Towards database firewalls

Authors:
Kun Bai;Hai Wang;Peng Liu
Affiliations:
The School of Information Science and Technology, Pennsylvania State University, University Park, PA;The School of Information Science and Technology, Pennsylvania State University, University Park, PA;The School of Information Science and Technology, Pennsylvania State University, University Park, PA
Venue:
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Year:
2005

Citing 11
Cited 1

Concurrency control and recovery in database systems

Concurrency control and recovery in database systems
Integrity control in relational database systems: an overview

Data & Knowledge Engineering
State Transition Analysis: A Rule-Based Intrusion Detection Approach

IEEE Transactions on Software Engineering
Proof-carrying code

Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A type system for certified binaries

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Recovery from Malicious Transactions

IEEE Transactions on Knowledge and Data Engineering
Using Checksums to Detect Data Corruption

EDBT '00 Proceedings of the 7th International Conference on Extending Database Technology: Advances in Database Technology
Using a High-Performance, Programmable Secure Coprocessor

FC '98 Proceedings of the Second International Conference on Financial Cryptography
Architectures for Intrusion Tolerant Database Systems

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Towards a model of storage jamming

CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
Multi-Phase Damage Confinement in Database Systems for Intrusion Tolerance

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations

Data Dependency Based Recovery Approaches in Survival Database Systems

ICCS '07 Proceedings of the 7th international conference on Computational Science, Part II

Quantified Score

Hi-index	0.00

Visualization

Abstract

Authentication based access control and integrity constraints are the major approaches applied in commercial database systems to guarantee information and data integrity. However, due to operational mistakes, malicious intent of insiders or identity fraud exploited by outsiders, data secured in a database can still be corrupted. Once attacked, database systems using current survivability technologies cannot continue providing satisfactory services according to differentiated information assurance requirements. In this paper, we present the innovative idea of a database firewall, which can not only serve differentiated information assurance requirements in the face of attacks, but also guarantee the availability and the integrity of data objects based on user requirements. Our approach provides a new strategy of integrity-aware data access based on an on-the-fly iterative estimation of the integrity level of data objects. Accordingly, a policy of transaction filtering will be dynamically enforced to significantly slow down damage propagation with minimum availability loss.