The design and implementation of a self-healing database system

Authors:
Peng Liu;Jiwu Jing;Pramote Luenam;Ying Wang;Lunquan Li;Supawadee Ingsriswang
Affiliations:
School of Info Sciences and Technology, Pennsylvania State University, University Park, PA;Graduate School of CAS, Chinese Academy of Sciences, Beijing, China;Department of Information Systems, UMBC, Baltimore, MD;Department of Information Systems, UMBC, Baltimore, MD;Department of Information Systems, UMBC, Baltimore, MD;Department of Information Systems, UMBC, Baltimore, MD
Venue:
Journal of Intelligent Information Systems - Special issue: Database and applications security
Year:
2004

Citing 20
Cited 6

Optimism and consistency in partitioned distributed database systems

ACM Transactions on Database Systems (TODS)
Concurrency control and recovery in database systems

Concurrency control and recovery in database systems
A formal approach to recovery by compensating transactions

Proceedings of the sixteenth international conference on Very large databases
A survey of intrusion detection techniques

Computers and Security
Rewriting Histories: Recovering from Malicious Transactions

Distributed and Parallel Databases - Security of data and transaction processing
DEMIDS: a misuse detection system for database systems

Integrity and internal control information systems
Intrusion confinement by isolation in information systems

Journal of Computer Security - Special issue on database security
Benchmark Handbook: For Database and Transaction Processing Systems

Benchmark Handbook: For Database and Transaction Processing Systems
Survivable Information Storage Systems

Computer
Recovery from Malicious Transactions

IEEE Transactions on Knowledge and Data Engineering
Architectures for Intrusion Tolerant Database Systems

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Towards a model of storage jamming

CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
Towards Fault-tolerant Software Architectures

WICSA '01 Proceedings of the Working IEEE/IFIP Conference on Software Architecture
DAIS: A Real-Time Data Attack Isolation System for Commercial Database Applications

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Multi-Phase Damage Confinement in Database Systems for Intrusion Tolerance

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
USTAT: A Real-Time Intrusion Detection System for UNIX

SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Surviving information warfare attacks on databases

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
How to build a trusted database system on untrusted storage

OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Learning trees and rules with set-valued features

AAAI'96 Proceedings of the thirteenth national conference on Artificial intelligence - Volume 1

Evaluating the survivability of Intrusion Tolerant Database systems and the impact of intrusion detection deficiencies

International Journal of Information and Computer Security
Data Dependency Based Recovery Approaches in Survival Database Systems

ICCS '07 Proceedings of the 7th international conference on Computational Science, Part II
Optimizing security measures in an intrusion tolerant database system

ISAS'08 Proceedings of the 5th international conference on Service availability
Damage assessment and repair in attack resilient distributed database systems

Computer Standards & Interfaces
Availability analysis of an IMS-based VoIP network system

ICCSA'10 Proceedings of the 2010 international conference on Computational Science and Its Applications - Volume Part IV
Modeling and evaluating the survivability of an intrusion tolerant database system

ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present the design and implementation of ITDB, a self-healing or intrusion-tolerant database prototype system. While traditional secure database systems rely on preventive controls and are very limited in surviving malicious attacks, ITDB can detect intrusions, isolate attacks, contain, assess, and repair the damage caused by intrusions in a timely manner such that sustained, self-stabilized levels of data integrity and availability can be provided to applications in the face of attacks. ITDB is implemented on top of a COTS DBMS. We have evaluated the cost effectiveness of ITDB using several micro-benchmarks. Preliminary testing measurements suggest that when the accuracy of intrusion detection is satisfactory, ITDB can effectively locate and repair the damage on-the fly with reasonable (database) performance penalty.