DAIS: A real-time data attack isolation system for commercial database applications

Research output: Chapter in Book/Report/Conference proceedingConference contribution

16 Scopus citations

Abstract

Traditional database security mechanisms are very limited in defending successful data attacks. Authorized but malicious transactions can make a database useless by impairing its integrity and availability. The paper presents the design of a real-time data attack isolation system, denoted DAIS. DAIS isolates likely suspicious actions before a definite determination of intrusion is reported. In this way, the database can be immunized from many malicious transactions. DAIS is a COTS-DBMS-specific implementation of a general isolation algorithm that was developed previously (P. Liu et al., 2000). The design of the first DAIS prototype, which is for Oracle Server 8.1.6, is discussed. DAIS uses triggers and transaction profiles to keep track of the items read and written by transactions, isolates attacks by rewriting user SQL statements, and is transparent to end users. The DAIS design is very general. In addition to Oracle, it can be easily adapted to support many other database application platforms such as Microsoft SQL Server, Sybase, and Informix.

Original languageEnglish (US)
Title of host publicationProceedings - 17th Annual Computer Security Applications Conference, ACSAC 2001
PublisherIEEE Computer Society
Pages219-229
Number of pages11
ISBN (Electronic)0769514057
DOIs
Publication statusPublished - Jan 1 2001
Event17th Annual Computer Security Applications Conference, ACSAC 2001 - New Orleans, United States
Duration: Dec 10 2001Dec 14 2001

Publication series

NameProceedings - Annual Computer Security Applications Conference, ACSAC
Volume2001-January
ISSN (Print)1063-9527

Other

Other17th Annual Computer Security Applications Conference, ACSAC 2001
CountryUnited States
CityNew Orleans
Period12/10/0112/14/01

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Cite this

Liu, P. (2001). DAIS: A real-time data attack isolation system for commercial database applications. In Proceedings - 17th Annual Computer Security Applications Conference, ACSAC 2001 (pp. 219-229). [991538] (Proceedings - Annual Computer Security Applications Conference, ACSAC; Vol. 2001-January). IEEE Computer Society. https://doi.org/10.1109/ACSAC.2001.991538