Trusted recovery

is of course necessary to take steps to prevent attacks from succeeding. At the same time, however, it is important to recognize that not all attacks can be averted at the outset. Attacks that succeed to some degree are unavoidable, and comprehensive support for identifying and responding to attacks is required [1]. Information warfare defense must consider the whole process of attack, response, and recovery. This requires a recognition of the multiple phases of the information warfare process. Prevention is just one phase; we explain others and then focus on the oft-Recent exploits by hackers have drawn attention to the importance of defending against potential information warfare. Defense and civil institutions rely so heavily on their information systems and networks that attacks that disable them could be devastating. Yet, as hacker attacks have demonstrated , protective mechanisms are fallible. Features and services that must be in place to carry out needed, legitimate functions can be abused by being used in unexpected ways to provide an avenue of attack. Further, an attacker who penetrates one system can use its relationships with other systems on the network to compromise them as well. Experiences of actual attacks have led to the recognition of the need to detect and react to attacks that succeed in breaching a system's protective mechanisms. Prevention and detection receive most of the attention, but recovery is an equally important phase of information warfare defense.

[1]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[2]  Pradeep K. Khosla,et al.  Survivable Information Storage Systems , 2000, Computer.

[3]  Sushil Jajodia,et al.  Using Checksums to Detect Data Corruption , 2000, EDBT.

[4]  D. Tipper,et al.  Multi-layered network survivability-models, analysis, architecture, framework and implementation: an overview , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[5]  Matthew C. Elder,et al.  Survivability architectures: issues and approaches , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[6]  Sushil Jajodia,et al.  Multilevel Secure Transaction Processing , 1999, Advances in Database Systems.

[7]  TERRAN LANE,et al.  Temporal sequence learning and data reduction for anomaly detection , 1999, TSEC.

[8]  Sushil Jajodia,et al.  Intrusion Confinement by Isolation in Information Systems , 2000, J. Comput. Secur..

[9]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[10]  Fang Chen,et al.  The multilevel relational (MLR) data model , 1998, TSEC.

[11]  Jian Tang,et al.  A Scheme to Specify and Implement Ad-Hoc Recovery in Workflow Systems , 1998, EDBT.

[12]  Shiuh-Pyng Shieh,et al.  On a Pattern-Oriented Model for Intrusion Detection , 1997, IEEE Trans. Knowl. Data Eng..

[13]  Sushil Jajodia,et al.  Applying formal methods to semantic-based decomposition of transactions , 1997, TODS.

[14]  Sushil Jajodia,et al.  Surviving information warfare attacks on databases , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[15]  Umeshwar Dayal,et al.  Failure handling for transaction hierarchies , 1997, Proceedings 13th International Conference on Data Engineering.

[16]  John E. Dobson,et al.  Database security IX: Status and prospects , 1996 .

[17]  Johann Eder,et al.  Workflow recovery , 1996, Proceedings First IFCIS International Conference on Cooperative Information Systems.

[18]  John P. McDermott,et al.  Towards a model of storage jamming , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[19]  Kishor S. Trivedi,et al.  Performance and Reliability Analysis of Computer Systems , 1996, Springer US.

[20]  Proceedings of the 1995 ACM SIGMOD international conference on Management of data , 1995, PODS 1995.

[21]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[22]  John P. McDermott,et al.  Storage Jamming , 1995, DBSec.

[23]  Marianne Winslett,et al.  Formal query languages for secure relational databases , 1994, TODS.

[24]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[25]  Paul Helman,et al.  Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse , 1993, IEEE Trans. Software Eng..

[26]  Teresa F. Lunt,et al.  A survey of intrusion detection techniques , 1993, Comput. Secur..

[27]  Rangaswamy Jagannathan,et al.  SYSTEM DESIGN DOCUMENT: NEXT-GENERATION INTRUSION DETECTION EXPERT SYSTEM (NIDES) , 1993 .

[28]  Andreas Reuter,et al.  Transaction Processing: Concepts and Techniques , 1992 .

[29]  Harold S. Javitz,et al.  The SRI IDES statistical anomaly detector , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[30]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[31]  Yi-Bing Lin,et al.  A study of time warp rollback mechanisms , 1991, TOMC.

[32]  Hermann Kopetz,et al.  Fault tolerance, principles and practice , 1990 .

[33]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, CSUR.

[34]  Calton Pu,et al.  Split-Transactions for Open-Ended Activities , 1988, VLDB.

[35]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[36]  E. B. Moss,et al.  Nested Transactions: An Approach to Reliable Distributed Computing , 1985 .

[37]  David R. Jefferson,et al.  Virtual time , 1985, ICPP.

[38]  Butler W. Lampson,et al.  Atomic Transactions , 1980, Advanced Course: Distributed Systems.

[39]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.