TY - JOUR
T1 - Recovery from malicious transactions
AU - Ammann, Paul
AU - Jajodia, Sushil
AU - Liu, Peng
N1 - Funding Information:
This effort was sponsored by Rome Laboratory, Air Force Material Command, United States Air force, under agreement number F30602-97-1-0139.
PY - 2002/9
Y1 - 2002/9
N2 - Preventive measures sometimes fail to deflect malicious attacks. In this paper, we adopt an information warfare perspective, which assumes success by the attacker in achieving partial, but not complete, damage. In particular, we work in the database context and consider recovery from malicious but committed transactions. Traditional recovery mechanisms do not address this problem, except for complete rollbacks, which undo the work of benign transactions as well as malicious ones, and compensating transactions, whose utility depends on application semantics. Recovery is complicated by the presence of benign transactions that depend, directly or indirectly, on the malicious transactions. We present algorithms to restore only the damaged part of the database. We identify the information that needs to be maintained for such algorithms. The initial algorithms repair damage to quiescent databases; subsequent algorithms increase availability by allowing new transactions to execute concurrently with the repair process. Also, via a study of benchmarks, we show practical examples of how offline analysis can efficiently provide the necessary data to repair the damage of malicious transactions.
AB - Preventive measures sometimes fail to deflect malicious attacks. In this paper, we adopt an information warfare perspective, which assumes success by the attacker in achieving partial, but not complete, damage. In particular, we work in the database context and consider recovery from malicious but committed transactions. Traditional recovery mechanisms do not address this problem, except for complete rollbacks, which undo the work of benign transactions as well as malicious ones, and compensating transactions, whose utility depends on application semantics. Recovery is complicated by the presence of benign transactions that depend, directly or indirectly, on the malicious transactions. We present algorithms to restore only the damaged part of the database. We identify the information that needs to be maintained for such algorithms. The initial algorithms repair damage to quiescent databases; subsequent algorithms increase availability by allowing new transactions to execute concurrently with the repair process. Also, via a study of benchmarks, we show practical examples of how offline analysis can efficiently provide the necessary data to repair the damage of malicious transactions.
UR - http://www.scopus.com/inward/record.url?scp=0036709428&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=0036709428&partnerID=8YFLogxK
U2 - 10.1109/TKDE.2002.1033782
DO - 10.1109/TKDE.2002.1033782
M3 - Article
AN - SCOPUS:0036709428
VL - 14
SP - 1167
EP - 1185
JO - IEEE Transactions on Knowledge and Data Engineering
JF - IEEE Transactions on Knowledge and Data Engineering
SN - 1041-4347
IS - 5
ER -