Abstract
In this paper we describe the stochastic behavior of an intrusion tolerant database (ITDB) system and quantitatively evaluate its security measures. More specifically, we develop a semi-Markov model and derive three security measures; system availability, system integrity and rewarding availability. By introducing an additional control parameter called the switching time, we develop secure control schemes of the ITDB, which maximize the respective security measures, and show numerically that the security measures can be improved by controlling the switching time.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aung, K.M.M.: The optimum time to perform software rejuvenation for survivability. In: Proceedings of 7th IASTED International Conference on Software Engineering, pp. 292–296. ACTA Press (2004)
Aung, K.M.M., Park, K., Park, J.S.: A survivability model for cluster system. In: Hobbs, M., Goscinski, A.M., Zhou, W. (eds.) ICA3PP 2005. LNCS, vol. 3719, pp. 73–82. Springer, Heidelberg (2005)
Deswarte, Y., Blain, L., Fabre, J.C.: Intrusion tolerance in distributed computing systems. In: Proceedings of 1991 IEEE Symposium on Research in Security and Privacy, pp. 110–121. IEEE CS Press, Los Alamitos (1991)
Ellison, R., Linger, R., Longstaff, T., Mead, M.: Survivability network system analysis: a case study. IEEE Software 16(4), 70–77 (1999)
Guputa, V., Lam, V., Ramasamy, H.V., Sanders, W.H., Singh, S.: Dependability and performance evaluation of intrusion-tolerant server architectures. In: de Lemos, R., Weber, T.S., Camargo Jr., J.B. (eds.) LADC 2003. LNCS, vol. 2847, pp. 81–101. Springer, Heidelberg (2003)
Imaizumi, M., Kimura, M., Yasui, K.: Reliability analysis of a network server system with illegal access. In: Yun, W.Y., Dohi, T. (eds.) Advanced Reliability Modeling II, pp. 40–47. World Scientific, Singapore (2006)
Jha, S., Wing, J., Linger, R., Longstaff, T.: Survivability analysis of network specifications. In: Proceedings of 30th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2000, pp. 613–622. IEEE CS Press, Los Alamitos (2000)
Jha, S., Wing, J.M.: Survivability analysis of network systems. In: Proceedings of the 23rd International Conference on Software Engineering, ICSE-2001, pp. 307–317. IEEE CS Press, Los Alamitos (2001)
Jindal, V., Dharmaraja, S., Trivedi, K.S.: Analytical survivability model for fault tolerant cellular networks supporting multiple services. In: Proceedings of International Symposium on Performance Evaluation of Computer and Telecommunication Systems, SPECTS 2006, pp. 505–512. IEEE Press, Los Alamitos (2006)
Jonsson, E., Olovsson, T.: A quantitative model of the security intrusion process based on attacker behavior. IEEE Transactions on Software Engineering 23(4), 235–245 (1997)
Littlewood, B., Brocklehurst, S., Fenton, N., Mellor, P., Page, S., Wright, D., Doboson, J., McDermid, J., Gollmann, D.: Towards operational measures of computer security. Journal of Computer Security 2(2/3), 211–229 (1993)
Liu, P.: Architectures for intrusion tolerant database systems. In: Proceedings of 18th Annual Computer Security Applications Conference, ACSAC 2002, pp. 311–320. IEEE CS Press, Los Alamitos (2002)
Liu, P., Jing, J., Luenam, P., Wang, Y., Li, L., Ingsriswang, S.: The design and implementation of a self-healing database system. Journal of Intelligent Information Systems 23(3), 247–269 (2004)
Liu, Y., Mendiratta, V.B., Trivedi, K.: Survivability analysis of telephone access network. In: Proceedings of 15th International Symposium on Software Reliability Engineering (ISSRE 2004), pp. 367–377. IEEE CS Press, Los Alamitos (2004)
Madan, B.B., Goseva-Popstojanova, K., Vaidyanathan, K., Trivedi, K.S.: Modeling and quantification of security attributes of software systems. In: Proceedings of 32nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2002), pp. 505–514. IEEE CS Press, Los Alamitos (2002)
Madan, B.B., Goseva-Popstojanova, K., Vaidyanathan, K., Trivedi, K.S.: A method for modeling and quantifying the security attributes of intrusion tolerant systems. Performance Evaluation 56(1/4), 167–186 (2004)
Nikol, D.M., Sanders, W.H., Trivedi, K.S.: Model-based evaluation: from dependability to security. IEEE Transactions on Dependability and Secure Computing 1(1), 48–65 (2004)
Ortalo, R., Deswarte, Y., Kaaniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Transactions on Software Engineering 25(5), 633–650 (1999)
Park, J.S., Aung, K.M.M.: Transient time analysis of network security survivability using DEVS. In: Kim, T.G. (ed.) AIS 2004. LNCS (LNAI), vol. 3397, pp. 607–616. Springer, Heidelberg (2005)
Paul, K., Choudhuri, R.R., Bandyopadhyay, S.: Survivability analysis of ad hoc wireless network architecture mobile and wireless communications networks. In: Omidyar, C.G. (ed.) MWCN 2000 and NETWORKING-WS 2000. LNCS, vol. 1818, pp. 31–46. Springer, Heidelberg (2000)
Qu, Y., Lin, C., Li, Y., Shan, Z.: Survivability analysis of grid resource management system topology. In: Zhuge, H., Fox, G.C. (eds.) GCC 2005. LNCS, vol. 3795, pp. 738–743. Springer, Heidelberg (2005)
Singh, S., Cukier, M., Sanders, W.H.: Probabilistic validation of an intrusion tolerant replication system. In: Proceedings of 33rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2003), pp. 615–624. IEEE CS Press, Los Alamitos (2003)
Stevens, F., Courtney, T., Singh, S., Agbaria, A., Meyer, J.F., Sanders, W.H., Pal, P.: Model-based validation of an intrusion-tolerant information system. In: Proceedings of 23rd IEEE Reliable Distributed Systems Symposium (SRDS 2004), pp. 184–194. IEEE CS Press, Los Alamitos (2004)
Stroud, R., Welch, I., Warne, J., Ryan, P.: A qualitative analysis of the intrusion-tolerant capabilities of the MAFTIA architecture. In: Proceedings of 34th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2004), pp. 453–461. IEEE CS Press, Los Alamitos (2004)
Uemura, T., Dohi, T.: Quantitative evaluation of intrusion tolerant systems subject to DoS attacks via semi-Markov cost models. In: Denko, M.K., Shih, C.-s., Li, K.-C., Tsao, S.-L., Zeng, Q.-A., Park, S.H., Ko, Y.-B., Hung, S.-H., Park, J.H. (eds.) EUC-WS 2007. LNCS, vol. 4809, pp. 31–42. Springer, Heidelberg (2007)
Verissimo, P.E., Neves, N.F., Correia, M.: Intrusion-tolerant architectures: concepts and design. In: de Lemos, R., Gacek, C., Romanovsky, A. (eds.) Architecting Dependable Systems. LNCS, vol. 2677, pp. 3–36. Springer, Heidelberg (2003)
Verissimo, P.E., Neves, N.F., Cachin, C., Poritz, J., Powell, D., Deswarte, Y., Stroud, R., Welch, I.: Intrusion-tolerant middleware. IEEE Security and Privacy 4(4), 54–62 (2006)
Wang, H., Liu, P.: Modeling and evaluating the survivability of an intrusion tolerant database system. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 207–224. Springer, Heidelberg (2006)
Yu, M., Liu, P., Zang, W.: Self-healing workflow systems under attacks. In: Proceedings of 24th International Conference on Distributed Computing Systems (ICDCS 2004), pp. 418–425. IEEE CS Press, Los Alamitos (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Uemura, T., Dohi, T. (2008). Optimizing Security Measures in an Intrusion Tolerant Database System. In: Nanya, T., Maruyama, F., Pataricza, A., Malek, M. (eds) Service Availability. ISAS 2008. Lecture Notes in Computer Science, vol 5017. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68129-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-68129-8_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68128-1
Online ISBN: 978-3-540-68129-8
eBook Packages: Computer ScienceComputer Science (R0)