Multi-phase damage confinement in database systems for intrusion tolerance

P. Liu, S. Jajodia

Research output: Chapter in Book/Report/Conference proceedingConference contribution

37 Scopus citations


Preventive measures sometimes fail to defect malicious attacks. With cyber attacks on data-intensive applications becoming an ever more serious threat, intrusion tolerant database systems are a significant concern. Intrusion detectors are a key component of an intrusion tolerant database system. However, a relatively long detection latency is usually unavoidable for detection accuracy, especially in anomaly detection, and it can cause ineffective - to some degree at least - damage confinement, In a busy database ineffective confinement can make the database too damaged to be useful, In this paper, we present an innovative multi-phase damage confinement approach to solve this problem, In contract to a traditional one-phase confinement approach our approach has one confining phase to quickly confine the damage, and one or more later on unconfining phases to unconfine the objects that are mistakenly confined during the first phase. Our approach can ensure no damage spreading after the detection time, although some availability can be temporarily lost. Our approach can be easily extended to support flexible control of damage spreading and multiple confinement policies. Our approach is practical, effective, efficient, and to a large extent assessment independent.

Original languageEnglish (US)
Title of host publicationProceedings of the Computer Security Foundations Workshop
Number of pages15
StatePublished - 2001
Event14th IEEE Computer Security Foundations Workshop (CSFW-14) - Cape Brenton, NS, United States
Duration: Jun 11 2001Jun 13 2001


Other14th IEEE Computer Security Foundations Workshop (CSFW-14)
Country/TerritoryUnited States
CityCape Brenton, NS

All Science Journal Classification (ASJC) codes

  • Software


Dive into the research topics of 'Multi-phase damage confinement in database systems for intrusion tolerance'. Together they form a unique fingerprint.

Cite this