Trusted Recovery from Information Attacks

Abstract : Preventive measures sometimes fail to deflect malicious attacks. In this work, we adopt an information warfare perspective which assumes success by the attacker in achieving partial, but not complete damage. in particular, we work in the database context and consider recovery form malicious but committed transactions. Traditional recovery mechanisms do not address this problem, except for complete rollbacks, which undo the work of benign transactions as well as malicious ones, and compensating transactions, whose utility depends on application semantics. recovery is complicated by the presence of benign transactions that depend, directly or indirectly, on the malicious transactions. We present recovery models to restore only the damaged part of the database. Two families of new repair algorithms are developed: one is a set of dependency-graph based algorithms, the other is a set of algorithms that do repair via rewriting histories.

[1]  Teresa F. Lunt,et al.  A survey of intrusion detection techniques , 1993, Comput. Secur..

[2]  Abraham Silberschatz,et al.  A Formal Approach to Recovery by Compensating Transactions , 1990, VLDB.

[3]  Koral Ilgun,et al.  USTAT: a real-time intrusion detection system for UNIX , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[5]  James P. Black,et al.  Principles of Data Structure Error Correction , 1982, IEEE Transactions on Computers.

[6]  Michael Stonebraker,et al.  The Design of XPRS , 1988, VLDB.

[7]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[8]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[9]  Santosh K. Shrivastava,et al.  A Model of Recoverability in Multilevel Systems , 1978, IEEE Transactions on Software Engineering.

[10]  Henry F. Korth,et al.  Locking Primitives in a Database System , 1983, JACM.

[11]  David B. Lomet,et al.  MLR: a recovery method for multi-level systems , 1992, SIGMOD '92.

[12]  Divyakant Agrawal,et al.  Using message semantics to reduce rollback in optimistic message logging recovery schemes , 1994, 14th International Conference on Distributed Computing Systems.

[13]  Hector Garcia-Molina,et al.  Using semantic knowledge for transaction processing in a distributed database , 1983, TODS.

[14]  Robert E. Strom,et al.  Optimistic recovery in distributed systems , 1985, TOCS.

[15]  Shiuh-Pyng Shieh,et al.  On a Pattern-Oriented Model for Intrusion Detection , 1997, IEEE Trans. Knowl. Data Eng..

[16]  Brian Randell System structure for software fault tolerance , 1975 .

[17]  Sushil Jajodia,et al.  A Timestamp Ordering Algorithm for Secure, Single-Version, Multi-Level Databases , 1991, DBSec.

[18]  Sushil Jajodia,et al.  Abstraction-based misuse detection: high-level specifications and adaptable strategies , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[19]  Sushil Jajodia,et al.  Transaction processing in multilevel-secure databases using replicated architecture , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[20]  H. J. Pels,et al.  An introduction to database systems, sixth edition , 1997 .

[21]  Simson L. Garfinkel,et al.  Practical UNIX Security , 1991 .

[22]  John P. McDermott,et al.  Storage Jamming , 1995, DBSec.

[23]  Butler W. Lampson,et al.  Atomic Transactions , 1980, Advanced Course: Distributed Systems.

[24]  Elisa Bertino,et al.  Transaction Processing in Multilevel Secure Databases with Kernelized Architectures: Challenges and Solutions , 1997, IEEE Trans. Knowl. Data Eng..

[25]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[26]  Sushil Jajodia,et al.  Application-level isolation to cope with malicious database users , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[27]  Richard A. Kemmerer,et al.  Penetration state transition analysis: A rule-based intrusion detection approach , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.

[28]  Susan B. Davidson,et al.  Optimism and consistency in partitioned distributed database systems , 1984, TODS.

[29]  Anita Borg,et al.  A message system supporting fault tolerance , 1983, SOSP '83.

[30]  Gerhard Weikum,et al.  Multi-level recovery , 1990, PODS.

[31]  Wei-Tek Tsai,et al.  Multiversion concurrency control for multilevel secure database systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[32]  B. R. Badrinath,et al.  Semantics-based concurrency control: Beyond commutativity , 1987, 1987 IEEE Third International Conference on Data Engineering.

[33]  Mark R. Tuttle,et al.  Redo Recovery after System Crashes , 1995, VLDB.

[34]  Sushil Jajodia,et al.  Secure Locking Protocols for Multilevel Database Management Systems , 1996, DBSec.

[35]  Sushil Jajodia,et al.  Alternative correctness criteria for concurrent execution of transactions in multilevel secure databases , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[36]  Oliver Costich,et al.  A multilevel transaction problem for multilevel secure database systems and its solution for the replicated architecture , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[37]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[38]  Hans-Jörg Schek,et al.  Concepts and Applications of Multilevel Transactions and Open Nested Transactions , 1992, Database Transaction Models for Advanced Applications.

[39]  Sushil Jajodia,et al.  Applying formal methods to semantic-based decomposition of transactions , 1997, TODS.

[40]  Dennis Shasha,et al.  The dangers of replication and a solution , 1996, SIGMOD '96.

[41]  Philip A. Bernstein,et al.  Sequoia: a fault-tolerant tightly coupled multiprocessor for transaction processing , 1988, Computer.

[42]  Shiuh-Pyng Shieh,et al.  A pattern-oriented intrusion-detection model and its applications , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[43]  Andreas Reuter,et al.  Principles of transaction-oriented database recovery , 1983, CSUR.

[44]  Sushil Jajodia,et al.  On-The-Fly Reading of Entire Databases , 1995, IEEE Trans. Knowl. Data Eng..

[45]  Calton Pu,et al.  Split-Transactions for Open-Ended Activities , 1988, VLDB.

[46]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[47]  William E. Weihl,et al.  Commutativity-based concurrency control for abstract data types , 1988, [1988] Proceedings of the Twenty-First Annual Hawaii International Conference on System Sciences. Volume II: Software track.

[48]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[49]  Andreas Reuter,et al.  The ConTract Model , 1991, Database Transaction Models for Advanced Applications.

[50]  Sushil Jajodia,et al.  Using Two-Phase Commit for Crash Recovery in Federated Multilevel Secure Database Management Systems , 1993 .

[51]  John P. McDermott,et al.  Towards a model of storage jamming , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[52]  Jim Gray,et al.  Benchmark Handbook: For Database and Transaction Processing Systems , 1992 .

[53]  Sushil Jajodia,et al.  Integrating Concurrency Control and Commit Algorithms in Distributed Multilevel Secure Databases , 1993, Database Security.

[54]  Harold S. Javitz,et al.  The NIDES Statistical Component Description and Justification , 1994 .

[55]  Andreas Reuter,et al.  Transaction Processing: Concepts and Techniques , 1992 .

[56]  Shankar Pal,et al.  The design and implementation of a multilevel secure log manager , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[57]  Bev Littlewood,et al.  Predictably Dependable Computing Systems , 2012, ESPRIT Basic Research Series.

[58]  Sushil Jajodia,et al.  Surviving information warfare attacks on databases , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[59]  Hamid Pirahesh,et al.  Efficient and flexible methods for transient versioning of records to avoid locking by read-only transactions , 1992, SIGMOD '92.

[60]  Ravi S. Sandhu The typed access matrix model , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.