Rewriting Histories: Recovering from Malicious Transactions

Authors:
Peng Liu;Paul Ammann;Sushil Jajodia
Affiliations:
Department of Information Systems, University of Maryland, Baltimore County, Baltimore, MD 212 150, USA. pliu@umbc.edu;Center for Secure Information Systems, George Mason University, Fairfax, VA 22030, USA. pammann@gmu.edu;Center for Secure Information Systems, George Mason University, Fairfax, VA 22030, USA. jajodia@gmu.edu
Venue:
Distributed and Parallel Databases - Security of data and transaction processing
Year:
2000

Citing 32
Cited 30

Optimism and consistency in partitioned distributed database systems

ACM Transactions on Database Systems (TODS)
Concurrency control and recovery in database systems

Concurrency control and recovery in database systems
Sagas

SIGMOD '87 Proceedings of the 1987 ACM SIGMOD international conference on Management of data
Commutativity-Based Concurrency Control for Abstract Data Types

IEEE Transactions on Computers
A formal approach to recovery by compensating transactions

Proceedings of the sixteenth international conference on Very large databases
Semantics-based concurrency control: beyond commutativity

ACM Transactions on Database Systems (TODS)
Efficient and flexible methods for transient versioning of records to avoid locking by read-only transactions

SIGMOD '92 Proceedings of the 1992 ACM SIGMOD international conference on Management of data
MLR: a recovery method for multi-level systems

SIGMOD '92 Proceedings of the 1992 ACM SIGMOD international conference on Management of data
The ConTract model

Database transaction models for advanced applications
Concepts and applications of multilevel transactions and open nested transactions

Database transaction models for advanced applications
Orange locking: channel-free database concurrency control via locking

Results of the Sixth Working Conference of IFIP Working Group 11.3 on Database Security on Database security, VI : status and prospects: status and prospects
Role-Based Access Control Models

Computer
The dangers of replication and a solution

SIGMOD '96 Proceedings of the 1996 ACM SIGMOD international conference on Management of data
Secure locking protocols for multilevel database management systems

Proceedings of the tenth annual IFIP TC11/WG11.3 international conference on Database security: volume X : status and prospects: status and prospects
Multi-level recovery

PODS '90 Proceedings of the ninth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
Using semantic knowledge for transaction processing in a distributed database

ACM Transactions on Database Systems (TODS)
Locking Primitives in a Database System

Journal of the ACM (JACM)
Transaction Processing: Concepts and Techniques

Transaction Processing: Concepts and Techniques
On-The-Fly Reading of Entire Databases

IEEE Transactions on Knowledge and Data Engineering
Alternative Correctness Criteria for Concurrent Execution of Transactions in Multilevel Secure Databases

IEEE Transactions on Knowledge and Data Engineering
Transaction Processing in Multilevel Secure Databases with Kernelized Architecture: Challenges and Solutions

IEEE Transactions on Knowledge and Data Engineering
The Design of XPRS

VLDB '88 Proceedings of the 14th International Conference on Very Large Data Bases
A Timestamp Ordering Algorithm for Secure, Single-Version, Multi-Level Databases

Results of the IFIP WG 11.3 Workshop on Database Security V: Status and Prospects
Transaction Processing Using an Untrusted Scheduler in a Multilevel Database with Replicated Architecture

Results of the IFIP WG 11.3 Workshop on Database Security V: Status and Prospects
Protection

ACM SIGOPS Operating Systems Review
Application-Level Isolation to Cope with Malicious Database Users

ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
A Multilevel Transaction Problem for Multilevel Secure Database Systems and Its Solution for the Replicated Architecture

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Alternative Correctness Criteria for Concurrent Execution of Transactions in Multilevel Secure Databases

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
The Typed Access Matrix Model

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
The design and implementation of a multilevel secure log manager

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Surviving information warfare attacks on databases

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy

Data dependency based logging for defensive information warfare

SAC '00 Proceedings of the 2000 ACM symposium on Applied computing - Volume 1
Transaction fusion in the wake of information warfare

Proceedings of the 2001 ACM symposium on Applied computing
Extended data dependency approach: a robust way of rebuilding database

Proceedings of the 2002 ACM symposium on Applied computing
Efficient damage assessment and repair in resilient distributed database systems

Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Reorganization of the database log for information warfare data recovery

Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Multi-Phase Damage Confinement in Database Systems for Intrusion Tolerance

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Hybrid log segmentation for assured damage assessment

Proceedings of the 2003 ACM symposium on Applied computing
A data mining approach for database intrusion detection

Proceedings of the 2004 ACM symposium on Applied computing
Design, Implementation, and Evaluation of a Repairable Database Management System

ICDE '05 Proceedings of the 21st International Conference on Data Engineering
The taser intrusion recovery system

Proceedings of the twentieth ACM symposium on Operating systems principles
Transaction fusion: a model for data recovery from information attacks

Journal of Intelligent Information Systems - Special issue: Database and applications security
The design and implementation of a self-healing database system

Journal of Intelligent Information Systems - Special issue: Database and applications security
Enterprise architecture analysis with extended influence diagrams

Information Systems Frontiers
Tamper detection in audit logs

VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Data Dependency Based Recovery Approaches in Survival Database Systems

ICCS '07 Proceedings of the 7th international conference on Computational Science, Part II
Dynamic data recovery for database systems based on fine grained transaction log

IDEAS '08 Proceedings of the 2008 international symposium on Database engineering & applications
The implementation and evaluation of a recovery system for workflows

Journal of Network and Computer Applications
TRACE: Zero-Down-Time Database Damage Tracking, Quarantine, and Cleansing with Negligible Run-Time Overhead

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
A data damage tracking quarantine and recovery (DTQR) scheme for mission-critical database systems

Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology
Unifying strategies and tactics: a survivability framework for countering cyber attacks

ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Damage assessment and repair in attack resilient distributed database systems

Computer Standards & Interfaces
PolicyReplay: misconfiguration-response queries for data breach reporting

Proceedings of the VLDB Endowment
Intrusion recovery using selective re-execution

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Dynamic damage recovery for web databases

Journal of Computer Science and Technology
Intrusion recovery for database-backed web applications

SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
A time-cognizant dynamic crash recovery scheme suitable for distributed real-time main memory databases

ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Succinct and fast accessible data structures for database damage assessment

ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
Efficient recovery from false state in distributed routing algorithms

NETWORKING'10 Proceedings of the 9th IFIP TC 6 international conference on Networking
A dead-lock free self-healing algorithm for distributed transactional processes

ICISS'06 Proceedings of the Second international conference on Information Systems Security
Component survivability at runtime for mission-critical distributed systems

The Journal of Supercomputing

Quantified Score

Hi-index	0.00

Visualization

Abstract

We consider recovery from malicious but committed transactions.Traditional recovery mechanisms do not address this problem,except for complete rollbacks,which undo the work of good transactions as well as malicious ones, and compensating transactions,whose utility depends on application semantics.We develop an algorithm that rewrites execution historiesfor the purpose of backing out malicious transactions.Good transactions that are affected,directly or indirectly, by malicious transactionscomplicate the process of backing out undesirable transactions.We show that the prefix of a rewritten history produced by the algorithm serializes exactly the set of unaffected good transactions.The suffix of the rewritten history includes special stateinformation to describe affected good transactions as well as malicious transactions.We describe techniques that can extract additionalgood transactions from this latter part of a rewritten history.The latter processing saves more good transactionsthan is possible with a dependency-graph based approach to recovery.