• DocumentCode
    2359728
  • Title

    DAIS: a real-time data attack isolation system for commercial database applications

  • Author

    Liu, Peng

  • Author_Institution
    Dept. of Inf. Syst., Maryland Univ., Baltimore, MD, USA
  • fYear
    2001
  • fDate
    10-14 Dec. 2001
  • Firstpage
    219
  • Lastpage
    229
  • Abstract
    Traditional database security mechanisms are very limited in defending successful data attacks. Authorized but malicious transactions can make a database useless by impairing its integrity and availability. The paper presents the design of a real-time data attack isolation system, denoted DAIS. DAIS isolates likely suspicious actions before a definite determination of intrusion is reported. In this way, the database can be immunized from many malicious transactions. DAIS is a COTS-DBMS-specific implementation of a general isolation algorithm that was developed previously (P. Liu et al., 2000). The design of the first DAIS prototype, which is for Oracle Server 8.1.6, is discussed. DAIS uses triggers and transaction profiles to keep track of the items read and written by transactions, isolates attacks by rewriting user SQL statements, and is transparent to end users. The DAIS design is very general. In addition to Oracle, it can be easily adapted to support many other database application platforms such as Microsoft SQL Server, Sybase, and Informix.
  • Keywords
    SQL; authorisation; data integrity; database management systems; fault tolerant computing; real-time systems; transaction processing; COTS-DBMS-specific implementation; DAIS; Informix; Microsoft SQL Server; Oracle; Oracle Server; Sybase; authorized malicious transactions; commercial database applications; data attacks; database application platforms; database security mechanisms; end user transparency; first DAIS prototype; general isolation algorithm; integrity; intrusion tolerance; likely suspicious actions; malicious transactions; real-time data attack isolation system; transaction profiles; user SQL statements; Data security; Database systems; Face detection; Information security; Information systems; Intrusion detection; Protection; Prototypes; Real time systems; Transaction databases;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual
  • Print_ISBN
    0-7695-1405-7
  • Type

    conf

  • DOI
    10.1109/ACSAC.2001.991538
  • Filename
    991538