TY - GEN
T1 - Multi-version attack recovery for workflow systems
AU - Yu, Meng
AU - Liu, Peng
AU - Zang, Wanyu
N1 - Publisher Copyright:
© 2003 IEEE.
Copyright:
Copyright 2015 Elsevier B.V., All rights reserved.
PY - 2003
Y1 - 2003
N2 - Workflow systems are popular in daily business processing. Since vulnerabilities cannot be totally removed from a system, recovery from successful attacks is unavoidable. We focus on attacks that inject malicious tasks into workflow management systems. We introduce practical techniques for on-line attack recovery, which include rules for locating damage and rules for execution order. In our system, an independent intrusion detection system reports identified malicious tasks periodically. The recovery system detects all damage caused by the malicious tasks and automatically repairs the damage according to dependency relations. Without multiple versions of data objects, recovery tasks may be corrupted by executing normal tasks when we try to run damage analysis and normal tasks concurrently. We address the problem by introducing multiversion data objects to reduce unnecessary blocking of normal task execution and improve the performance of the whole system. We analyze the integrity level and performance of our system. The analytic results demonstrate guidelines for designing such kinds of systems.
AB - Workflow systems are popular in daily business processing. Since vulnerabilities cannot be totally removed from a system, recovery from successful attacks is unavoidable. We focus on attacks that inject malicious tasks into workflow management systems. We introduce practical techniques for on-line attack recovery, which include rules for locating damage and rules for execution order. In our system, an independent intrusion detection system reports identified malicious tasks periodically. The recovery system detects all damage caused by the malicious tasks and automatically repairs the damage according to dependency relations. Without multiple versions of data objects, recovery tasks may be corrupted by executing normal tasks when we try to run damage analysis and normal tasks concurrently. We address the problem by introducing multiversion data objects to reduce unnecessary blocking of normal task execution and improve the performance of the whole system. We analyze the integrity level and performance of our system. The analytic results demonstrate guidelines for designing such kinds of systems.
UR - http://www.scopus.com/inward/record.url?scp=84944718313&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84944718313&partnerID=8YFLogxK
U2 - 10.1109/CSAC.2003.1254319
DO - 10.1109/CSAC.2003.1254319
M3 - Conference contribution
AN - SCOPUS:84944718313
T3 - Proceedings - Annual Computer Security Applications Conference, ACSAC
SP - 142
EP - 150
BT - Proceedings - 19th Annual Computer Security Applications Conference, ACSAC 2003
PB - IEEE Computer Society
T2 - 19th Annual Computer Security Applications Conference, ACSAC 2003
Y2 - 8 December 2003 through 12 December 2003
ER -