Security-control methods for statistical databases: a comparative study
ACM Computing Surveys (CSUR)
A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
Formal query languages for secure relational databases
ACM Transactions on Database Systems (TODS)
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
The multilevel relational (MLR) data model
ACM Transactions on Information and System Security (TISSEC)
An authorization mechanism for a relational database system
ACM Transactions on Database Systems (TODS)
Multilevel secure transaction processing
Journal of Computer Security
Efficient damage assessment and repair in resilient distributed database systems
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Design, Implementation, and Evaluation of a Repairable Database Management System
ICDE '05 Proceedings of the 21st International Conference on Data Engineering
Real-time data attack isolation for commercial database applications
Journal of Network and Computer Applications
International Journal of Information and Computer Security
A real-time intrusion prevention system for commercial enterprise databases and file systems
AIKED'05 Proceedings of the 4th WSEAS International Conference on Artificial Intelligence, Knowledge Engineering Data Bases
A real-time intrusion prevention system for commercial enterprise databases
SEPADS'05 Proceedings of the 4th WSEAS International Conference on Software Engineering, Parallel & Distributed Systems
A real-time intrusion prevention system for commercial enterprise databases and file systems
MMACTEE'08 Proceedings of the 10th WSEAS International Conference on Mathematical Methods and Computational Techniques in Electrical Engineering
Data Dependency Based Recovery Approaches in Survival Database Systems
ICCS '07 Proceedings of the 7th international conference on Computational Science, Part II
The implementation and evaluation of a recovery system for workflows
Journal of Network and Computer Applications
A Robust Damage Assessment Model for Corrupted Database Systems
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Damage assessment and repair in attack resilient distributed database systems
Computer Standards & Interfaces
A dead-lock free self-healing algorithm for distributed transactional processes
ICISS'06 Proceedings of the Second international conference on Information Systems Security
| Hi-index | 0.00 |
This paper presents the design and implementation of an on-the-fly damage assessment and repair tool for intrusion tolerant commercial database applications, called ODAR. ODAR is a COTS-DBMS-specific implementation of a general on-the-fly damage assessment and repair approach developed by P. Ammann, S. Jajodia, and P. Liu in [8]. The general approach, given a set of malicious transactions reported by an intrusion detector, locates and repairs the damage caused by each malicious transaction on the database, along with the damage caused by any benign transaction that is affected, directly or indirectly, by a malicious transaction. The general approach locates and repairs damage on-the-fly without the need to periodically halt normal transaction processing. In this paper, the development of the first ODAR prototype, which is for Oracle Server 8.1.6, is discussed. ODAR uses triggers and transaction profiles to keep track of the read and write operations of transactions, locates damage by tracing the affecting relationships among transactions along the history, and repairs damage by composing and executing some specific UNDO transactions. ODAR is transparent to on-going user transactions and very general. In addition to Oracle, it can be easily adapted to support many other database application platforms such as Microsoft SQL Server, Sybase, and Informix. To our best knowledge, ODAR is the first tool that can do automatic on-the-fly damage assessment and repair for commercial database applications.