Efficient Damage Assessment and Repair in Resilient Distributed Database Systems

Abstract

Preventive measures sometimes fail to defect malidous attacks. With cyber attacks on data-intensive applications becoming an ever more serious threat, intrusion tolerant database systems are a significant concem. The main objective of intrusion tolerant database systems is to detect attacks, and to assess and repair the damage caused by the attacks in a timely manner such that the database will not be damaged to such a degree that is unacceptable or useless. This paper focuses on effident damage assessment and repair in resilient distributed database systems. The complexity of distributed database systems caused by data partition, distributed transaction processing, and failures makes damage assessment and repair much more challenging than in centralized database systems. This paper identifies the key challenges and presents an effident algorithm for distributed damage assessment and repair. 1. INTRODUCTION Recently, people have seen more and more successful attacks on data-intensive applications, especially web-based e-business and e-government applications. Expanding cyber attacks pressure database management systems to not only prevent unauthorized access, but also tolerate intrusions. However, traditional database security techniques such as authorization [8, 9], inference control [1], multilevel secure databases [19], and multilevel secure transaction processing [4], are very limited to handle successful attacks, or intrusions. This indicates that intrusion tolerant database systems that can detect intrusions, isolate attacks, contain, assess, and repair the damage caused by intrusions can become a significant concern. The focus of this paper is on a critical aspect of intrusion tolerant database systems, namely, damage assessment and repair. The primary goal of the attacks on a database, in most cases, is to damage the data stored in the database (in an undetectable way) and use the damaged data to mislead people to make wrong decisions. Compared with the attack of completely shutting down a database system, damaging a set of data items (or objects) can be much more dangerous,