Architectures for intrusion tolerant database systems

In this paper we propose four architectures for intrusion-tolerant database systems. While traditional secure database systems rely on prevention controls, an intrusion-tolerant database system can operate through attacks in such a way that the system can continue delivering essential services in the face of attacks. With a focus on attacks by malicious transactions, Architecture I can detect intrusions, and locate and repair the damage caused by the intrusions. Architecture II enhances Architecture I with the ability to isolate attacks so that the database can be immunized from the damage caused by a lot of attacks. Architecture III enhances Architecture I with the ability to dynamically contain the damage in such a way that no damage will leak out during the attack recovery process. Architecture IV enhances Architectures II and III with the ability to adapt the intrusion-tolerance controls to the changing environment so that a stabilized level of trustworthiness can be maintained. Architecture IV enhances Architecture IV with the ability to deliver differential, quantitative QoIA services to customers who have subscribed for these services even in the face of attacks.

[1]  John P. McDermott,et al.  Towards a model of storage jamming , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[2]  Salvatore J. Stolfo,et al.  Credit Card Fraud Detection Using Meta-Learning: Issues and Initial Results 1 , 1997 .

[3]  Peng Liu,et al.  ODAR: An On-the-fly Damage Assessment and Repair System for Commercial Database Applications , 2001, DBSec.

[4]  Peng Liu DAIS: a real-time data attack isolation system for commercial database applications , 2001, Seventeenth Annual Computer Security Applications Conference.

[5]  Dong Xiang,et al.  Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[6]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[7]  Sushil Jajodia,et al.  Intrusion Confinement by Isolation in Information Systems , 2000, J. Comput. Secur..

[8]  Sushil Jajodia,et al.  Using Checksums to Detect Data Corruption , 2000, EDBT.

[9]  Matthew C. Elder,et al.  Survivability architectures: issues and approaches , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[10]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[11]  R. Sekar,et al.  A fast automaton-based method for detecting anomalous program behaviors , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[12]  Sushil Jajodia,et al.  Multi-phase damage confinement in database systems for intrusion tolerance , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[13]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[14]  Robert Balzer,et al.  Document integrity through mediated interfaces , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[15]  B. Dutertre,et al.  Intrusion tolerant software architectures , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[16]  Sushil Jajodia,et al.  Recovery from Malicious Transactions , 2002, IEEE Trans. Knowl. Data Eng..

[17]  Radek Vingralek,et al.  How to build a trusted database system on untrusted storage , 2000, OSDI.

[18]  Sushil Jajodia,et al.  Surviving information warfare attacks on databases , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[19]  Kishor S. Trivedi,et al.  Characterizing intrusion tolerant systems using a state transition model , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[20]  Zhong Shao,et al.  A type system for certi .ed binaries , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[21]  Erik Hagersten,et al.  Trends in Shared Memory Multiprocessing , 1997, Computer.

[22]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[23]  Teresa F. Lunt,et al.  A survey of intrusion detection techniques , 1993, Comput. Secur..

[24]  Pradeep K. Khosla,et al.  Survivable Information Storage Systems , 2000, Computer.

[25]  Fang Chen,et al.  The multilevel relational (MLR) data model , 1998, TSEC.

[26]  Marianne Winslett,et al.  Formal query languages for secure relational databases , 1994, TODS.

[27]  Partha Pal,et al.  Defense-enabled applications , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[28]  John A. Zinky,et al.  Open implementation toolkit for building survivable applications , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[29]  Sean W. Smith,et al.  Using a High-Performance, Programmable Secure Coprocessor , 1998, Financial Cryptography.

[30]  Sushil Jajodia,et al.  Multilevel Secure Transaction Processing , 1999, Advances in Database Systems.

[31]  Deep Medhi,et al.  Multi-layered network survivability-models, analysis, architecture, framework and implementation: an overview , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[32]  Refik Molva,et al.  IDAMN: An Intrusion Detection Architecture for Mobile Networks , 1997, IEEE J. Sel. Areas Commun..

[33]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[34]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[35]  Peng Liu,et al.  The design of an adaptive intrusion tolerant database system , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[36]  Michael K. Reiter,et al.  Persistent objects in the Fleet system , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[37]  Susan B. Davidson,et al.  Optimism and consistency in partitioned distributed database systems , 1984, TODS.

[38]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[39]  Michael Gertz,et al.  DEMIDS: A Misuse Detection System for Database Systems , 2000, IICIS.

[40]  Harold S. Javitz,et al.  The SRI IDES statistical anomaly detector , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.