Concurrency control and recovery in database systems
Concurrency control and recovery in database systems
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Security-control methods for statistical databases: a comparative study
ACM Computing Surveys (CSUR)
A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
A survey of intrusion detection techniques
Computers and Security
Formal query languages for secure relational databases
ACM Transactions on Database Systems (TODS)
State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
Proceedings of the ninth annual IFIP TC11 WG11.3 working conference on Database security IX : status and prospects: status and prospects
Temporal sequence learning and data reduction for anomaly detection
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
The multilevel relational (MLR) data model
ACM Transactions on Information and System Security (TISSEC)
Communications of the ACM
An authorization mechanism for a relational database system
ACM Transactions on Database Systems (TODS)
Rewriting Histories: Recovering from Malicious Transactions
Distributed and Parallel Databases - Security of data and transaction processing
Intrusion confinement by isolation in information systems
Journal of Computer Security - Special issue on database security
Benchmark Handbook: For Database and Transaction Processing Systems
Benchmark Handbook: For Database and Transaction Processing Systems
On a Pattern-Oriented Model for Intrusion Detection
IEEE Transactions on Knowledge and Data Engineering
Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse
IEEE Transactions on Software Engineering
Using Checksums to Detect Data Corruption
EDBT '00 Proceedings of the 7th International Conference on Extending Database Technology: Advances in Database Technology
Reconstructing the Database after Electronic Attacks
Proceedings of the IFIP TC11 WG 11.3 Twelfth International Working Conference on Database Security XII: Status and Prospects
Towards a model of storage jamming
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
USTAT: A Real-Time Intrusion Detection System for UNIX
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Surviving information warfare attacks on databases
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
IDAMN: an intrusion detection architecture for mobile networks
IEEE Journal on Selected Areas in Communications
The design and implementation of a self-healing database system
Journal of Intelligent Information Systems - Special issue: Database and applications security
Specifying and using intrusion masking models to process distributed operations
Journal of Computer Security
Implementation of voting mechanism in intrusion tolerance system
ICCOMP'05 Proceedings of the 9th WSEAS International Conference on Computers
The implementation and evaluation of a recovery system for workflows
Journal of Network and Computer Applications
Dynamic damage recovery for web databases
Journal of Computer Science and Technology
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
A dead-lock free self-healing algorithm for distributed transactional processes
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Hi-index | 0.00 |
Abstract: Preventive measures sometimes fail to defect malicious attacks. With cyber attacks on data-intensive applications becoming an ever more serious threat, intrusion tolerant database systems are a significant concern. Intrusion detectors are a key component of an intrusion tolerant database system. However, a relatively long detection latency is usually unavoidable for detection accuracy, especially in anomaly detection, and it can cause ineffective - to some degree at least - damage confinement. In a busy database ineffective confinement can make the database too damaged to be useful. In this paper, we present an innovative multi-phase damage confinement approach to solve this problem. In contract to a traditional one-phase confinement approach our approach has one confining phase to quickly confine the damage, and one or more later on unconfining phases to unconfine the objects that are mistakenly confined during the first phase. Our approach can ensure no damage spreading after the detection time, although some availability can be temporarily lost. Our approach can be easily extended to support flexible control of damage spreading and multiple confinement policies. Our approach is practical, effective, efficient, and to a large extent assessment independent.