TY - JOUR
T1 - Real-time data attack isolation for commercial database applications
AU - Liu, Peng
AU - Wang, Hai
AU - Li, Lunquan
N1 - Funding Information:
This work was supported by DARPA F30602-00-2-0575, NSF ANI-0335241, NSF CCR-0233324, and Department of Energy Early Career PI Award.
PY - 2006/11
Y1 - 2006/11
N2 - Traditional database security mechanisms are very limited in defending against data attacks. Authorized but malicious transactions can make a database useless by impairing its integrity and availability. This paper presents the design of a real-time data attack isolation system, denoted DAIS. DAIS isolates likely suspicious actions before a definite determination of intrusion is reported. In this way, the database can be immunized from many malicious transactions. DAIS is a COTS-DBMS-specific implementation of a general isolation algorithm that we developed [Liu P, Jajodia S, McCollum CD. Intrusion confinement by isolation in information systems. Journal of Computer Security, 2000;8(4):243-79]. In this paper, the design of the first DAIS prototype, which is for Oracle Server 9.2, is discussed. DAIS uses triggers and transaction profiles to keep track of the items read and written by transactions, isolates attacks by rewriting user SQL statements, and is transparent to end users. The DAIS design is very general. In addition to Oracle, it can be easily adapted to support many other database application platforms such as Microsoft SQL Server, Sybase, and Informix.
AB - Traditional database security mechanisms are very limited in defending against data attacks. Authorized but malicious transactions can make a database useless by impairing its integrity and availability. This paper presents the design of a real-time data attack isolation system, denoted DAIS. DAIS isolates likely suspicious actions before a definite determination of intrusion is reported. In this way, the database can be immunized from many malicious transactions. DAIS is a COTS-DBMS-specific implementation of a general isolation algorithm that we developed [Liu P, Jajodia S, McCollum CD. Intrusion confinement by isolation in information systems. Journal of Computer Security, 2000;8(4):243-79]. In this paper, the design of the first DAIS prototype, which is for Oracle Server 9.2, is discussed. DAIS uses triggers and transaction profiles to keep track of the items read and written by transactions, isolates attacks by rewriting user SQL statements, and is transparent to end users. The DAIS design is very general. In addition to Oracle, it can be easily adapted to support many other database application platforms such as Microsoft SQL Server, Sybase, and Informix.
UR - http://www.scopus.com/inward/record.url?scp=33646195637&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33646195637&partnerID=8YFLogxK
U2 - 10.1016/j.jnca.2005.03.001
DO - 10.1016/j.jnca.2005.03.001
M3 - Article
AN - SCOPUS:33646195637
SN - 1084-8045
VL - 29
SP - 294
EP - 320
JO - Journal of Network and Computer Applications
JF - Journal of Network and Computer Applications
IS - 4
ER -