research-article

Self-protecting and self-optimizing database systems: implementation and experimental evaluation

Authors:
Firas B. Alomari

George Mason University, Fairfax, VA

George Mason University, Fairfax, VA
View Profile

,
Daniel A. Menascé

George Mason University, Fairfax, VA

George Mason University, Fairfax, VA
View Profile

CAC '13: Proceedings of the 2013 ACM Cloud and Autonomic Computing ConferenceAugust 2013Article No.: 18Pages 1–10https://doi.org/10.1145/2494621.2494631

Published:09 August 2013Publication History

CAC '13: Proceedings of the 2013 ACM Cloud and Autonomic Computing Conference

Pages 1–10

ABSTRACT

The ubiquity of database systems and the emergence of new and different threats require multiple and overlapping security mechanisms. Providing multiple and diverse database intrusion detection and prevention systems (IDPS) is a critical component of the defense-in-depth strategy for DB information systems. However, providing this level of security can greatly impact a system's QoS requirements. It would then be advantageous to use the combination of IDPSs that best meets the security and QoS concerns of the system stakeholders for each workload intensity level. Due to the dynamic variability of the workload intensity, it is not feasible for human beings to continuously reconfigure the system. We offer an autonomic computing approach for a self-protecting and self-optimizing database system environment that captures dynamic and fine-grained tradeoffs between security and QoS. The approach uses a multi-objective utility function that considers security overhead, perceived risk level, and high level stakeholder objectives. We describe the implementation of an autonomic controller that uses combinatorial search techniques and queuing network models to dynamically search for a near-optimal security configuration. We validate our approach experimentally on a TPC-W e-commerce site and show that our approach balances QoS and security goals.

References

Apache tomcat. http://jmeter.apache.org/index.html.Google Scholar
Greensql. http://www.greensql.net/.Google Scholar
Intel performance counter monitor. http://software.intel.com.Google Scholar
JAMon(java application monitor) - a monitoring api. http://jamonapi.sourceforge.net/.Google Scholar
JETM java execution time measurement library. http://jetm.void.fm/.Google Scholar
MySQL. http://www.mysql.com/.Google Scholar
Oracle database firewall. http://www.oracle.com.Google Scholar
Windows performance toolkit (WPT). http://msdn.microsoft.com/en-us/performance.Google Scholar
S. Abdelwahed, N. Kandasamy, and S. Neema. Online control for self-management in computing systems. In Real-Time and Embedded Technology and Applications Symposium, 2004. Proceedings. RTAS 2004. 10th IEEE, pages 368--375. IEEE, 2004. Google ScholarDigital Library
F. Alomari and D. Menascé. Efficient response time approximations for multiclass fork and join queues in open and closed queuing networks. Parallel and Distributed Systems, IEEE Tr. on, 2013.Google Scholar
F. Alomari and D. A. Menascé. An autonomic framework for integrating security and quality of service support in databases. In Software Security and Reliability (SERE), 2012 IEEE Sixth Intl. Conf., pages 51--60. IEEE, 2012. Google ScholarDigital Library
P. Ammann, S. Jajodia, and P. Liu. Recovery from malicious transactions. Knowledge and Data Engineering, IEEE Tr., 14(5):1167--1185, Oct. 2002. Google ScholarDigital Library
M. Bennani and D. Menascé. Resource allocation for autonomic data centers using analytic performance models. In Autonomic Computing, 2005. ICAC 2005. Proc. 2nd Intl. Conf., pages 229--240, June 2005. Google ScholarDigital Library
E. Bertino, A. Kamra, E. Terzi, and A. Vakali. Intrusion detection in rbac-administered databases. In Proc. 21st Annual Computer Security Applications Conf., pages 170--182, Washington, DC, USA, 2005. IEEE Computer Society. Google ScholarDigital Library
H. Boughton, P. Martin, W. Powley, and R. Horman. Workload class importance policy in autonomic database management systems. In Policies for Distributed Systems and Networks, 2006. Policy 2006. Seventh IEEE International Workshop on, pages 10--pp. IEEE, 2006. Google ScholarDigital Library
H. W. Cain, R. Rajwar, M. Marden, and M. H. Lipasti. An architectural evaluation of java tpc-w. In High-Performance Computer Architecture(HPCA). The Seventh Intl. Symp., pages 229--240. IEEE, 2001. Google ScholarDigital Library
G. Casale, N. Mi, L. Cherkasova, and E. Smirni. Dealing with burstiness in multi-tier applications: Models and their parameterization. Software Engineering, IEEE Tr. on, 38(5):1040--1053, 2012. Google ScholarDigital Library
C. Y. Chung, M. Gertz, and K. Levitt. Demids: a misuse detection system for database systems. pages 159--178, Norwell, MA, USA, 2000. Kluwer Academic Publishers. Google ScholarDigital Library
D. L. Eager, D. J. Sorin, and M. K. Vernon. Amva techniques for high service time variability. In ACM SIGMETRICS Performance Evaluation Review, volume 28, pages 217--228. ACM, 2000. Google ScholarDigital Library
A. Harel, A. Shabtai, L. Rokach, and Y. Elovici. M-score: estimating the potential damage of data leakage incident by assigning misuseability weight. In Proc. 2010 ACM Workshop on Insider Threats, Insider Threats '10, pages 13--20, New York, NY, USA, 2010. ACM. Google ScholarDigital Library
S. Hariri, G. Qu, R. Modukuri, H. Chen, and M. Yousif. Quality-of-protection (QoP)-an online monitoring and self-protection mechanism. IEEE J. Selected Areas in Com., 23:1983--1993, 2005. Google ScholarDigital Library
C. Irvine, T. Levin, E. Spyropoulou, and B. Allen. Security as a dimension of quality of service in active service environments. In Active Middleware Services, 2001. 3rd Annual Intl. Workshop on, pages 87--93, Aug 2001. Google ScholarDigital Library
A. Kamra and E. Bertino. Survey of machine learning methods for database security. In Machine Learning in Cyber Trust, pages 53--71. Springer US, 2009.Google ScholarCross Ref
J. Kephart and D. Chess. The vision of autonomic computing. Computer, 36(1):41--50, Jan. 2003. Google ScholarDigital Library
W. Lee, J. Cabrera, A. Thomas, N. Balwalli, S. Saluja, and Y. Zhang. Performance adaptation in real-time intrusion detection systems. In Recent Advances in Intrusion Detection, pages 252--273. Springer, 2002. Google ScholarDigital Library
S. Mathew, M. Petropoulos, H. Q. Ngo, and S. Upadhyaya. A data-centric approach to insider attack detection in database systems. In Proc. 13th Intl. Conf. Recent advances in Intrusion Detection, RAID'10, pages 382--401. Springer-Verlag, Berlin, Heidelberg, 2010. Google ScholarDigital Library
D. Menascé, V. Almeida, and L. Dowdy. Performance by design: computer capacity planning by example. Prentice Hall PTR, Upper Saddle River, NJ, USA, 2004. Google ScholarDigital Library
D. A. Menascé, V. A. F. Almeida, R. Fonseca, and M. A. Mendes. A methodology for workload characterization of e-commerce sites. In Proc. 1st ACM Conf. Electronic Commerce, EC '99, pages 119--128, New York, NY, USA, 1999. ACM. Google ScholarDigital Library
J. S. Oh and S. H. Lee. Resource selection for autonomic database tuning. In Data Eng. Workshop, 2005. 21st Intl. Conf., page 1218, Apr 2005. Google ScholarDigital Library
M. Parashar and S. Hariri. Autonomic computing: An overview. Unconventional Programming Paradigms, pages 97--97, 2005. Google ScholarDigital Library
V. Rayward-Smith. Modern heuristic search methods. Wiley, Chichester, 1996.Google Scholar
A. Roichman and E. Gudes. Diweda-detecting intrusions in web databases. pages 313--329. Springer, 2008. Google ScholarDigital Library
A. Srivastava, S. Sural, and A. Majumdar. Weighted intra-transactional rule mining for database intrusion detection. pages 611--620. Springer, 2006. Google ScholarDigital Library
T. Taleb, Y. Hadjadj Aoul, and A. Benslimane. Integrating security with QoS in next generation networks. pages 1--5. IEEE, 2010.Google Scholar
J. W. Ulvila and J. E. Gaffney. Evaluation of intrusion detection systems. Journal of Reserach-NIST, 108(6):453--474, 2003.Google ScholarCross Ref
A. van Hoorn, M. Rohr, and W. Hasselbring. Generating probabilistic and intensity-varying workload for web-based software systems. pages 124--143. Springer, 2008. Google ScholarDigital Library
W. Walsh, G. Tesauro, J. Kephart, and R. Das. Utility functions in autonomic systems. In Autonomic Computing, 2004. Proc. Intl. Conf., pages 70--77, May 2004. Google ScholarDigital Library
S. Wang, D. Agrawal, and A. El Abbadi. HengHa: data harvesting detection on hidden databases. page 59. ACM Press, 2010. Google ScholarDigital Library

Index Terms

Self-protecting and self-optimizing database systems: implementation and experimental evaluation
1. Information systems
  1. Data management systems

Recommendations

Internal Self-protecting for Consistency and Stability in an Autonomic Manager
NCCA '11: Proceedings of the 2011 First International Symposium on Network Cloud Computing and Applications

In this article we describe an approach for autonomic management of legacy software in distributed environments (cluster, grid or cloud). Our propositions have been implemented in a tool (TUNe) based on diagrams formalisms. We describe particularly the ...
Read More
Applying component-based design to self-protection of ubiquitous systems
SEPS '08: Proceedings of the 3rd ACM workshop on Software engineering for pervasive services

Ubiquitous environments both require strong and yet flexible protection, due to their highly dynamic character, and to the diversity of their security requirements. Autonomic security provides an elegant solution to the problem by applying the idea of ...
Read More
Self-Protecting Documents for Cloud Storage Security
TRUSTCOM '12: Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications

Information security is currently one of the most important issues in information systems. This concerns the confidentiality of information but also its integrity and availability. The problem becomes even more difficult when several companies are ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CAC '13: Proceedings of the 2013 ACM Cloud and Autonomic Computing Conference
August 2013
247 pages
ISBN:9781450321723
DOI:10.1145/2494621
General Chair:
Salim Hariri
University of Arizona
,
Program Chair:
Alan Sill
Texas Tech University
Copyright © 2013 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 9 August 2013
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 3
  Total Citations
  View Citations
- 281
  Total Downloads
- Downloads (Last 12 months)9
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Self-protecting and self-optimizing database systems: implementation and experimental evaluation

CAC '13: Proceedings of the 2013 ACM Cloud and Autonomic Computing Conference

ABSTRACT

References

Cited By

Index Terms

Recommendations

Internal Self-protecting for Consistency and Stability in an Autonomic Manager

Applying component-based design to self-protection of ubiquitous systems

Self-Protecting Documents for Cloud Storage Security