Architectures for intrusion tolerant database systems

Research output: Chapter in Book/Report/Conference proceedingConference contribution

55 Citations (Scopus)

Abstract

In this paper we propose four architectures for intrusion-tolerant database systems. While traditional secure database systems rely on prevention controls, an intrusion-tolerant database system can operate through attacks in such a way that the system can continue delivering essential services in the face of attacks. With a focus on attacks by malicious transactions, Architecture I can detect intrusions, and locate and repair the damage caused by the intrusions. Architecture II enhances Architecture I with the ability to isolate attacks so that the database can be immunized from the damage caused by a lot of attacks. Architecture III enhances Architecture I with the ability to dynamically contain the damage in such a way that no damage will leak out during the attack recovery process. Architecture IV enhances Architectures II and III with the ability to adapt the intrusion-tolerance controls to the changing environment so that a stabilized level of trustworthiness can be maintained. Architecture IV enhances Architecture IV with the ability to deliver differential, quantitative QoIA services to customers who have subscribed for these services even in the face of attacks.

Original languageEnglish (US)
Title of host publicationProceedings - 18th Annual Computer Security Applications Conference, ACSAC 2002
PublisherIEEE Computer Society
Pages311-320
Number of pages10
ISBN (Electronic)0769518281
DOIs
StatePublished - Jan 1 2002
Event18th Annual Computer Security Applications Conference, ACSAC 2002 - Las Vegas, United States
Duration: Dec 9 2002Dec 13 2002

Publication series

NameProceedings - Annual Computer Security Applications Conference, ACSAC
Volume2002-January
ISSN (Print)1063-9527

Other

Other18th Annual Computer Security Applications Conference, ACSAC 2002
CountryUnited States
CityLas Vegas
Period12/9/0212/13/02

Fingerprint

Repair
Recovery

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Cite this

Liu, P. (2002). Architectures for intrusion tolerant database systems. In Proceedings - 18th Annual Computer Security Applications Conference, ACSAC 2002 (pp. 311-320). [1176303] (Proceedings - Annual Computer Security Applications Conference, ACSAC; Vol. 2002-January). IEEE Computer Society. https://doi.org/10.1109/CSAC.2002.1176303
Liu, Peng. / Architectures for intrusion tolerant database systems. Proceedings - 18th Annual Computer Security Applications Conference, ACSAC 2002. IEEE Computer Society, 2002. pp. 311-320 (Proceedings - Annual Computer Security Applications Conference, ACSAC).
@inproceedings{aa5ed654827d4629a40d9e6b29f16bbc,
title = "Architectures for intrusion tolerant database systems",
abstract = "In this paper we propose four architectures for intrusion-tolerant database systems. While traditional secure database systems rely on prevention controls, an intrusion-tolerant database system can operate through attacks in such a way that the system can continue delivering essential services in the face of attacks. With a focus on attacks by malicious transactions, Architecture I can detect intrusions, and locate and repair the damage caused by the intrusions. Architecture II enhances Architecture I with the ability to isolate attacks so that the database can be immunized from the damage caused by a lot of attacks. Architecture III enhances Architecture I with the ability to dynamically contain the damage in such a way that no damage will leak out during the attack recovery process. Architecture IV enhances Architectures II and III with the ability to adapt the intrusion-tolerance controls to the changing environment so that a stabilized level of trustworthiness can be maintained. Architecture IV enhances Architecture IV with the ability to deliver differential, quantitative QoIA services to customers who have subscribed for these services even in the face of attacks.",
author = "Peng Liu",
year = "2002",
month = "1",
day = "1",
doi = "10.1109/CSAC.2002.1176303",
language = "English (US)",
series = "Proceedings - Annual Computer Security Applications Conference, ACSAC",
publisher = "IEEE Computer Society",
pages = "311--320",
booktitle = "Proceedings - 18th Annual Computer Security Applications Conference, ACSAC 2002",
address = "United States",

}

Liu, P 2002, Architectures for intrusion tolerant database systems. in Proceedings - 18th Annual Computer Security Applications Conference, ACSAC 2002., 1176303, Proceedings - Annual Computer Security Applications Conference, ACSAC, vol. 2002-January, IEEE Computer Society, pp. 311-320, 18th Annual Computer Security Applications Conference, ACSAC 2002, Las Vegas, United States, 12/9/02. https://doi.org/10.1109/CSAC.2002.1176303

Architectures for intrusion tolerant database systems. / Liu, Peng.

Proceedings - 18th Annual Computer Security Applications Conference, ACSAC 2002. IEEE Computer Society, 2002. p. 311-320 1176303 (Proceedings - Annual Computer Security Applications Conference, ACSAC; Vol. 2002-January).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Architectures for intrusion tolerant database systems

AU - Liu, Peng

PY - 2002/1/1

Y1 - 2002/1/1

N2 - In this paper we propose four architectures for intrusion-tolerant database systems. While traditional secure database systems rely on prevention controls, an intrusion-tolerant database system can operate through attacks in such a way that the system can continue delivering essential services in the face of attacks. With a focus on attacks by malicious transactions, Architecture I can detect intrusions, and locate and repair the damage caused by the intrusions. Architecture II enhances Architecture I with the ability to isolate attacks so that the database can be immunized from the damage caused by a lot of attacks. Architecture III enhances Architecture I with the ability to dynamically contain the damage in such a way that no damage will leak out during the attack recovery process. Architecture IV enhances Architectures II and III with the ability to adapt the intrusion-tolerance controls to the changing environment so that a stabilized level of trustworthiness can be maintained. Architecture IV enhances Architecture IV with the ability to deliver differential, quantitative QoIA services to customers who have subscribed for these services even in the face of attacks.

AB - In this paper we propose four architectures for intrusion-tolerant database systems. While traditional secure database systems rely on prevention controls, an intrusion-tolerant database system can operate through attacks in such a way that the system can continue delivering essential services in the face of attacks. With a focus on attacks by malicious transactions, Architecture I can detect intrusions, and locate and repair the damage caused by the intrusions. Architecture II enhances Architecture I with the ability to isolate attacks so that the database can be immunized from the damage caused by a lot of attacks. Architecture III enhances Architecture I with the ability to dynamically contain the damage in such a way that no damage will leak out during the attack recovery process. Architecture IV enhances Architectures II and III with the ability to adapt the intrusion-tolerance controls to the changing environment so that a stabilized level of trustworthiness can be maintained. Architecture IV enhances Architecture IV with the ability to deliver differential, quantitative QoIA services to customers who have subscribed for these services even in the face of attacks.

UR - http://www.scopus.com/inward/record.url?scp=84948950072&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84948950072&partnerID=8YFLogxK

U2 - 10.1109/CSAC.2002.1176303

DO - 10.1109/CSAC.2002.1176303

M3 - Conference contribution

T3 - Proceedings - Annual Computer Security Applications Conference, ACSAC

SP - 311

EP - 320

BT - Proceedings - 18th Annual Computer Security Applications Conference, ACSAC 2002

PB - IEEE Computer Society

ER -

Liu P. Architectures for intrusion tolerant database systems. In Proceedings - 18th Annual Computer Security Applications Conference, ACSAC 2002. IEEE Computer Society. 2002. p. 311-320. 1176303. (Proceedings - Annual Computer Security Applications Conference, ACSAC). https://doi.org/10.1109/CSAC.2002.1176303