ODAR: An On-the-fly Damage Assessment and Repair System for Commercial Database Applications

This paper presents the design and implementation of an on-the-fly damage assessment and repair tool for intrusion tolerant commercial database applications, called ODAR. ODAR is a COTS-DBMS-specific implementation of a general on-the-fly damage assessment and repair approach developed by P. Ammann, S. Jajodia, and P. Liu in [8]. The general approach, given a set of malicious transactions reported by an intrusion detector, locates and repairs the damage caused by each malicious transaction on the database, along with the damage caused by any benign transaction that is affected, directly or indirectly, by a malicious transaction. The general approach locates and repairs damage on-the-fly without the need to periodically halt normal transaction processing. In this paper, the development of the first ODAR prototype, which is for Oracle Server 8.1.6, is discussed. ODAR uses triggers and transaction profiles to keep track of the read and write operations of transactions, locates damage by tracing the affecting relationships among transactions along the history, and repairs damage by composing and executing some specific UNDO transactions. ODAR is transparent to on-going user transactions and very general. In addition to Oracle, it can be easily adapted to support many other database application platforms such as Microsoft SQL Server, Sybase, and Informix. To our best knowledge, ODAR is the first tool that can do automatic on-the-fly damage assessment and repair for commercial database applications.

[1]  Chun Zhang,et al.  Storing and querying ordered XML using a relational database system , 2002, SIGMOD '02.

[2]  Marianne Winslett,et al.  Formal query languages for secure relational databases , 1994, TODS.

[3]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[4]  Sushil Jajodia,et al.  Multilevel Secure Transaction Processing , 1999, Advances in Database Systems.

[5]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[6]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[7]  Sushil Jajodia,et al.  Using Checksums to Detect Data Corruption , 2000, EDBT.

[8]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[9]  Fang Chen,et al.  The multilevel relational (MLR) data model , 1998, TSEC.

[10]  John P. McDermott,et al.  Towards a model of storage jamming , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[11]  Shiuh-Pyng Shieh,et al.  On a Pattern-Oriented Model for Intrusion Detection , 1997, IEEE Trans. Knowl. Data Eng..

[12]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[13]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[14]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[15]  Sushil Jajodia,et al.  Recovery from Malicious Transactions , 2002, IEEE Trans. Knowl. Data Eng..

[16]  John P. McDermott,et al.  Storage Jamming , 1995, DBSec.

[17]  Harold S. Javitz,et al.  The SRI IDES statistical anomaly detector , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.