| With the rapid development of information technology, the security situation of informationsystem has become more complicated and diversified. As the core component of information system,database has always been the attack target. In order to adapt to the requirements of moderninformation processing, to ensure information security of national defense, government departments,financial industry and other important fields, database security becomes crucial because of itsresponsibility of the storage and management of key data as well as data sharing. However, traditionalprevention and protection centric database security mechanisms put emphases on data confidentiality,but cannot prevent the damage spreading to broader areas or ensure the data accuracy, integrity andavailability when intrusions occur. Intrusion tolerance database technology is a rising technology ofdatabase security, which aims at improving the survivability of the database systems faced withmalicious attacks, so as to enable the database systems to provide continuous data service andguarantee data availability. Based on the existing intrusion tolerance database techniques, this paperwill focus on damage isolation and query processing mechanisms of database under the premise ofmalicious attacks. The main contributions of this paper are summarized as follows:Firstly, we introduce and analyze the related research on the intrusion tolerance databasetechnologies, including intrusion detection technology, database isolation technology and databaserepair technology, then point out the existing problems and shortcomings of these existing methods.Secondly, to address the problems of valid updates lost, damaged data leakage and databaseavailability reduce in the existing suspicious user isolation techniques, we propose a suspicious userisolation model based on MSDM. First of all, multi-states data model, multi-states data accessprotocol and multi-states data fusion repair protocol are given to introduce the suspicious userisolation model. Then, on the basis of these protocols, a user access operation execution algorithm isgiven to prevent the potential damaged data leakage by accessing suspicious data and to improvedatabase availability by offering different data view for users to access. In addition, a multi-states dataobject fusion repair algorithm is also given to prevent the valid updates lost when the identity ofsuspicious user is proved.Thirdly, since the existing query processing method directly aborted queries if they have anydamaged data as their query results, the data availability of databases may be decreased. We present adamage-tolerant data query degraded service(DT-DQDS), which aims at providing degraded query service to users under damage data existing circumstance. The model of degraded service is given,which includs the definitions of data model and data integrity concept. Then, according to DT-DQDSmodel, data query mechanism and a concrete query algorithm are provided, which validates themechanism theoretically. In addition, query execution success rate is defined as a metric to describedatabase availability. In comparison with traditional damage isolation based query methods,DT-DQDS can apparently promote the query execution efficiency.Finally, MSDM based suspicious user isolation modular, which has the ability of quarantiningsuspicious user and repairing suspicious data is designed and implemented in the secure databaseprototype NHSecure. In addition, design for relevant data structure and specific implementation stepsof DT-DQDS are also illustrated. |
PDF Full Text Request