1997.

    Google Scholar 

  4. V. Atluri, S. Jajodia, and B. George. Multilevel Secure Transaction Processing. Kluwer Academic Publishers, 1999.

    Google Scholar 

  5. Vijayalakshmi Atluri, Soon Ae Chun, and Pietro Mazzoleni. A Chinese wall security model for decentralized workflow systems. In Proceedings of the 8th ACM conference on Computer and Communications Security, pages 48–57. ACM Press, 2001.

    Google Scholar 

  6. D. Barbara, R. Goel, and S. Jajodia. Using checksums to detect data corruption. In Proceedings of the 2000 International Conference on Extending Data Base Technology, Mar 2000.

    Google Scholar 

  7. Yi bing Lin and Edward D. Lazowska. A study of time warp rollback machanisms. ACM Transactions on Modeling and Computer Simulations, 1(1):51–72, January 1991.

    Article  MATH  Google Scholar 

  8. Qiming Chen and Umeshwar Dayal. Failure handling for transaction hierarchies. In Alex Gray and Per-RAke Larson, editors, Proceedings of the Thirteenth International Conference on Data Engineering, April 7–11, 1997 Birmingham U.K, pages 245–254. IEEE Computer Society, 1997.

    Google Scholar 

  9. Tzi cker Chiueh and Dhruv Pilania. Design, implementation, and evaluation of a repairable database management system. In International Conference on Data Engineering, pages 1024–1035, 2005.

    Google Scholar 

  10. D. E. Denning. An intrusion-detection model. IEEE Trans. on Software Engineering, SE-13:222–232, February 1987.

    Google Scholar 

  11. Johann Eder and Walter Liebhart. Workflow recovery. In Conference on Cooperative Information Systems, pages 124–134, 1996.

    Google Scholar 

  12. E. N. (Mootaz) Elnozahy, Lorenzo Alvisi, Yi min Wang, and David B. Johnson. A survey of rollback-recovery protocols in message-passing systems. ACM Computing Surveys, 34(3):375–408, September 2002.

    Article  Google Scholar 

  13. Gregory R. Ganger, Pradeep K. Khosla, Mehmet Bakkaloglu, Michael W. Bigrigg, Garth R. Goodson, Semih Oguz, Vijay Pandurangan, Craig A. N. Soules, John D. Strunk, and Jay J. Wylie. Survivable storage systems. In DARPA Information Survivability Conference and Exposition, volume 2, pages 184–195, Anaheim, CA, 12–14 June 2001. IEEE.

    Article  Google Scholar 

  14. R. Graubart, L. Schlipper, and C. McCollum. Defending database management systems against information warfare attacks. Technical report, The MITRE Corporation, 1996.

    Google Scholar 

  15. J. Gray and A. Reuter. Transaction Processing: Concepts and Techniques. Morgan Kaufmann Publishers, Inc., 1993.

    Google Scholar 

  16. P. P. Griffiths and B. W. Wade. An Authorization Mechanism for a Relational Database System. ACM Transactions on Database Systems, 1(3):242–255, September 1976.

    Article  Google Scholar 

  17. P. Helman and G. Liepins. Statistical foundations of audit trail analysis for the detection of computer misuse. IEEE Transactions on Software Engineering, 19(9):886–901, 1993.

    Article  Google Scholar 

  18. K. Ilgun, R.A. Kemmerer, and P.A. Porras. State transition analysis: A rule-based intrusion detection approach. IEEE Transactions on Software Engineering, 21(3): 181–199, 1995.

    Article  Google Scholar 

  19. R. Jagannathan and T. Lunt. System design document: Next generation intrusion detection expert system (nides). Technical report, SRI International, Menlo Park, California, 1993.

    Google Scholar 

  20. S. Jajodia, P. Samarati, M. L. Sapino, and V. S. Subrahmanian. Flexible support for multiple access control policies. ACM Trans. Database Syst., 26(2):214–260, 2001.

    Article  MATH  Google Scholar 

  21. H. S. Javitz and A. Valdes. The sri ides statistical anomaly detector. In Proceedings IEEE Computer Society Symposium on Security and Privacy, Oakland, CA, May 1991.

    Google Scholar 

  22. David R. Jefferson. Virtual time. ACM Transaction on Programming Languages and Systems, 7(3):404–425, July 1985.

    Article  MathSciNet  Google Scholar 

  23. J. Knight, K. Sullivan, M. Elder, and C. Wang. Survivability architectures: Issues and approaches. In Proceedings of the 2000 DARPA Information Survivability Conference & Exposition, pages 157–171, CA, June 2000.

    Google Scholar 

  24. Dirk P. Kroese and Victor F. Nicola. Efficient simulation of a tandem jackson network. ACM Transactions on Modeling and Computer Simulation, 12(2): 119–141, April 2002.

    Article  Google Scholar 

  25. T. Lane and C.E. Brodley. Temporal sequence learning and data reduction for anomaly detection. In Proc. 5th ACM Conference on Computer and Communications Security, San Francisco, CA, Nov 1998.

    Google Scholar 

  26. Wenke Lee, Sal Stolfo, and Kui Mok. A data mining framework for building intrusion detection models. In Proc. 1999 IEEE Symposium on Security and Privacy, Oakland, CA, May 1999.

    Google Scholar 

  27. Wenke Lee and Salvatore J. Stolfo. A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security, 3(4):227–261, 2000.

    Article  Google Scholar 

  28. Jun-Lin Lin and Margaret H. Dunham. A survey of distributed database checkpointing. Distributed and Parallel Databases, 5(3):289–319, 1997.

    Article  Google Scholar 

  29. Jun-Lin Lin and Margaret H. Dunham. A low-cost checkpointing technique for distributed databases. Distributed and Parallel Databases, 10(3):241–268, 2001.

    Article  Google Scholar 

  30. P. Liu. Dais: A real-time data attack isolation system for commercial database applications. In Proceedings of the 17th Annual Computer Security Applications Conference, 2001.

    Google Scholar 

  31. P. Liu, P. Ammann, and S. Jajodia. Rewriting histories: Recovery from malicious transactions. Distributed and Parallel Databases, 8(1):7–40, 2000.

    Article  Google Scholar 

  32. P. Liu and S. Jajodia. Multi-phase damage confinement in database systems for intrusion tolerance. In Proc. 14th IEEE Computer Security Foundations Workshop, Nova Scotia, Canada, June 2001.

    Google Scholar 

  33. P. Liu, S. Jajodia, and CD. McCollum. Intrusion confinement by isolation in information systems. Journal of Computer Security, 8(4):243–279, 2000.

    Google Scholar 

  34. P. Liu and Y. Wang. The design and implementation of a multiphase database damage confinement system. In Proceedings of the 2002 IFIP WG 11.3 Working Conference on Data and Application Security, 2002.

    Google Scholar 

  35. P. Luenam and P. Liu. Odar: An on-the-fly damage assessment and repair system for commercial database applications. In Proceedings of the 2001 IFIP WG 11.3 Working Conference on Database and Application Security, 2001.

    Google Scholar 

  36. P. Luenam and P. Liu. The design of an adaptive intrusion tolerant database system. In Proc. IEEE Workshop on Intrusion Tolerant Systems, 2002.

    Google Scholar 

  37. T. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, C. Jalali, H. S. Javitz, A. Valdes, P. G. Neumann, and T. D. Garvey. A real time intrusion detection expert system (ides). Technical report, SRI International, Menlo Park, California, 1992.

    Google Scholar 

  38. Teresa Lunt and Catherine McCollum. Intrusion detection and response research at DARPA. Technical report, The MITRE Corporation, McLean, VA, 1998.

    Google Scholar 

  39. T.F. Lunt. A Survey of Intrusion Detection Techniques. Computers & Security, 12(4):405–418, June 1993.

    Article  Google Scholar 

  40. N. Lynch, M. Merritt, W. Weihl, and A. Fekete. Atomic Transactions. Morgan Kaufmann, 1994.

    Google Scholar 

  41. J. McDermott and D. Goldschlag. Storage jamming. In D.L. Spooner, S.A. Demurjian, and J.E. Dobson, editors, Database Security IX: Status and Prospects, pages 365–381. Chapman & Hall, London, 1996.

    Google Scholar 

  42. J. McDermott and D. Goldschlag. Towards a model of storage jamming. In Proceedings of the IEEE Computer Security Foundations Workshop, pages 176–185, Kenmare, Ireland, June 1996.

    Google Scholar 

  43. D. Medhi and D. Tipper. Multi-layered network survivability — models, analysis, architecture, framework and implementation: An overview. In Proceedings of the 2000 DARPA Information Survivability Conference & Exposition, pages 173–186, CA, June 2000.

    Google Scholar 

  44. J. Eliot B. Moss. Nested Transactions: An Approach to Reliable Distributed Computing. The MIT Press, 1985.

    Google Scholar 

  45. B. Mukherjee, L. T. Heberlein, and K.N. Levitt. Network intrusion detection. IEEE Network, pages 26–41, June 1994.

    Google Scholar 

  46. Brajendra Panda and Kazi Asharful Haque. Extended data dependency approach: a robust way of rebuilding database. In SAC’ 02: Proceedings of the 2002 ACM symposium on Applied computing, pages 446–452, New York, NY, USA, 2002. ACM Press.

    Google Scholar 

  47. C. Pu, G. Kaiser, and N. Hutchinson. Split transactions for open-ended activities. In Proceedings of the International Conference on Very Large Databases, August 1988.

    Google Scholar 

  48. F. Rabitti, E. Bertino, W. Kim, and D. Woelk. A model of authorization for next-generation database systems. ACM Transactions on Database Systems, 16(1):88–131, 1994.

    Article  Google Scholar 

  49. Robin A. Sahner, Kishor S. Trivedi, and Antonio Puliafito. Performance and Reliability Analysis of Computer Systems. Kluwer Academic Publishers, Norwell, Massachusetts, USA, 1996.

    MATH  Google Scholar 

  50. R. Sandhu and F. Chen. The multilevel relational (mlr) data model. ACM Transactions on Information and Systems Security, 1(1), 1998.

    Google Scholar 

  51. S.-P. Shieh and V.D. Gligor. On a pattern-oriented model for intrusion detection. IEEE Transactions on Knowledge and Data Engineering, 9(4):661–667, 1997.

    Article  Google Scholar 

  52. V. Stavridou. Intrusion tolerant software architectures. In Proceedings of the 2001 DARPA Information Survivability Conference & Exposition, CA, June 2001.

    Google Scholar 

  53. John D. Strunk, Garth R. Goodson, Michael L. Scheinholtz, Craig A. N. Soules, and Gregory R. Ganger. Self-securing storage: Protecting data in compromised systems. In Operating Systems Design and Implementation, pages 165–180, San Diego, CA, 23–25 October 2000. USENIX Association.

    Google Scholar 

  54. Jian Tang and San-Yih Hwang. A scheme to specify and implement ad-hoc recovery in workflow systems. Lecture Notes in Computer Science, 1377:484–498, 1998.

    Article  Google Scholar 

  55. Henk C. Tijms. Stochastic Models. Wiley series in probability and mathematical statistics. John Wiley & Son, New York, NY, USA, 1994.

    MATH  Google Scholar 

  56. M. Winslett, K. Smith, and X. Qian. Formal query languages for secure relational databases. ACM Transactions on Database Systems, 19(4):626–662, 1994.

    Article  Google Scholar 

  57. Jay J. Wylie, Mehmet Bakkaloglu, Vijay Pandurangan, Michael W. Bigrigg, Semih Oguz, Ken Tew, Cory Williams, Gregory R. Ganger, and Pradeep K. Khosla. Selecting the right data distribution scheme for a survivable storage system. Technical Report CMU-CS-01-120, Carnegie Mellon University, 2001.

    Google Scholar 

  58. Jay J. Wylie, Michael W. Bigrigg, John D. Strunk, Gregory R. Ganger, Han Kiliccote, and Pradeep K. Khosla. Survivable information storage systems. IEEE Computer, 33(8):61–68, August 2000.

    Google Scholar 

  59. Meng Yu, Peng Liu, and Wanyu Zang. Intrusion masking for distributed atomic operations. In The 18th IFIP International Information Security Conference, pages 229–240, Athens Chamber of Commerce and Industry, Greece, 26–28 May 2003. IFIP Technical Committee 11, Kluwer Academic Publishers.

    Google Scholar 

  60. Meng Yu, Peng Liu, and Wanyu Zang. Self-healing workflow systems under attacks. In The 24th International Conference on Distributed Computing Systems(ICDCS’04), pages 418–425, 2004.

    Google Scholar 

  61. Meng Yu, Peng Liu, and Wanyu Zang. Multi-version based attack recovery of workflow. In The 19th Annual Computer Security Applications Conference, pages 142–151, Dec. 2003.

    Google Scholar 

  62. Jing Zhou, Brajendra Panda, and Yi Hu. Succinct and fast accessible data structures for database damage assessment. In Distributed Computing and Internet Technology, pages 420–429, 2004.

    Google Scholar 

  63. Yanjun Zuo and Brajendra Panda. Damage discovery in distributed database systems. In Database Security, pages 111–123, 2004.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Monmouth University, Monmouth

    Meng Yu

  2. School of Information Sciences and Technology, The Pennsylvania State University, USA

    Peng Liu & Wanyu Zang

  3. Center for Secure Information Systems, George Mason University, USA

    Sushil Jajodia

Authors
  1. Meng Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Peng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wanyu Zang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sushil Jajodia
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. Computer Science, North Carolina State University, 3254 EB II, Raleigh, NC, 27695

    Ting Yu

  2. Center for Secure Information Systems, George Mason University, 4400 University Drive, Fairfax, VA, 22030-4444

    Sushil Jajodia

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer Science+Business Media, LLC

About this chapter

Cite this chapter

Yu, M., Liu, P., Zang, W., Jajodia, S. (2007). Trusted Recovery. In: Yu, T., Jajodia, S. (eds) Secure Data Management in Decentralized Systems. Advances in Information Security, vol 33. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-27696-0_3

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-27696-0_3

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-27694-6

  • Online ISBN: 978-0-387-27696-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation