research-article

Free access

A data damage tracking quarantine and recovery (DTQR) scheme for mission-critical database systems

Authors:

Peng LiuAuthors Info & Claims

EDBT '09: Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology

Pages 720 - 731

https://doi.org/10.1145/1516360.1516443

Published: 24 March 2009 Publication History

Abstract

Database security research aims to protect a database from unintended activities, such as authenticated misuse, malicious attacks. In recent years, surviving DBMS from an attack is becoming even more crucial because networks have become more open and the increasingly critical role that database servers are playing nowadays. Unlike the traditional database failure/attack recovery mechanisms, in this paper, we propose a light-weight dynamic Data Damage Tracking, Quarantine, and Recovery (DTQR) solution. We built the DTQR scheme into the kernel of PostgreSQL. We comprehensively study this approach from a few aspects (e.g., system overhead, impact of the intrusion detection system), and the experimental results demonstrated that our DTQR can sustain an excellent data service while healing the database server when it is under a malicious attack.

References

[1]

P. Ammann, S. Jajodia, and P. Liu. Recovery from malicious transactions. IEEE Transaction on Knowledge and Data Engineering, 14(5):1167--1185, 2002.

Digital Library

[2]

P. Ammann, S. Jajodia, C. McCollum, and B. Blaustein. Surviving information warfare attacks on databases. In the IEEE Symposium on Security and Privacy, pages 164--174, Oakland, CA, May 1997.

Digital Library

[3]

K. Bai and P. Liu. Towards database firewall: Mining the damage spreading patterns. In 22^nd Annual Computer Security Applications Conference (ACSAC 2006), pages 449--462, 2006.

Digital Library

[4]

D. Barbara, R. Goel, and S. Jajodia. Using checksums to detect data corruption. In Int'l Conf. on Extending Data Base Technology, Mar 2000.

Digital Library

[5]

P. A. Bernstein, V. Hadzilacos, and N. Goodman. Concurrency control and recovery in database systems. Addison-Wesley Publishing Company, Reading, Massachusetts, 1987. ISBN 0-201-10715-5.

Digital Library

[6]

E. Bertino, A. Kamra, E. Terzi, and A. Vakali. Intrusion detection in rbac-administered databases. In ACSAC, 2005.

Digital Library

[7]

CERT. Cert advisory ca-2003-04 ms-sql server worm. http://www.cert.org/advisories/CA-2003-04.html, January, 25 2003.

[8]

T. Chiueh and D. Pilania. Design, implementation, and evaluation of an intrusion resilient database system. In Proc. International Conference on Data Engineering, pages 1024--1035, April 2005.

Digital Library

[9]

P. Fogla and W. Lee. Evading network anomaly detection systems: formal reasoning and practical techniques. In CCS '06: Proceedings of the 13th ACM conference on Computer and communications security, pages 59--68. ACM Press, New York, NY, USA, 2006.

Digital Library

[10]

http://www.tpc.org/tpcc/. TPC-C Benchmark.

[11]

S. Y. Lee, W. L. Low, and P. Y. Wong. Learning fingerprints for a database intrusion detection system. In ESORICS, 2002.

Digital Library

[12]

J.-L. Lin and M. H. Dunham. A survey of distributed database checkpointing. Distributed and Parallel Databases, 5(3):289--319, 1997.

Digital Library

[13]

P. Liu. Architectures for intrusion tolerant database systems. In The 18th Annual Computer Security Applications Conference, pages 311--320, 9--13 Dec. 2002.

Digital Library

[14]

P. Liu, P. Ammann, and S. Jajodia. Rewriting histories: Recovery from malicious transactions. Distributed and Parallel Databases, 8(1):7--40, 2000.

Digital Library

[15]

D. Lomet, Z. Vagena, and R. Barga. Recovery from "bad" user transactions. In SIGMOD '06: Proceedings of the 2006 ACM SIGMOD international conference on Management of data, pages 337--346, New York, NY, USA, 2006. ACM Press.

Digital Library

[16]

J. McDermott and D. Goldschlag. Towards a model of storage jamming. In the IEEE Computer Security Foundations Workshop, pages 176--185, Kenmare, Ireland, June 1996.

Digital Library

[17]

C. Mohan, D. Haderle, B. Lindsay, H. Pirahesh, and P. Schwarz. Aries: a transaction recovery method supporting fine-granularity locking and partial rollbacks using write-ahead logging. ACM Trans. Database Syst., 17(1):94--162, 1992.

Digital Library

[18]

OWASP. Owasp top ten most critical web application security vulnerabilities. http://www.owasp.org/documentation/topten.html, January, 27 2004.

[19]

B. Panda and J. Giordano. Reconstructing the database after electronic attacks. In the 12th IFIP 11.3 Working Conference on Database Security, Greece, Italy, July 1998.

Digital Library

[20]

R. Perdisci, G. Gu, and W. Lee. Using an ensemble of one-class svm classifiers to harden payload-based anomaly detection systems. In ICDM, pages 488--498, 2006.

Digital Library

[21]

Postgresql. http://www.postgresql.org/.

[22]

R. Sobhan and B. Panda. Reorganization of the database log for information warfare data recovery. In Proceedings of the fifteenth annual working conference on Database and application security, pages 121--134, Niagara, Ontario, Canada, July 15--18 2001.

Digital Library

[23]

F. Valeur, D. Mutz, and G. Vigna. A learning-based approach to the detection of sql attacks. In Conference on Detection of Intrusions and Malware Vulnerability Assessment (DIMVA), pages 123--140, 2005.

Digital Library

Cited By

Kaddoura SHaraty RAl Kontar KAlfandi O(2021)A Parallelized Database Damage Assessment Approach after Cyberattack for Healthcare SystemsFuture Internet10.3390/fi1304009013:4(90)Online publication date: 31-Mar-2021
https://doi.org/10.3390/fi13040090
Haraty RBoukhari BKaddoura S(2021)An Effective Hash-Based Assessment and Recovery Algorithm for Healthcare SystemsArabian Journal for Science and Engineering10.1007/s13369-021-06009-4Online publication date: 27-Jul-2021
https://doi.org/10.1007/s13369-021-06009-4
Haraty RSaba R(2020)Information reconciliation through an agent-controlled graph modelSoft Computing10.1007/s00500-020-04779-xOnline publication date: 6-Mar-2020
https://doi.org/10.1007/s00500-020-04779-x
Show More Cited By

Recommendations

A light weighted damage tracking quarantine and recovery scheme for mission-critical database systems
CIKM '08: Proceedings of the 17th ACM conference on Information and knowledge management

As online applications gain popularity in today's E-Business world, surviving DBMS from an attack is becoming crucial because of the increasingly critical role that database servers are playing. Although a number of research projects have been done to ...
CPU runtime optimization in data damage tracking quarantine and recovery (DTQR) scheme based on customized ANN

Database Management Systems (DBMS) are regularly used to store and process touchy endeavour information. In any case, it is beyond the realm of imagination to expect to verify the information by depending on the entrance control and security instruments ...
Damage assessment and repair in attack resilient distributed database systems

Preventive measures sometimes fail to defect malicious attacks. With attacks on data-intensive applications becoming an ever more serious threat, intrusion tolerant database systems are a significant concern. The main objective of such systems is to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

EDBT '09: Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology

March 2009

1180 pages

ISBN:9781605584225

DOI:10.1145/1516360

Editors:
Martin Kersten
CWI, The Netherlands
,
Boris Novikov
University of Saint Petersburg, Russia
,
Jens Teubner
ETH Zurich, Switzerland
,
Vladimir Polutin
HP Labs, Russia
,
Stefan Manegold
CWI, The Netherlands

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 March 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

Conference

EDBT/ICDT '09

EDBT/ICDT '09: EDBT/ICDT '09 joint conference

March 24 - 26, 2009

Saint Petersburg, Russia

Acceptance Rates

Overall Acceptance Rate 7 of 10 submissions, 70%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
639
Total Downloads

Downloads (Last 12 months)97
Downloads (Last 6 weeks)21

Reflects downloads up to 25 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kaddoura SHaraty RAl Kontar KAlfandi O(2021)A Parallelized Database Damage Assessment Approach after Cyberattack for Healthcare SystemsFuture Internet10.3390/fi1304009013:4(90)Online publication date: 31-Mar-2021
https://doi.org/10.3390/fi13040090
Haraty RBoukhari BKaddoura S(2021)An Effective Hash-Based Assessment and Recovery Algorithm for Healthcare SystemsArabian Journal for Science and Engineering10.1007/s13369-021-06009-4Online publication date: 27-Jul-2021
https://doi.org/10.1007/s13369-021-06009-4
Haraty RSaba R(2020)Information reconciliation through an agent-controlled graph modelSoft Computing10.1007/s00500-020-04779-xOnline publication date: 6-Mar-2020
https://doi.org/10.1007/s00500-020-04779-x
Haraty RSai M(2017)Information warfareKnowledge and Information Systems10.1007/s10115-016-0940-150:1(287-313)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1007/s10115-016-0940-1
Fabbri DLeFevre KZhu Q(2010)PolicyReplayProceedings of the VLDB Endowment10.14778/1920841.19208513:1-2(36-47)Online publication date: 1-Sep-2010
https://dl.acm.org/doi/10.14778/1920841.1920851
Zhu HFu GFeng YLü K(2010)Dynamic damage recovery for web databasesJournal of Computer Science and Technology10.1007/s11390-010-9344-y25:3(548-561)Online publication date: 1-May-2010
https://dl.acm.org/doi/10.1007/s11390-010-9344-y
Liu PJia XZhang SXiong XJhi YBai KLi J(2009)Cross-Layer Damage Assessment for Cyber Situational AwarenessCyber Situational Awareness10.1007/978-1-4419-0140-8_8(155-176)Online publication date: 30-Sep-2009
https://doi.org/10.1007/978-1-4419-0140-8_8

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten