TY - GEN
T1 - DAIS
T2 - 17th Annual Computer Security Applications Conference, ACSAC 2001
AU - Liu, Peng
N1 - Publisher Copyright:
© 2001 IEEE.
Copyright:
Copyright 2015 Elsevier B.V., All rights reserved.
PY - 2001
Y1 - 2001
N2 - Traditional database security mechanisms are very limited in defending successful data attacks. Authorized but malicious transactions can make a database useless by impairing its integrity and availability. The paper presents the design of a real-time data attack isolation system, denoted DAIS. DAIS isolates likely suspicious actions before a definite determination of intrusion is reported. In this way, the database can be immunized from many malicious transactions. DAIS is a COTS-DBMS-specific implementation of a general isolation algorithm that was developed previously (P. Liu et al., 2000). The design of the first DAIS prototype, which is for Oracle Server 8.1.6, is discussed. DAIS uses triggers and transaction profiles to keep track of the items read and written by transactions, isolates attacks by rewriting user SQL statements, and is transparent to end users. The DAIS design is very general. In addition to Oracle, it can be easily adapted to support many other database application platforms such as Microsoft SQL Server, Sybase, and Informix.
AB - Traditional database security mechanisms are very limited in defending successful data attacks. Authorized but malicious transactions can make a database useless by impairing its integrity and availability. The paper presents the design of a real-time data attack isolation system, denoted DAIS. DAIS isolates likely suspicious actions before a definite determination of intrusion is reported. In this way, the database can be immunized from many malicious transactions. DAIS is a COTS-DBMS-specific implementation of a general isolation algorithm that was developed previously (P. Liu et al., 2000). The design of the first DAIS prototype, which is for Oracle Server 8.1.6, is discussed. DAIS uses triggers and transaction profiles to keep track of the items read and written by transactions, isolates attacks by rewriting user SQL statements, and is transparent to end users. The DAIS design is very general. In addition to Oracle, it can be easily adapted to support many other database application platforms such as Microsoft SQL Server, Sybase, and Informix.
UR - http://www.scopus.com/inward/record.url?scp=82955176200&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=82955176200&partnerID=8YFLogxK
U2 - 10.1109/ACSAC.2001.991538
DO - 10.1109/ACSAC.2001.991538
M3 - Conference contribution
AN - SCOPUS:82955176200
T3 - Proceedings - Annual Computer Security Applications Conference, ACSAC
SP - 219
EP - 229
BT - Proceedings - 17th Annual Computer Security Applications Conference, ACSAC 2001
PB - IEEE Computer Society
Y2 - 10 December 2001 through 14 December 2001
ER -