Abstract
Database security concerns the confidentiality, integrity, and availability of data stored in a database. A broad span of research from access control [16],[20],[48], to inference control [1], to multilevel secure databases [50],[56], and to multilevel secure transaction processing [4], addresses primarily how to protect the security of a database, especially its confidentiality. However, very limited research has been done on how to survive successful database attacks, which can seriously impair the integrity and availability of a database. Experience with data-intensive applications such as credit card billing, banking, air traffic control, logistics management, inventory tracking, and online stock trading, has shown that a variety of attacks do succeed to fool traditional database protection mechanisms. In fact, we must recognize that not all attacks — even obvious ones — can be averted at their outset. Attacks that succeed, to some degree at least, are unavoidable. With cyber attacks on data- intensive Internet applications, i.e., e-commerce systems, becoming an ever more serious threat to our economy, society, and everyday lives, attack resilient database systems that can survive malicious attacks are a significant concern.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
M. R. Adam. Security-Control Methods for Statistical Database: A Comparative Study. ACM Computing Surveys, 21(4), 1989.
P. Ammann, S. Jajodia, and P. Liu. Recovery from malicious transactions. IEEE Transaction on Knowledge and Data Engineering, 14(5):1167–1185, 2002.
P. Ammann, S. Jajodia, C.D. McCollum, and B.T. Blaustein. Surviving information warfare attacks on databases. In Proceedings of the IEEE Symposium on Security and Privacy, pages 164–174, Oakland, CA, May 1997.
V. Atluri, S. Jajodia, and B. George. Multilevel Secure Transaction Processing. Kluwer Academic Publishers, 1999.
Vijayalakshmi Atluri, Soon Ae Chun, and Pietro Mazzoleni. A Chinese wall security model for decentralized workflow systems. In Proceedings of the 8th ACM conference on Computer and Communications Security, pages 48–57. ACM Press, 2001.
D. Barbara, R. Goel, and S. Jajodia. Using checksums to detect data corruption. In Proceedings of the 2000 International Conference on Extending Data Base Technology, Mar 2000.
Yi bing Lin and Edward D. Lazowska. A study of time warp rollback machanisms. ACM Transactions on Modeling and Computer Simulations, 1(1):51–72, January 1991.
Qiming Chen and Umeshwar Dayal. Failure handling for transaction hierarchies. In Alex Gray and Per-RAke Larson, editors, Proceedings of the Thirteenth International Conference on Data Engineering, April 7–11, 1997 Birmingham U.K, pages 245–254. IEEE Computer Society, 1997.
Tzi cker Chiueh and Dhruv Pilania. Design, implementation, and evaluation of a repairable database management system. In International Conference on Data Engineering, pages 1024–1035, 2005.
D. E. Denning. An intrusion-detection model. IEEE Trans. on Software Engineering, SE-13:222–232, February 1987.
Johann Eder and Walter Liebhart. Workflow recovery. In Conference on Cooperative Information Systems, pages 124–134, 1996.
E. N. (Mootaz) Elnozahy, Lorenzo Alvisi, Yi min Wang, and David B. Johnson. A survey of rollback-recovery protocols in message-passing systems. ACM Computing Surveys, 34(3):375–408, September 2002.
Gregory R. Ganger, Pradeep K. Khosla, Mehmet Bakkaloglu, Michael W. Bigrigg, Garth R. Goodson, Semih Oguz, Vijay Pandurangan, Craig A. N. Soules, John D. Strunk, and Jay J. Wylie. Survivable storage systems. In DARPA Information Survivability Conference and Exposition, volume 2, pages 184–195, Anaheim, CA, 12–14 June 2001. IEEE.
R. Graubart, L. Schlipper, and C. McCollum. Defending database management systems against information warfare attacks. Technical report, The MITRE Corporation, 1996.
J. Gray and A. Reuter. Transaction Processing: Concepts and Techniques. Morgan Kaufmann Publishers, Inc., 1993.
P. P. Griffiths and B. W. Wade. An Authorization Mechanism for a Relational Database System. ACM Transactions on Database Systems, 1(3):242–255, September 1976.
P. Helman and G. Liepins. Statistical foundations of audit trail analysis for the detection of computer misuse. IEEE Transactions on Software Engineering, 19(9):886–901, 1993.
K. Ilgun, R.A. Kemmerer, and P.A. Porras. State transition analysis: A rule-based intrusion detection approach. IEEE Transactions on Software Engineering, 21(3): 181–199, 1995.
R. Jagannathan and T. Lunt. System design document: Next generation intrusion detection expert system (nides). Technical report, SRI International, Menlo Park, California, 1993.
S. Jajodia, P. Samarati, M. L. Sapino, and V. S. Subrahmanian. Flexible support for multiple access control policies. ACM Trans. Database Syst., 26(2):214–260, 2001.
H. S. Javitz and A. Valdes. The sri ides statistical anomaly detector. In Proceedings IEEE Computer Society Symposium on Security and Privacy, Oakland, CA, May 1991.
David R. Jefferson. Virtual time. ACM Transaction on Programming Languages and Systems, 7(3):404–425, July 1985.
J. Knight, K. Sullivan, M. Elder, and C. Wang. Survivability architectures: Issues and approaches. In Proceedings of the 2000 DARPA Information Survivability Conference & Exposition, pages 157–171, CA, June 2000.
Dirk P. Kroese and Victor F. Nicola. Efficient simulation of a tandem jackson network. ACM Transactions on Modeling and Computer Simulation, 12(2): 119–141, April 2002.
T. Lane and C.E. Brodley. Temporal sequence learning and data reduction for anomaly detection. In Proc. 5th ACM Conference on Computer and Communications Security, San Francisco, CA, Nov 1998.
Wenke Lee, Sal Stolfo, and Kui Mok. A data mining framework for building intrusion detection models. In Proc. 1999 IEEE Symposium on Security and Privacy, Oakland, CA, May 1999.
Wenke Lee and Salvatore J. Stolfo. A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security, 3(4):227–261, 2000.
Jun-Lin Lin and Margaret H. Dunham. A survey of distributed database checkpointing. Distributed and Parallel Databases, 5(3):289–319, 1997.
Jun-Lin Lin and Margaret H. Dunham. A low-cost checkpointing technique for distributed databases. Distributed and Parallel Databases, 10(3):241–268, 2001.
P. Liu. Dais: A real-time data attack isolation system for commercial database applications. In Proceedings of the 17th Annual Computer Security Applications Conference, 2001.
P. Liu, P. Ammann, and S. Jajodia. Rewriting histories: Recovery from malicious transactions. Distributed and Parallel Databases, 8(1):7–40, 2000.
P. Liu and S. Jajodia. Multi-phase damage confinement in database systems for intrusion tolerance. In Proc. 14th IEEE Computer Security Foundations Workshop, Nova Scotia, Canada, June 2001.
P. Liu, S. Jajodia, and CD. McCollum. Intrusion confinement by isolation in information systems. Journal of Computer Security, 8(4):243–279, 2000.
P. Liu and Y. Wang. The design and implementation of a multiphase database damage confinement system. In Proceedings of the 2002 IFIP WG 11.3 Working Conference on Data and Application Security, 2002.
P. Luenam and P. Liu. Odar: An on-the-fly damage assessment and repair system for commercial database applications. In Proceedings of the 2001 IFIP WG 11.3 Working Conference on Database and Application Security, 2001.
P. Luenam and P. Liu. The design of an adaptive intrusion tolerant database system. In Proc. IEEE Workshop on Intrusion Tolerant Systems, 2002.
T. Lunt, A. Tamaru, F. Gilham, R. Jagannathan, C. Jalali, H. S. Javitz, A. Valdes, P. G. Neumann, and T. D. Garvey. A real time intrusion detection expert system (ides). Technical report, SRI International, Menlo Park, California, 1992.
Teresa Lunt and Catherine McCollum. Intrusion detection and response research at DARPA. Technical report, The MITRE Corporation, McLean, VA, 1998.
T.F. Lunt. A Survey of Intrusion Detection Techniques. Computers & Security, 12(4):405–418, June 1993.
N. Lynch, M. Merritt, W. Weihl, and A. Fekete. Atomic Transactions. Morgan Kaufmann, 1994.
J. McDermott and D. Goldschlag. Storage jamming. In D.L. Spooner, S.A. Demurjian, and J.E. Dobson, editors, Database Security IX: Status and Prospects, pages 365–381. Chapman & Hall, London, 1996.
J. McDermott and D. Goldschlag. Towards a model of storage jamming. In Proceedings of the IEEE Computer Security Foundations Workshop, pages 176–185, Kenmare, Ireland, June 1996.
D. Medhi and D. Tipper. Multi-layered network survivability — models, analysis, architecture, framework and implementation: An overview. In Proceedings of the 2000 DARPA Information Survivability Conference & Exposition, pages 173–186, CA, June 2000.
J. Eliot B. Moss. Nested Transactions: An Approach to Reliable Distributed Computing. The MIT Press, 1985.
B. Mukherjee, L. T. Heberlein, and K.N. Levitt. Network intrusion detection. IEEE Network, pages 26–41, June 1994.
Brajendra Panda and Kazi Asharful Haque. Extended data dependency approach: a robust way of rebuilding database. In SAC’ 02: Proceedings of the 2002 ACM symposium on Applied computing, pages 446–452, New York, NY, USA, 2002. ACM Press.
C. Pu, G. Kaiser, and N. Hutchinson. Split transactions for open-ended activities. In Proceedings of the International Conference on Very Large Databases, August 1988.
F. Rabitti, E. Bertino, W. Kim, and D. Woelk. A model of authorization for next-generation database systems. ACM Transactions on Database Systems, 16(1):88–131, 1994.
Robin A. Sahner, Kishor S. Trivedi, and Antonio Puliafito. Performance and Reliability Analysis of Computer Systems. Kluwer Academic Publishers, Norwell, Massachusetts, USA, 1996.
R. Sandhu and F. Chen. The multilevel relational (mlr) data model. ACM Transactions on Information and Systems Security, 1(1), 1998.
S.-P. Shieh and V.D. Gligor. On a pattern-oriented model for intrusion detection. IEEE Transactions on Knowledge and Data Engineering, 9(4):661–667, 1997.
V. Stavridou. Intrusion tolerant software architectures. In Proceedings of the 2001 DARPA Information Survivability Conference & Exposition, CA, June 2001.
John D. Strunk, Garth R. Goodson, Michael L. Scheinholtz, Craig A. N. Soules, and Gregory R. Ganger. Self-securing storage: Protecting data in compromised systems. In Operating Systems Design and Implementation, pages 165–180, San Diego, CA, 23–25 October 2000. USENIX Association.
Jian Tang and San-Yih Hwang. A scheme to specify and implement ad-hoc recovery in workflow systems. Lecture Notes in Computer Science, 1377:484–498, 1998.
Henk C. Tijms. Stochastic Models. Wiley series in probability and mathematical statistics. John Wiley & Son, New York, NY, USA, 1994.
M. Winslett, K. Smith, and X. Qian. Formal query languages for secure relational databases. ACM Transactions on Database Systems, 19(4):626–662, 1994.
Jay J. Wylie, Mehmet Bakkaloglu, Vijay Pandurangan, Michael W. Bigrigg, Semih Oguz, Ken Tew, Cory Williams, Gregory R. Ganger, and Pradeep K. Khosla. Selecting the right data distribution scheme for a survivable storage system. Technical Report CMU-CS-01-120, Carnegie Mellon University, 2001.
Jay J. Wylie, Michael W. Bigrigg, John D. Strunk, Gregory R. Ganger, Han Kiliccote, and Pradeep K. Khosla. Survivable information storage systems. IEEE Computer, 33(8):61–68, August 2000.
Meng Yu, Peng Liu, and Wanyu Zang. Intrusion masking for distributed atomic operations. In The 18th IFIP International Information Security Conference, pages 229–240, Athens Chamber of Commerce and Industry, Greece, 26–28 May 2003. IFIP Technical Committee 11, Kluwer Academic Publishers.
Meng Yu, Peng Liu, and Wanyu Zang. Self-healing workflow systems under attacks. In The 24th International Conference on Distributed Computing Systems(ICDCS’04), pages 418–425, 2004.
Meng Yu, Peng Liu, and Wanyu Zang. Multi-version based attack recovery of workflow. In The 19th Annual Computer Security Applications Conference, pages 142–151, Dec. 2003.
Jing Zhou, Brajendra Panda, and Yi Hu. Succinct and fast accessible data structures for database damage assessment. In Distributed Computing and Internet Technology, pages 420–429, 2004.
Yanjun Zuo and Brajendra Panda. Damage discovery in distributed database systems. In Database Security, pages 111–123, 2004.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Yu, M., Liu, P., Zang, W., Jajodia, S. (2007). Trusted Recovery. In: Yu, T., Jajodia, S. (eds) Secure Data Management in Decentralized Systems. Advances in Information Security, vol 33. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-27696-0_3
Download citation
DOI: https://doi.org/10.1007/978-0-387-27696-0_3
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-27694-6
Online ISBN: 978-0-387-27696-0
eBook Packages: Computer ScienceComputer Science (R0)