Practical Defenses Against Storage Jamming

Abstract : Storage jamming [15] is malicious but surreptitious modification of stored data, to reduce its quality. The person initiating the storage jamming does not receive any direct benefit. Instead, the goal is more indirect, such as deteriorating the position of a competitor. We assume that a Trojan horse does the storage jamming, since the Trojan horse may access data that the attacker cannot. Manual storage jamming is possible, but in general much less effective. We call values that should be stored authentic values. We call values stored by a jammer bogus values. A storage jamming attack diverges the state of the stored data from the authentic state. The attacker expects the bogus state will adversely affect the victim's performance of some real-world task. On the other hand, the attacker does not want the user to experience a catastrophic failure. The attacker expects that the victim will not detect the source of the problem but will continue to use the damaged data for a relatively long time. We make this more precise with the notion of lifetime. We define the lifetime of a storage jammer as the number of jams it can perform against a specific system before being discovered. The discovery does not necessarily have to be made on the system being jammed. The lifetime of a storage jammer is a function of the rate and extent of its jamming, the specific user population, and the seriousness of its impact on the real world.

[1]  John McDermott A Technique for Removing an Important Class of Trojan Horses from High-Order Languages , 1988 .

[2]  Abraham Silberschatz,et al.  Operating System Concepts , 1983 .

[3]  Oliver Costich,et al.  A Practical Transaction Model and Untrusted Transaction Manager for a Multilevel-Secure Database System , 1992, DBSec.

[4]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[5]  Ira S. Moskowitz,et al.  A Network Pump , 1996, IEEE Trans. Software Eng..

[6]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[7]  Sushil Jajodia,et al.  A single-level scheduler for the replicated architecture for multilevel-secure databases , 1991, Proceedings Seventh Annual Computer Security Applications Conference.

[8]  Sushil Jajodia,et al.  Transaction processing in multilevel-secure databases using replicated architecture , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[10]  Andrew Wood,et al.  The trusted path between SMITE and the user , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[11]  Sushil Jajodia,et al.  Surviving information warfare attacks on databases , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[12]  John P. McDermott,et al.  Towards a model of storage jamming , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[13]  Peter B. Galvin,et al.  Operating System Concepts, 4th Ed. , 1993 .

[14]  John P. McDermott,et al.  Storage Jamming , 1995, DBSec.

[15]  Abraham Silberschatz,et al.  Database System Concepts , 1980 .

[16]  Ravi S. Sandhu,et al.  Separation of Duties in Computerized Information Systems , 1990, DBSec.

[17]  Dan Thomsen,et al.  A comparison of type enforcement and Unix setuid implementation of well-formed transactions , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[18]  Amit P. Sheth,et al.  On serializability of multidatabase transactions through forced local conflicts , 1991, [1991] Proceedings. Seventh International Conference on Data Engineering.

[19]  K. Mani Chandy,et al.  Parallel program design - a foundation , 1988 .

[20]  Ravi S. Sandhu The typed access matrix model , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.