Abstract
Authentication based access control and integrity constraints are the major approaches applied in commercial database systems to guarantee information and data integrity. However, due to operational mistakes, malicious intent of insiders or identity fraud exploited by outsiders, data secured in a database can still be corrupted. Once attacked, database systems using current survivability technologies cannot continue providing satisfactory services according to differentiated information assurance requirements. In this paper, we present the innovative idea of a database firewall, which can not only serve differentiated information assurance requirements in the face of attacks, but also guarantee the availability and the integrity of data objects based on user requirements. Our approach provides a new strategy of integrity-aware data access based on an on-the-fly iterative estimation of the integrity level of data objects. Accordingly, a policy of transaction filtering will be dynamically enforced to significantly slow down damage propagation with minimum availability loss.
This work was supported by NSF CCR-0233324, NSF ANI-0335241, and Department of Energy Early Career PI Award.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Smith, S., Palmer, E., Weingart, S.: Using a high-performance, programmable secure coprocessor. In: Proc. International Conference on Financial Cryptography, Anguilla, British West Indies (1998)
Necula, G.C.: Proof-carrying code. In: Proc. 24th ACM Symposium on Principles of Programming Languages (1997)
Shao, Z., Saha, B., Trifonov, V.: A type system for certified binaries. In: Proc. 29th ACM Symposium on Principles of Programming Languages (2002)
Barbara, D., Goel, R., Jajodia, S.: Using checksums to detect data corruption. In: Proceedings of the 2000 International Conference on Extending Data Base Technology (March 2000)
McDermott, J., Goldschlag, D.: Towards a model of storage jamming. In: Proceedings of the IEEE Computer Security Foundations Workshop, Kenmare, Ireland, June 1996, pp. 176–185 (1996)
Liu, P.: Architectures for intrusion tolerant database systems. In: ACSAC 2002, pp. 311–320 (2002)
Grefen, P.W.P.J., Apers, P.M.G.: Integrity control in relational database systems: an overview. Data Knowl. Eng. 10(2), 187–223 (1993)
Javitz, H.S., Valdes, A.: The sri ides statistical anomaly detector. In: Proceedings IEEE Computer Society Symposium on Security and Privacy, Oakland, CA (May 1991)
Garvey, T., Lunt, T.: Model-based intrusion detection. In: Proceedings of the 14th National Computer Security Conference, Baltimore, MD (October 1991)
Ilgun, K., Kemmerer, R., Porras, P.: State transition analysis: A rule-based intrusion detection approach. IEEE Transactions on Software Engineering 21(3), 181–199 (1995)
Ammann, P., Jajodia, S., Liu, P.: Recovery from malicious transactions. IEEE Transactions on Knowledge and Data Engineering 15(5), 1167–1185 (2002)
Liu, P., Jajodia, S.: Multi-phase damage confinement in database systems for intrusion tolerance. In: Proc. 14th IEEE Computer Security Foundations Workshop, Nova Scotia, Canada (June 2001)
Zhang, J., Liu, P.: Delivering services with integrity guarantees in survivable database systems. In: IFIP WG 11.3 16th International Conference on Data and Applications Security, Cambridge, UK, July 28-31, vol. 256
Bernstein, P.A., Hadzilacos, V., Goodman, N.: Concurrency Control and Recovery in Database Systems. Addison-Wesley, Reading (1987)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 IFIP International Federation for Information Processing
About this paper
Cite this paper
Bai, K., Wang, H., Liu, P. (2005). Towards Database Firewalls. In: Jajodia, S., Wijesekera, D. (eds) Data and Applications Security XIX. DBSec 2005. Lecture Notes in Computer Science, vol 3654. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11535706_14
Download citation
DOI: https://doi.org/10.1007/11535706_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28138-2
Online ISBN: 978-3-540-31937-5
eBook Packages: Computer ScienceComputer Science (R0)