ABSTRACT
The ubiquity of database systems and the emergence of new and different threats require multiple and overlapping security mechanisms. Providing multiple and diverse database intrusion detection and prevention systems (IDPS) is a critical component of the defense-in-depth strategy for DB information systems. However, providing this level of security can greatly impact a system's QoS requirements. It would then be advantageous to use the combination of IDPSs that best meets the security and QoS concerns of the system stakeholders for each workload intensity level. Due to the dynamic variability of the workload intensity, it is not feasible for human beings to continuously reconfigure the system. We offer an autonomic computing approach for a self-protecting and self-optimizing database system environment that captures dynamic and fine-grained tradeoffs between security and QoS. The approach uses a multi-objective utility function that considers security overhead, perceived risk level, and high level stakeholder objectives. We describe the implementation of an autonomic controller that uses combinatorial search techniques and queuing network models to dynamically search for a near-optimal security configuration. We validate our approach experimentally on a TPC-W e-commerce site and show that our approach balances QoS and security goals.
- Apache tomcat. http://jmeter.apache.org/index.html.Google Scholar
- Greensql. http://www.greensql.net/.Google Scholar
- Intel performance counter monitor. http://software.intel.com.Google Scholar
- JAMon(java application monitor) - a monitoring api. http://jamonapi.sourceforge.net/.Google Scholar
- JETM java execution time measurement library. http://jetm.void.fm/.Google Scholar
- MySQL. http://www.mysql.com/.Google Scholar
- Oracle database firewall. http://www.oracle.com.Google Scholar
- Windows performance toolkit (WPT). http://msdn.microsoft.com/en-us/performance.Google Scholar
- S. Abdelwahed, N. Kandasamy, and S. Neema. Online control for self-management in computing systems. In Real-Time and Embedded Technology and Applications Symposium, 2004. Proceedings. RTAS 2004. 10th IEEE, pages 368--375. IEEE, 2004. Google ScholarDigital Library
- F. Alomari and D. Menascé. Efficient response time approximations for multiclass fork and join queues in open and closed queuing networks. Parallel and Distributed Systems, IEEE Tr. on, 2013.Google Scholar
- F. Alomari and D. A. Menascé. An autonomic framework for integrating security and quality of service support in databases. In Software Security and Reliability (SERE), 2012 IEEE Sixth Intl. Conf., pages 51--60. IEEE, 2012. Google ScholarDigital Library
- P. Ammann, S. Jajodia, and P. Liu. Recovery from malicious transactions. Knowledge and Data Engineering, IEEE Tr., 14(5):1167--1185, Oct. 2002. Google ScholarDigital Library
- M. Bennani and D. Menascé. Resource allocation for autonomic data centers using analytic performance models. In Autonomic Computing, 2005. ICAC 2005. Proc. 2nd Intl. Conf., pages 229--240, June 2005. Google ScholarDigital Library
- E. Bertino, A. Kamra, E. Terzi, and A. Vakali. Intrusion detection in rbac-administered databases. In Proc. 21st Annual Computer Security Applications Conf., pages 170--182, Washington, DC, USA, 2005. IEEE Computer Society. Google ScholarDigital Library
- H. Boughton, P. Martin, W. Powley, and R. Horman. Workload class importance policy in autonomic database management systems. In Policies for Distributed Systems and Networks, 2006. Policy 2006. Seventh IEEE International Workshop on, pages 10--pp. IEEE, 2006. Google ScholarDigital Library
- H. W. Cain, R. Rajwar, M. Marden, and M. H. Lipasti. An architectural evaluation of java tpc-w. In High-Performance Computer Architecture(HPCA). The Seventh Intl. Symp., pages 229--240. IEEE, 2001. Google ScholarDigital Library
- G. Casale, N. Mi, L. Cherkasova, and E. Smirni. Dealing with burstiness in multi-tier applications: Models and their parameterization. Software Engineering, IEEE Tr. on, 38(5):1040--1053, 2012. Google ScholarDigital Library
- C. Y. Chung, M. Gertz, and K. Levitt. Demids: a misuse detection system for database systems. pages 159--178, Norwell, MA, USA, 2000. Kluwer Academic Publishers. Google ScholarDigital Library
- D. L. Eager, D. J. Sorin, and M. K. Vernon. Amva techniques for high service time variability. In ACM SIGMETRICS Performance Evaluation Review, volume 28, pages 217--228. ACM, 2000. Google ScholarDigital Library
- A. Harel, A. Shabtai, L. Rokach, and Y. Elovici. M-score: estimating the potential damage of data leakage incident by assigning misuseability weight. In Proc. 2010 ACM Workshop on Insider Threats, Insider Threats '10, pages 13--20, New York, NY, USA, 2010. ACM. Google ScholarDigital Library
- S. Hariri, G. Qu, R. Modukuri, H. Chen, and M. Yousif. Quality-of-protection (QoP)-an online monitoring and self-protection mechanism. IEEE J. Selected Areas in Com., 23:1983--1993, 2005. Google ScholarDigital Library
- C. Irvine, T. Levin, E. Spyropoulou, and B. Allen. Security as a dimension of quality of service in active service environments. In Active Middleware Services, 2001. 3rd Annual Intl. Workshop on, pages 87--93, Aug 2001. Google ScholarDigital Library
- A. Kamra and E. Bertino. Survey of machine learning methods for database security. In Machine Learning in Cyber Trust, pages 53--71. Springer US, 2009.Google ScholarCross Ref
- J. Kephart and D. Chess. The vision of autonomic computing. Computer, 36(1):41--50, Jan. 2003. Google ScholarDigital Library
- W. Lee, J. Cabrera, A. Thomas, N. Balwalli, S. Saluja, and Y. Zhang. Performance adaptation in real-time intrusion detection systems. In Recent Advances in Intrusion Detection, pages 252--273. Springer, 2002. Google ScholarDigital Library
- S. Mathew, M. Petropoulos, H. Q. Ngo, and S. Upadhyaya. A data-centric approach to insider attack detection in database systems. In Proc. 13th Intl. Conf. Recent advances in Intrusion Detection, RAID'10, pages 382--401. Springer-Verlag, Berlin, Heidelberg, 2010. Google ScholarDigital Library
- D. Menascé, V. Almeida, and L. Dowdy. Performance by design: computer capacity planning by example. Prentice Hall PTR, Upper Saddle River, NJ, USA, 2004. Google ScholarDigital Library
- D. A. Menascé, V. A. F. Almeida, R. Fonseca, and M. A. Mendes. A methodology for workload characterization of e-commerce sites. In Proc. 1st ACM Conf. Electronic Commerce, EC '99, pages 119--128, New York, NY, USA, 1999. ACM. Google ScholarDigital Library
- J. S. Oh and S. H. Lee. Resource selection for autonomic database tuning. In Data Eng. Workshop, 2005. 21st Intl. Conf., page 1218, Apr 2005. Google ScholarDigital Library
- M. Parashar and S. Hariri. Autonomic computing: An overview. Unconventional Programming Paradigms, pages 97--97, 2005. Google ScholarDigital Library
- V. Rayward-Smith. Modern heuristic search methods. Wiley, Chichester, 1996.Google Scholar
- A. Roichman and E. Gudes. Diweda-detecting intrusions in web databases. pages 313--329. Springer, 2008. Google ScholarDigital Library
- A. Srivastava, S. Sural, and A. Majumdar. Weighted intra-transactional rule mining for database intrusion detection. pages 611--620. Springer, 2006. Google ScholarDigital Library
- T. Taleb, Y. Hadjadj Aoul, and A. Benslimane. Integrating security with QoS in next generation networks. pages 1--5. IEEE, 2010.Google Scholar
- J. W. Ulvila and J. E. Gaffney. Evaluation of intrusion detection systems. Journal of Reserach-NIST, 108(6):453--474, 2003.Google ScholarCross Ref
- A. van Hoorn, M. Rohr, and W. Hasselbring. Generating probabilistic and intensity-varying workload for web-based software systems. pages 124--143. Springer, 2008. Google ScholarDigital Library
- W. Walsh, G. Tesauro, J. Kephart, and R. Das. Utility functions in autonomic systems. In Autonomic Computing, 2004. Proc. Intl. Conf., pages 70--77, May 2004. Google ScholarDigital Library
- S. Wang, D. Agrawal, and A. El Abbadi. HengHa: data harvesting detection on hidden databases. page 59. ACM Press, 2010. Google ScholarDigital Library
Index Terms
- Self-protecting and self-optimizing database systems: implementation and experimental evaluation
Recommendations
Internal Self-protecting for Consistency and Stability in an Autonomic Manager
NCCA '11: Proceedings of the 2011 First International Symposium on Network Cloud Computing and ApplicationsIn this article we describe an approach for autonomic management of legacy software in distributed environments (cluster, grid or cloud). Our propositions have been implemented in a tool (TUNe) based on diagrams formalisms. We describe particularly the ...
Applying component-based design to self-protection of ubiquitous systems
SEPS '08: Proceedings of the 3rd ACM workshop on Software engineering for pervasive servicesUbiquitous environments both require strong and yet flexible protection, due to their highly dynamic character, and to the diversity of their security requirements. Autonomic security provides an elegant solution to the problem by applying the idea of ...
Self-Protecting Documents for Cloud Storage Security
TRUSTCOM '12: Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and CommunicationsInformation security is currently one of the most important issues in information systems. This concerns the confidentiality of information but also its integrity and availability. The problem becomes even more difficult when several companies are ...
Comments