TY - GEN
T1 - Database isolation and filtering against data corruption attacks
AU - Yu, Meng
AU - Zang, Wanyu
AU - Liu, Peng
PY - 2007
Y1 - 2007
N2 - Various attacks (e.g., SQL injections) may corrupt data items in the database systems, which decreases the integrity level of the database. Intrusion detections systems are becoming more and more sophisticated to detect such attacks. However, more advanced detection techniques require more complicated analyses, e.g, sequential analysis, which incurs detection latency. If we have an intrusion detection system as a filter for all system inputs, we will introduce a uniform processing latency to all transactions of the database system. In this paper, we propose to use a "unsafe zone" to isolate user's SQL queries from a "safe zone" of the database. In the unsafe zone, we use polyinstantiations and flags for the records to provide an immediate but different view from that of the safe zone to the user. Such isolation has negligible processing latency from the user's view, while it can significantly improve the integrity level of the whole database system and reduce the recovery costs. Our techniques provide different integrity levels within different zones. Both our analytical and experimental results confirm the effectiveness of our isolation techniques against data corruption attacks to the databases. Our techniques can be applied to database systems to provide multizone isolations with different levels of QoS.
AB - Various attacks (e.g., SQL injections) may corrupt data items in the database systems, which decreases the integrity level of the database. Intrusion detections systems are becoming more and more sophisticated to detect such attacks. However, more advanced detection techniques require more complicated analyses, e.g, sequential analysis, which incurs detection latency. If we have an intrusion detection system as a filter for all system inputs, we will introduce a uniform processing latency to all transactions of the database system. In this paper, we propose to use a "unsafe zone" to isolate user's SQL queries from a "safe zone" of the database. In the unsafe zone, we use polyinstantiations and flags for the records to provide an immediate but different view from that of the safe zone to the user. Such isolation has negligible processing latency from the user's view, while it can significantly improve the integrity level of the whole database system and reduce the recovery costs. Our techniques provide different integrity levels within different zones. Both our analytical and experimental results confirm the effectiveness of our isolation techniques against data corruption attacks to the databases. Our techniques can be applied to database systems to provide multizone isolations with different levels of QoS.
UR - http://www.scopus.com/inward/record.url?scp=48649092946&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=48649092946&partnerID=8YFLogxK
U2 - 10.1109/ACSAC.2007.18
DO - 10.1109/ACSAC.2007.18
M3 - Conference contribution
AN - SCOPUS:48649092946
SN - 0769530605
SN - 9780769530604
T3 - Proceedings - Annual Computer Security Applications Conference, ACSAC
SP - 97
EP - 106
BT - Proceedings - 23rd Annual Computer Security Applications Conference, ACSAC 2007
T2 - 23rd Annual Computer Security Applications Conference, ACSAC 2007
Y2 - 10 December 2007 through 14 December 2007
ER -