Rewriting Histories: Recovering from Malicious Transactions

We consider recovery from malicious but committed transactions. Traditional recovery mechanisms do not address this problem, except for complete rollbacks, which undo the work of good transactions as well as malicious ones, and compensating transactions, whose utility depends on application semantics. We develop an algorithm that rewrites execution histories for the purpose of backing out malicious transactions. Good transactions that are affected, directly or indirectly, by malicious transactions complicate the process of backing out undesirable transactions. We show that the prefix of a rewritten history produced by the algorithm serializes exactly the set of unaffected good transactions. The suffix of the rewritten history includes special state information to describe affected good transactions as well as malicious transactions. We describe techniques that can extract additional good transactions from this latter part of a rewritten history. The latter processing saves more good transactions than is possible with a dependency-graph based approach to recovery.

[1]  Gerhard Weikum,et al.  Multi-level recovery , 1990, PODS.

[2]  Wei-Tek Tsai,et al.  Multiversion concurrency control for multilevel secure database systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Henry F. Korth,et al.  Locking Primitives in a Database System , 1983, JACM.

[4]  David B. Lomet,et al.  MLR: a recovery method for multi-level systems , 1992, SIGMOD '92.

[5]  Oliver Costich,et al.  A multilevel transaction problem for multilevel secure database systems and its solution for the replicated architecture , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  Hans-Jörg Schek,et al.  Concepts and Applications of Multilevel Transactions and Open Nested Transactions , 1992, Database Transaction Models for Advanced Applications.

[7]  Shankar Pal,et al.  The design and implementation of a multilevel secure log manager , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[8]  Hector Garcia-Molina,et al.  Using semantic knowledge for transaction processing in a distributed database , 1983, TODS.

[9]  Sushil Jajodia,et al.  A single-level scheduler for the replicated architecture for multilevel-secure databases , 1991, Proceedings Seventh Annual Computer Security Applications Conference.

[10]  Sushil Jajodia,et al.  Surviving information warfare attacks on databases , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[11]  Sushil Jajodia,et al.  Transaction processing in multilevel-secure databases using replicated architecture , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[12]  Andreas Reuter,et al.  Transaction Processing: Concepts and Techniques , 1992 .

[13]  Sushil Jajodia,et al.  Orange Locking: Channel-Free Database Concurrency Control Via Locking , 1992, DBSec.

[14]  Butler W. Lampson,et al.  Atomic Transactions , 1980, Advanced Course: Distributed Systems.

[15]  Sushil Jajodia,et al.  A Timestamp Ordering Algorithm for Secure, Single-Version, Multi-Level Databases , 1991, DBSec.

[16]  Ravi S. Sandhu The typed access matrix model , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[17]  Susan B. Davidson,et al.  Optimism and consistency in partitioned distributed database systems , 1984, TODS.

[18]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[19]  Hamid Pirahesh,et al.  Efficient and flexible methods for transient versioning of records to avoid locking by read-only transactions , 1992, SIGMOD '92.

[20]  Elisa Bertino,et al.  Transaction Processing in Multilevel Secure Databases with Kernelized Architectures: Challenges and Solutions , 1997, IEEE Trans. Knowl. Data Eng..

[21]  Elisa Bertino,et al.  Alternative Correctness Criteria for Concurrent Execution of Transactions in Multilevel Secure Databases , 1996, IEEE Trans. Knowl. Data Eng..

[22]  Sushil Jajodia,et al.  Application-level isolation to cope with malicious database users , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[23]  Michael Stonebraker,et al.  The Design of XPRS , 1988, VLDB.

[24]  Dennis Shasha,et al.  The dangers of replication and a solution , 1996, SIGMOD '96.

[25]  Sushil Jajodia,et al.  On-The-Fly Reading of Entire Databases , 1995, IEEE Trans. Knowl. Data Eng..

[26]  Mark R. Tuttle,et al.  Redo Recovery after System Crashes , 1995, VLDB.

[27]  Sushil Jajodia,et al.  Secure Locking Protocols for Multilevel Database Management Systems , 1996, DBSec.

[28]  Andreas Reuter,et al.  The ConTract Model , 1991, Database Transaction Models for Advanced Applications.

[29]  William E. Weihl Commutativity-based concurrency control for abstract data types , 1988 .

[30]  Calton Pu On-the-fly, incremental, consistent reading of entire databases , 2005, Algorithmica.

[31]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[32]  Sushil Jajodia,et al.  Recovery from Malicious Transactions , 2002, IEEE Trans. Knowl. Data Eng..

[33]  Abraham Silberschatz,et al.  A Formal Approach to Recovery by Compensating Transactions , 1990, VLDB.

[34]  B. R. Badrinath,et al.  Semantics-based concurrency control: Beyond commutativity , 1987, 1987 IEEE Third International Conference on Data Engineering.

[35]  Oliver Costich Transaction Processing Using an Untrusted Scheduler in a Multilevel Database with Replicated Architecture , 1991, DBSec.