System protection mechanisms such as access controls can be fooled by authorized but malicious users, masqueraders, and misfeasors. Intrusion detection techniques are therefore used to supplement them. The capacity of these techniques, however is limited: innocent users may be mistaken for malicious ones while malicious users stay at large. Isolation is a method that has been applied to protect systems from damage while investigating further. This paper proposes the use of isolation at an application level to gain its benefits while minimizing loss of resources and productive work in the case of incidents later deemed innocent. We describe our scheme in the database context. It isolates the database transparently from further damage by users suspected to be malicious, while still maintaining continued availability for their transactions. Isolation is complicated by the inconsistencies that may develop between isolated database versions. We present both static and dynamic approaches to identify and resolve conflicts. Finally, we give several examples of applications in which the isolation scheme should be worthwhile and be able to achieve good performance.
[1]
Sushil Jajodia,et al.
Surviving information warfare attacks on databases
,
1997,
Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).
[2]
Susan B. Davidson,et al.
Optimism and consistency in partitioned distributed database systems
,
1984,
TODS.
[3]
Todd L. Heberlein,et al.
Network intrusion detection
,
1994,
IEEE Network.
[4]
Donald B. Johnson,et al.
Finding All the Elementary Circuits of a Directed Graph
,
1975,
SIAM J. Comput..
[5]
John P. McDermott,et al.
Storage Jamming
,
1995,
DBSec.
[6]
John P. McDermott,et al.
Towards a model of storage jamming
,
1996,
Proceedings 9th IEEE Computer Security Foundations Workshop.
[7]
Teresa F. Lunt,et al.
A survey of intrusion detection techniques
,
1993,
Comput. Secur..