Real-time data attack isolation for commercial database applications

Peng Liu, Hai Wang, Lunquan Li

Research output: Contribution to journalArticle

4 Citations (Scopus)

Abstract

Traditional database security mechanisms are very limited in defending against data attacks. Authorized but malicious transactions can make a database useless by impairing its integrity and availability. This paper presents the design of a real-time data attack isolation system, denoted DAIS. DAIS isolates likely suspicious actions before a definite determination of intrusion is reported. In this way, the database can be immunized from many malicious transactions. DAIS is a COTS-DBMS-specific implementation of a general isolation algorithm that we developed [Liu P, Jajodia S, McCollum CD. Intrusion confinement by isolation in information systems. Journal of Computer Security, 2000;8(4):243-79]. In this paper, the design of the first DAIS prototype, which is for Oracle Server 9.2, is discussed. DAIS uses triggers and transaction profiles to keep track of the items read and written by transactions, isolates attacks by rewriting user SQL statements, and is transparent to end users. The DAIS design is very general. In addition to Oracle, it can be easily adapted to support many other database application platforms such as Microsoft SQL Server, Sybase, and Informix.

Original languageEnglish (US)
Pages (from-to)294-320
Number of pages27
JournalJournal of Network and Computer Applications
Volume29
Issue number4
DOIs
StatePublished - Nov 1 2006

Fingerprint

Servers
Security of data
Information systems
Availability

All Science Journal Classification (ASJC) codes

  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications

Cite this

@article{21e706b97868492b9d94df1efe55cf1c,
title = "Real-time data attack isolation for commercial database applications",
abstract = "Traditional database security mechanisms are very limited in defending against data attacks. Authorized but malicious transactions can make a database useless by impairing its integrity and availability. This paper presents the design of a real-time data attack isolation system, denoted DAIS. DAIS isolates likely suspicious actions before a definite determination of intrusion is reported. In this way, the database can be immunized from many malicious transactions. DAIS is a COTS-DBMS-specific implementation of a general isolation algorithm that we developed [Liu P, Jajodia S, McCollum CD. Intrusion confinement by isolation in information systems. Journal of Computer Security, 2000;8(4):243-79]. In this paper, the design of the first DAIS prototype, which is for Oracle Server 9.2, is discussed. DAIS uses triggers and transaction profiles to keep track of the items read and written by transactions, isolates attacks by rewriting user SQL statements, and is transparent to end users. The DAIS design is very general. In addition to Oracle, it can be easily adapted to support many other database application platforms such as Microsoft SQL Server, Sybase, and Informix.",
author = "Peng Liu and Hai Wang and Lunquan Li",
year = "2006",
month = "11",
day = "1",
doi = "10.1016/j.jnca.2005.03.001",
language = "English (US)",
volume = "29",
pages = "294--320",
journal = "Journal of Network and Computer Applications",
issn = "1084-8045",
publisher = "Academic Press Inc.",
number = "4",

}

Real-time data attack isolation for commercial database applications. / Liu, Peng; Wang, Hai; Li, Lunquan.

In: Journal of Network and Computer Applications, Vol. 29, No. 4, 01.11.2006, p. 294-320.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Real-time data attack isolation for commercial database applications

AU - Liu, Peng

AU - Wang, Hai

AU - Li, Lunquan

PY - 2006/11/1

Y1 - 2006/11/1

N2 - Traditional database security mechanisms are very limited in defending against data attacks. Authorized but malicious transactions can make a database useless by impairing its integrity and availability. This paper presents the design of a real-time data attack isolation system, denoted DAIS. DAIS isolates likely suspicious actions before a definite determination of intrusion is reported. In this way, the database can be immunized from many malicious transactions. DAIS is a COTS-DBMS-specific implementation of a general isolation algorithm that we developed [Liu P, Jajodia S, McCollum CD. Intrusion confinement by isolation in information systems. Journal of Computer Security, 2000;8(4):243-79]. In this paper, the design of the first DAIS prototype, which is for Oracle Server 9.2, is discussed. DAIS uses triggers and transaction profiles to keep track of the items read and written by transactions, isolates attacks by rewriting user SQL statements, and is transparent to end users. The DAIS design is very general. In addition to Oracle, it can be easily adapted to support many other database application platforms such as Microsoft SQL Server, Sybase, and Informix.

AB - Traditional database security mechanisms are very limited in defending against data attacks. Authorized but malicious transactions can make a database useless by impairing its integrity and availability. This paper presents the design of a real-time data attack isolation system, denoted DAIS. DAIS isolates likely suspicious actions before a definite determination of intrusion is reported. In this way, the database can be immunized from many malicious transactions. DAIS is a COTS-DBMS-specific implementation of a general isolation algorithm that we developed [Liu P, Jajodia S, McCollum CD. Intrusion confinement by isolation in information systems. Journal of Computer Security, 2000;8(4):243-79]. In this paper, the design of the first DAIS prototype, which is for Oracle Server 9.2, is discussed. DAIS uses triggers and transaction profiles to keep track of the items read and written by transactions, isolates attacks by rewriting user SQL statements, and is transparent to end users. The DAIS design is very general. In addition to Oracle, it can be easily adapted to support many other database application platforms such as Microsoft SQL Server, Sybase, and Informix.

UR - http://www.scopus.com/inward/record.url?scp=33646195637&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33646195637&partnerID=8YFLogxK

U2 - 10.1016/j.jnca.2005.03.001

DO - 10.1016/j.jnca.2005.03.001

M3 - Article

VL - 29

SP - 294

EP - 320

JO - Journal of Network and Computer Applications

JF - Journal of Network and Computer Applications

SN - 1084-8045

IS - 4

ER -