| Database security concerns the confidentiality, integrity, and availability of data stored in a database. Nowadays, a broad span of research has been done to protect the security of a database. Very limited research has been done on how to survive successful database attacks, which can seriously impair the integrity and availability of a database. Sometimes, damage spreads from one transaction to another by read and write operation. Serious damage spread can reduce the availability of a database. So, it is necessary to confine the damage and refuse damage spread. But traditional database damage confinement is one phase, that is, a damaged data item is confined only after it is identified as corrupted, and one-phase damage confinement has a serious problem, that is, during damage assessment serious damage spread can be caused.To solve this problem, we present multi-phase database damage confinement. It means that when intrusion detector detects a malicious transaction, system contains all the objects that may be damaged immediately. And then, system checks whether the object is damaged through several phases. System uncontains the object that is undamaged. System repairs the objects that is damaged to the latest version that is undamaged. Multi-phase damage confinement solves damage spread and guarantees the system's integrity and availability.In this paper, we introduce intrusion tolerance's theory foundation and intrusion tolerance technique in common use. Then, we introduce the multi-intrusion tolerant database system's model. In contrast to one-phase damage confinement, we present the multi-phase damage confinement's technique model. This model presents how to contain a single malicious transaction. We present the data structure, time-stamp-based damage containment, handling damage leakage, exploiting transaction profiles, and stateful damage containment. Before we present how to contain multiple transactions, we present how to contain two malicious transactions at first. There are three cases. We present the strict algorithm for each case. Then, we present the algorithm of containing multiple transactions. At last, we present the prototype of multi-phase database damage confinement system and analyze the feasibility. This model solves damage spread. It is transparent to user. It enforces damage assessment and repair without stopping the execution of normal transactions, so it has more availability. This model designs the uncontaining phase as concurrent thread. In our design, we have thought much of efficiency and avoid repeated analysis. It can contain multiple transactions simultaneously and has more usability. |
PDF Full Text Request