Multi-phase damage confinement in database systems for intrusion tolerance

P. Liu, S. Jajodia

Research output: Chapter in Book/Report/Conference proceedingConference contribution

33 Scopus citations

Abstract

Preventive measures sometimes fail to defect malicious attacks. With cyber attacks on data-intensive applications becoming an ever more serious threat, intrusion tolerant database systems are a significant concern. Intrusion detectors are a key component of an intrusion tolerant database system. However, a relatively long detection latency is usually unavoidable for detection accuracy, especially in anomaly detection, and it can cause ineffective - to some degree at least - damage confinement, In a busy database ineffective confinement can make the database too damaged to be useful, In this paper, we present an innovative multi-phase damage confinement approach to solve this problem, In contract to a traditional one-phase confinement approach our approach has one confining phase to quickly confine the damage, and one or more later on unconfining phases to unconfine the objects that are mistakenly confined during the first phase. Our approach can ensure no damage spreading after the detection time, although some availability can be temporarily lost. Our approach can be easily extended to support flexible control of damage spreading and multiple confinement policies. Our approach is practical, effective, efficient, and to a large extent assessment independent.

Original languageEnglish (US)
Title of host publicationProceedings of the Computer Security Foundations Workshop
Pages191-205
Number of pages15
DOIs
StatePublished - 2001
Event14th IEEE Computer Security Foundations Workshop (CSFW-14) - Cape Brenton, NS, United States
Duration: Jun 11 2001Jun 13 2001

Other

Other14th IEEE Computer Security Foundations Workshop (CSFW-14)
CountryUnited States
CityCape Brenton, NS
Period6/11/016/13/01

All Science Journal Classification (ASJC) codes

  • Software

Fingerprint Dive into the research topics of 'Multi-phase damage confinement in database systems for intrusion tolerance'. Together they form a unique fingerprint.

Cite this