Intrusion Response System for Relational Databases by using Secondary Level Authentication

The intrusion response component of an overall intrusion detection system is responsible for issuing a suitable response to an anomalous request. We propose the Secondary Service Link Authenticator (SSLA) to support the intrusion response system. We follow the notion of database response policies to support our intrusion response system tailored for a DBMS. The interactive response policy language makes it very easy for the database administrators to specify appropriate response actions for different circumstances depending upon the nature of the anomalous request. The two main issues that we address in context of such response policies are that of policy matching, and policy administration. For the policy matching problem, we use two algorithms that efficiently search the policy database for policies that match an anomalous request. The experimental evaluation shows that our techniques are very efficient. The other issue that we address is that of administration of response policies to prevent malicious modifications to policy objects from legitimate users. We propose a novel Joint Threshold Administration Model (JTAM) that is based on the principle of separation of duty. The key idea in JTAM is that a policy object is jointly administered by at least k database administrator (DBAs), that is, any modification made to a policy object will be invalid unless it has been authorized by at least k DBAs. The design details of JTAM which is based on a cryptographic threshold signature scheme, and show how JTAM prevents malicious modifications to policy objects from authorized users and follws the SSLA.. We also implement JTAM in the PostgreSQL DBMS, and report experimental results on the efficiency of our techniques.

[1]  Jae-Gil Lee,et al.  Continuous query processing in data streams using duality of data and queries , 2006, SIGMOD Conference.

[2]  Helmut Veith,et al.  Efficient filtering in publish-subscribe systems using binary decision diagrams , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[3]  Dennis Shasha,et al.  Efficient Matching for Web-Based Publish/Subscribe Systems , 2000, CoopIS.

[4]  Eric N. Hanson,et al.  A predicate matching algorithm for database rule systems , 1990, SIGMOD '90.

[5]  Somesh Jha,et al.  Retrofitting legacy code for authorization policy enforcement , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[6]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 2000, Journal of Cryptology.

[7]  Dennis Shasha,et al.  Efficient Matching for Content-based Publish/Subscribe Systems , 2000 .

[8]  Dong Jian Efficient Matching for Content-Based Publish-Subscribe Systems , 2006 .

[9]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[10]  Marcos K. Aguilera,et al.  Matching events in a content-based subscription system , 1999, PODC '99.

[11]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[12]  Hector Garcia-Molina,et al.  Index structures for selective dissemination of information under the Boolean model , 1994, TODS.

[13]  Elisa Bertino,et al.  Detecting anomalous access patterns in relational databases , 2008, The VLDB Journal.

[14]  Jennifer Widom,et al.  Active Database Systems: Triggers and Rules For Advanced Database Processing , 1994 .

[15]  Terrance Goan,et al.  The Cyber Enemy Within ... Countering the Threat from Malicious Insiders , 2004, ACSAC.

[16]  Elisa Bertino,et al.  Responding to Anomalous Database Requests , 2008, Secure Data Management.