Recovery from Malicious Transactions

Authors:
Paul Ammann;Sushil Jajodia;Peng Liu
Affiliations:
-;-;-
Venue:
IEEE Transactions on Knowledge and Data Engineering
Year:
2002

Citing 27
Cited 35

Nested transactions: an approach to reliable distributed computing

Nested transactions: an approach to reliable distributed computing
Concurrency control and recovery in database systems

Concurrency control and recovery in database systems
An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Sagas

SIGMOD '87 Proceedings of the 1987 ACM SIGMOD international conference on Management of data
Security-control methods for statistical databases: a comparative study

ACM Computing Surveys (CSUR)
A model of authorization for next-generation database systems

ACM Transactions on Database Systems (TODS)
Efficient and flexible methods for transient versioning of records to avoid locking by read-only transactions

SIGMOD '92 Proceedings of the 1992 ACM SIGMOD international conference on Management of data
MLR: a recovery method for multi-level systems

SIGMOD '92 Proceedings of the 1992 ACM SIGMOD international conference on Management of data
The ConTract model

Database transaction models for advanced applications
Concepts and applications of multilevel transactions and open nested transactions

Database transaction models for advanced applications
A survey of intrusion detection techniques

Computers and Security
Formal query languages for secure relational databases

ACM Transactions on Database Systems (TODS)
State Transition Analysis: A Rule-Based Intrusion Detection Approach

IEEE Transactions on Software Engineering
A unified framework for enforcing multiple access control policies

SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
Storage jamming

Proceedings of the ninth annual IFIP TC11 WG11.3 working conference on Database security IX : status and prospects: status and prospects
The multilevel relational (MLR) data model

ACM Transactions on Information and System Security (TISSEC)
Multi-level recovery

PODS '90 Proceedings of the ninth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
Using semantic knowledge for transaction processing in a distributed database

ACM Transactions on Database Systems (TODS)
An authorization mechanism for a relational database system

ACM Transactions on Database Systems (TODS)
Transaction Processing: Concepts and Techniques

Transaction Processing: Concepts and Techniques
On-The-Fly Reading of Entire Databases

IEEE Transactions on Knowledge and Data Engineering
On a Pattern-Oriented Model for Intrusion Detection

IEEE Transactions on Knowledge and Data Engineering
Split-Transactions for Open-Ended Activities

VLDB '88 Proceedings of the 14th International Conference on Very Large Data Bases
A Formal Approach to Recovery by Compensating Transactions

VLDB '90 Proceedings of the 16th International Conference on Very Large Data Bases
Redo Recovery after System Crashes

VLDB '95 Proceedings of the 21th International Conference on Very Large Data Bases
Towards a model of storage jamming

CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
Surviving information warfare attacks on databases

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy

Efficient damage assessment and repair in resilient distributed database systems

Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Backtracking intrusions

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Backtracking intrusions

ACM Transactions on Computer Systems (TOCS)
Design, Implementation, and Evaluation of a Repairable Database Management System

ICDE '05 Proceedings of the 21st International Conference on Data Engineering
Self-healing mechanisms for kernel system compromises

WOSS '04 Proceedings of the 1st ACM SIGSOFT workshop on Self-managed systems
Transaction fusion: a model for data recovery from information attacks

Journal of Intelligent Information Systems - Special issue: Database and applications security
The design and implementation of a self-healing database system

Journal of Intelligent Information Systems - Special issue: Database and applications security
Real-time data attack isolation for commercial database applications

Journal of Network and Computer Applications
Specifying and using intrusion masking models to process distributed operations

Journal of Computer Security
Can-Follow Concurrency Control

IEEE Transactions on Computers
Tamper detection in audit logs

VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Evaluating the survivability of Intrusion Tolerant Database systems and the impact of intrusion detection deficiencies

International Journal of Information and Computer Security
A real-time intrusion prevention system for commercial enterprise databases and file systems

AIKED'05 Proceedings of the 4th WSEAS International Conference on Artificial Intelligence, Knowledge Engineering Data Bases
A real-time intrusion prevention system for commercial enterprise databases

SEPADS'05 Proceedings of the 4th WSEAS International Conference on Software Engineering, Parallel & Distributed Systems
A real-time intrusion prevention system for commercial enterprise databases and file systems

MMACTEE'08 Proceedings of the 10th WSEAS International Conference on Mathematical Methods and Computational Techniques in Electrical Engineering
Data Dependency Based Recovery Approaches in Survival Database Systems

ICCS '07 Proceedings of the 7th international conference on Computational Science, Part II
Responding to Anomalous Database Requests

SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Dynamic data recovery for database systems based on fine grained transaction log

IDEAS '08 Proceedings of the 2008 international symposium on Database engineering & applications
A light weighted damage tracking quarantine and recovery scheme for mission-critical database systems

Proceedings of the 17th ACM conference on Information and knowledge management
The implementation and evaluation of a recovery system for workflows

Journal of Network and Computer Applications
TRACE: Zero-Down-Time Database Damage Tracking, Quarantine, and Cleansing with Negligible Run-Time Overhead

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
A data damage tracking quarantine and recovery (DTQR) scheme for mission-critical database systems

Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology
A Robust Damage Assessment Model for Corrupted Database Systems

ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Unifying strategies and tactics: a survivability framework for countering cyber attacks

ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Damage assessment and repair in attack resilient distributed database systems

Computer Standards & Interfaces
Intrusion recovery using selective re-execution

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Attribution of malicious behavior

ICISS'10 Proceedings of the 6th international conference on Information systems security
Dynamic damage recovery for web databases

Journal of Computer Science and Technology
Intrusion recovery for database-backed web applications

SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
An immunity-based intrusion detection solution for database systems

WAIM'05 Proceedings of the 6th international conference on Advances in Web-Age Information Management
Recovering from malicious attacks in workflow systems

DEXA'05 Proceedings of the 16th international conference on Database and Expert Systems Applications
Towards database firewalls

DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
A dead-lock free self-healing algorithm for distributed transactional processes

ICISS'06 Proceedings of the Second international conference on Information Systems Security
Self-protecting and self-optimizing database systems: implementation and experimental evaluation

Proceedings of the 2013 ACM Cloud and Autonomic Computing Conference
LogGC: garbage collecting audit log

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Preventive measures sometimes fail to deflect malicious attacks. In this paper, we adopt an information warfare perspective, which assumes success by the attacker in achieving partial, but not complete, damage. In particular, we work in the database context and consider recovery from malicious but committed transactions. Traditional recovery mechanisms do not address this problem, except for complete rollbacks, which undo the work of benign transactions as well as malicious ones, and compensating transactions, whose utility depends on application semantics. Recovery is complicated by the presence of benign transactions that depend, directly or indirectly, on the malicious transactions. We present algorithms to restore only the damaged part of the database. We identify the information that needs to be maintained for such algorithms. The initial algorithms repair damage to quiescent databases; subsequent algorithms increase availability by allowing new transactions to execute concurrently with the repair process. Also, via a study of benchmarks, we show practical examples of how offline analysis can efficiently provide the necessary data to repair the damage of malicious transactions.