A Distributed Algorithm for Workflow Recovery

Even though the automatic recovery techniques of workflow have attracted enough attention in recent years, several critical issues regarding the distributed recovery have not been addressed. For example, if we do the recovery under sustained attacks, in which condition the recovery can terminate? Is a synchronized clock necessary for distributed recovery? In this paper, we proposed a dead-lock free attack recovery algorithm for coordinated recovery and answered related questions. We defined different IDS report orders, and discussed the termination of the recovery under the given IDS report orders. We also proved that under specific situations, we have to freeze the recovery scheme to guarantee that the recovery can make progress.

[1]  David R. Jefferson,et al.  Virtual time , 1985, ICPP.

[2]  John P. McDermott,et al.  Towards a model of storage jamming , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[3]  Peng Liu,et al.  Intrusion Masking for Distributed Atomic Operations , 2003, SEC.

[4]  Rangaswamy Jagannathan,et al.  SYSTEM DESIGN DOCUMENT: NEXT-GENERATION INTRUSION DETECTION EXPERT SYSTEM (NIDES) , 1993 .

[5]  LinJun-Lin,et al.  A Survey of Distributed Database Checkpointing , 1997 .

[6]  LinJun-Lin,et al.  A Low-Cost Checkpointing Technique for Distributed Databases , 2001 .

[7]  Craig A. N. Soules,et al.  Survivable storage systems , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[8]  Sushil Jajodia,et al.  Intrusion Confinement by Isolation in Information Systems , 2000, J. Comput. Secur..

[9]  Sushil Jajodia,et al.  Using Checksums to Detect Data Corruption , 2000, EDBT.

[10]  Peng Liu DAIS: a real-time data attack isolation system for commercial database applications , 2001, Seventeenth Annual Computer Security Applications Conference.

[11]  Peng Liu,et al.  ODAR: An On-the-fly Damage Assessment and Repair System for Commercial Database Applications , 2001, DBSec.

[12]  Pradeep K. Khosla,et al.  Selecting the Right Data Distribution Scheme for a Survivable Storage System (CMU-CS-01-120) , 2001 .

[13]  Dong Xiang,et al.  Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[14]  Sushil Jajodia,et al.  Recovery from Malicious Transactions , 2002, IEEE Trans. Knowl. Data Eng..

[15]  Sushil Jajodia,et al.  Multi-phase damage confinement in database systems for intrusion tolerance , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[16]  Vijayalakshmi Atluri,et al.  A Chinese wall security model for decentralized workflow systems , 2001, CCS '01.

[17]  Matthew C. Elder,et al.  Survivability architectures: issues and approaches , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[18]  Pradeep K. Khosla,et al.  Survivable Information Storage Systems , 2000, Computer.

[19]  Dhiraj K. Pradhan,et al.  Roll-Forward and Rollback Recovery: Performance-Reliability Trade-Off , 1997, IEEE Trans. Computers.

[20]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[21]  Michael Gertz,et al.  DEMIDS: A Misuse Detection System for Database Systems , 2000, IICIS.

[22]  Johann Eder,et al.  Workflow recovery , 1996, Proceedings First IFCIS International Conference on Cooperative Information Systems.

[23]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[24]  Yi-Bing Lin,et al.  A study of time warp rollback mechanisms , 1991, TOMC.

[25]  Peng Liu,et al.  The design of an adaptive intrusion tolerant database system , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[26]  B. Dutertre,et al.  Intrusion tolerant software architectures , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[27]  Peng Liu,et al.  Self-healing workflow systems under attacks , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[28]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[29]  Jian Tang,et al.  A Scheme to Specify and Implement Ad-Hoc Recovery in Workflow Systems , 1998, EDBT.

[30]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[31]  Koral Ilgun,et al.  USTAT: a real-time intrusion detection system for UNIX , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[32]  Shiuh-Pyng Shieh,et al.  On a Pattern-Oriented Model for Intrusion Detection , 1997, IEEE Trans. Knowl. Data Eng..

[33]  Craig A. N. Soules,et al.  Self-securing storage: protecting data in compromised systems , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[34]  Harold S. Javitz,et al.  The SRI IDES statistical anomaly detector , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[35]  Refik Molva,et al.  IDAMN: An Intrusion Detection Architecture for Mobile Networks , 1997, IEEE J. Sel. Areas Commun..

[36]  Paul Helman,et al.  Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse , 1993, IEEE Trans. Software Eng..

[37]  Sushil Jajodia,et al.  Surviving information warfare attacks on databases , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[38]  R. Sekar,et al.  A fast automaton-based method for detecting anomalous program behaviors , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[39]  Carla E. Brodley,et al.  Temporal sequence learning and data reduction for anomaly detection , 1998, CCS '98.

[40]  Umeshwar Dayal,et al.  Failure handling for transaction hierarchies , 1997, Proceedings 13th International Conference on Data Engineering.