Trusted recovery

is of course necessary to take steps to prevent attacks from succeeding. At the same time, however, it is important to recognize that not all attacks can be averted at the outset. Attacks that succeed to some degree are unavoidable, and comprehensive support for identifying and responding to attacks is required [1]. Information warfare defense must consider the whole process of attack, response, and recovery. This requires a recognition of the multiple phases of the information warfare process. Prevention is just one phase; we explain others and then focus on the oft-Recent exploits by hackers have drawn attention to the importance of defending against potential information warfare. Defense and civil institutions rely so heavily on their information systems and networks that attacks that disable them could be devastating. Yet, as hacker attacks have demonstrated , protective mechanisms are fallible. Features and services that must be in place to carry out needed, legitimate functions can be abused by being used in unexpected ways to provide an avenue of attack. Further, an attacker who penetrates one system can use its relationships with other systems on the network to compromise them as well. Experiences of actual attacks have led to the recognition of the need to detect and react to attacks that succeed in breaching a system's protective mechanisms. Prevention and detection receive most of the attention, but recovery is an equally important phase of information warfare defense.

[1]  Sushil Jajodia,et al.  Using Checksums to Detect Data Corruption , 2000, EDBT.

[2]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[3]  Kishor S. Trivedi,et al.  Performance and Reliability Analysis of Computer Systems , 1996, Springer US.

[4]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[5]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[6]  Butler W. Lampson,et al.  Atomic Transactions , 1980, Advanced Course: Distributed Systems.

[7]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[8]  John E. Dobson,et al.  Database security IX: Status and prospects , 1996 .

[9]  Matthew C. Elder,et al.  Survivability architectures: issues and approaches , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[10]  Peng Liu,et al.  Intrusion confinement by isolation in information systems , 2000 .

[11]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[12]  David R. Jefferson,et al.  Virtual time , 1985, ICPP.

[13]  Sushil Jajodia,et al.  Surviving information warfare attacks on databases , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[14]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, CSUR.

[15]  TERRAN LANE,et al.  Temporal sequence learning and data reduction for anomaly detection , 1999, TSEC.

[16]  E. B. Moss,et al.  Nested Transactions: An Approach to Reliable Distributed Computing , 1985 .

[17]  Sushil Jajodia,et al.  Applying formal methods to semantic-based decomposition of transactions , 1997, TODS.

[18]  Yi-Bing Lin,et al.  A study of time warp rollback mechanisms , 1991, TOMC.

[19]  Shiuh-Pyng Shieh,et al.  On a Pattern-Oriented Model for Intrusion Detection , 1997, IEEE Trans. Knowl. Data Eng..

[20]  Paul Helman,et al.  Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse , 1993, IEEE Trans. Software Eng..

[21]  Hermann Kopetz,et al.  Fault tolerance, principles and practice , 1990 .

[22]  Andreas Reuter,et al.  Transaction Processing: Concepts and Techniques , 1992 .

[23]  Jian Tang,et al.  A Scheme to Specify and Implement Ad-Hoc Recovery in Workflow Systems , 1998, EDBT.

[24]  Umeshwar Dayal,et al.  Failure handling for transaction hierarchies , 1997, Proceedings 13th International Conference on Data Engineering.

[25]  Calton Pu,et al.  Split-Transactions for Open-Ended Activities , 1988, VLDB.

[26]  Teresa F. Lunt,et al.  A survey of intrusion detection techniques , 1993, Comput. Secur..

[27]  Pradeep K. Khosla,et al.  Survivable Information Storage Systems , 2000, Computer.

[28]  Fang Chen,et al.  The multilevel relational (MLR) data model , 1998, TSEC.

[29]  John P. McDermott,et al.  Storage Jamming , 1995, DBSec.

[30]  Sushil Jajodia,et al.  Multilevel Secure Transaction Processing , 1999, Advances in Database Systems.

[31]  Deep Medhi,et al.  Multi-layered network survivability-models, analysis, architecture, framework and implementation: an overview , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[32]  Johann Eder,et al.  Workflow recovery , 1996, Proceedings First IFCIS International Conference on Cooperative Information Systems.

[33]  Marianne Winslett,et al.  Formal query languages for secure relational databases , 1994, TODS.

[34]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[35]  Rangaswamy Jagannathan,et al.  SYSTEM DESIGN DOCUMENT: NEXT-GENERATION INTRUSION DETECTION EXPERT SYSTEM (NIDES) , 1993 .

[36]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[37]  John P. McDermott,et al.  Towards a model of storage jamming , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[38]  Harold S. Javitz,et al.  The SRI IDES statistical anomaly detector , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.