Multi-Phase Damage Confinement in Database Systems for Intrusion Tolerance
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Incentive-based modeling and inference of attacker intent, objectives, and strategies
Proceedings of the 10th ACM conference on Computer and communications security
Incentive-based modeling and inference of attacker intent, objectives, and strategies
ACM Transactions on Information and System Security (TISSEC)
The design and implementation of a self-healing database system
Journal of Intelligent Information Systems - Special issue: Database and applications security
Real-time data attack isolation for commercial database applications
Journal of Network and Computer Applications
Specifying and using intrusion masking models to process distributed operations
Journal of Computer Security
A real-time intrusion prevention system for commercial enterprise databases and file systems
AIKED'05 Proceedings of the 4th WSEAS International Conference on Artificial Intelligence, Knowledge Engineering Data Bases
A real-time intrusion prevention system for commercial enterprise databases
SEPADS'05 Proceedings of the 4th WSEAS International Conference on Software Engineering, Parallel & Distributed Systems
A real-time intrusion prevention system for commercial enterprise databases and file systems
MMACTEE'08 Proceedings of the 10th WSEAS International Conference on Mathematical Methods and Computational Techniques in Electrical Engineering
Alcatraz: An Isolated Environment for Experimenting with Untrusted Software
ACM Transactions on Information and System Security (TISSEC)
The implementation and evaluation of a recovery system for workflows
Journal of Network and Computer Applications
A novel approach for untrusted code execution
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Dynamic damage recovery for web databases
Journal of Computer Science and Technology
A dead-lock free self-healing algorithm for distributed transactional processes
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Hi-index | 0.00 |
System protection mechanisms such as access controls can be fooledby authorized but malicious users, masqueraders, and misfeasors.Intrusion detection techniques are therefore used to supplementthem. However, damage could have occurred before an intrusion isdetected. In many computing systems the requirement for a highdegree of soundness of intrusion reporting can yield poorperformance in detecting intrusions and cause long detectionlatency. As a result, serious damage can be caused either becausemany intrusions are never detected or the average detection latencyis too long. The process of bounding the damage caused byintrusions during intrusion detection is referred to as intrusionconfinement. We justify the necessity for intrusion confinementduring detection by using a probabilistic analysis model, andpropose a general solution to achieve intrusion confinement. Thekey idea of the solution is to isolate likely suspicious actionsbefore a definite determination of intrusion is reported. We alsopresent two concrete isolation protocols in the database and filesystem contexts, respectively, to evaluate the feasibility of thegeneral solution, which can be applied to many types of informationsystems.