TY - GEN
T1 - Application-level isolation to cope with malicious database users
AU - Jajodia, Sushil
AU - Liu, Peng
AU - McCollum, Catherine D.
N1 - Publisher Copyright:
© 1998 IEEE.
PY - 1998
Y1 - 1998
N2 - System protection mechanisms such as access controls can be fooled by authorized but malicious users, masqueraders, and misfeasors. Intrusion detection techniques are therefore used to supplement them. The capacity of these techniques, however is limited: innocent users may be mistaken for malicious ones while malicious users stay at large. Isolation is a method that has been applied to protect systems from damage while investigating further. This paper proposes the use of isolation at an application level to gain its benefits while minimizing loss of resources and productive work in the case of incidents later deemed innocent. We describe our scheme in the database context. It isolates the database transparently from further damage by users suspected to be malicious, while still maintaining continued availability for their transactions. Isolation is complicated by the inconsistencies that may develop between isolated database versions. We present both static and dynamic approaches to identify and resolve conflicts. Finally, we give several examples of applications in which the isolation scheme should be worthwhile and be able to achieve good performance.
AB - System protection mechanisms such as access controls can be fooled by authorized but malicious users, masqueraders, and misfeasors. Intrusion detection techniques are therefore used to supplement them. The capacity of these techniques, however is limited: innocent users may be mistaken for malicious ones while malicious users stay at large. Isolation is a method that has been applied to protect systems from damage while investigating further. This paper proposes the use of isolation at an application level to gain its benefits while minimizing loss of resources and productive work in the case of incidents later deemed innocent. We describe our scheme in the database context. It isolates the database transparently from further damage by users suspected to be malicious, while still maintaining continued availability for their transactions. Isolation is complicated by the inconsistencies that may develop between isolated database versions. We present both static and dynamic approaches to identify and resolve conflicts. Finally, we give several examples of applications in which the isolation scheme should be worthwhile and be able to achieve good performance.
UR - http://www.scopus.com/inward/record.url?scp=84944777782&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84944777782&partnerID=8YFLogxK
U2 - 10.1109/CSAC.1998.738580
DO - 10.1109/CSAC.1998.738580
M3 - Conference contribution
AN - SCOPUS:84944777782
T3 - Proceedings - Annual Computer Security Applications Conference, ACSAC
SP - 73
EP - 82
BT - Proceedings - 14th Annual Computer Security Applications Conference, ACSAC 1998
PB - Association for Computing Machinery
T2 - 14th Annual Computer Security Applications Conference, ACSAC 1998
Y2 - 7 December 1998 through 11 December 1998
ER -