DAIS: A Real-Time Data Attack Isolation System for Commercial Database Applications

New Orleans, Lousiana December 10-December 14

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ACSAC.2001.991538

17th Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by P. Liu

	ASCII Text	x
	P. Liu, "DAIS: A Real-Time Data Attack Isolation System for Commercial Database Applications," Computer Security Applications Conference, Annual, pp. 0219, 17th Annual Computer Security Applications Conference (ACSAC'01), 2001.

	BibTex	x
	@article{ 10.1109/ACSAC.2001.991538, author = {P. Liu}, title = {DAIS: A Real-Time Data Attack Isolation System for Commercial Database Applications}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2001}, isbn = {0-7695-1405-7}, pages = {0219}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2001.991538}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - DAIS: A Real-Time Data Attack Isolation System for Commercial Database Applications SN - 0-7695-1405-7 SP EP A1 - P. Liu, PY - 2001 KW - Isolation KW - Intrusion Tolerance KW - Database Security VL - 0 JA - Computer Security Applications Conference, Annual ER -

P. Liu, UMBC

Traditional database security mechanisms are very limited in defending successful data attacks. Authorized but malicious transactions can make a database useless by impairing its integrity and availability. This paper presents the design of a real-time data attack isolation system, denoted DAIS. DAIS isolates likely suspicious actions before a definite determination of intrusion is reported. In this way, the database can be immunized from many malicious transactions. DAIS is a COTS-DBMS-specific implementation of a general isolation algorithm that we developed in [19]. In this paper, the design of the first DAIS prototype, which is for Oracle Server 8.1.6, is discussed. DAIS uses triggers and transaction profiles to keep track of the items read and written by transactions, isolates attacks by rewriting user SQL statements, and is transparent to end users. The DAIS design is very general. In addition to Oracle, it can be easily adapted to support many other database application platforms such as Microsoft SQL Server, Sybase, and Informix.

Index Terms:

Isolation, Intrusion Tolerance, Database Security

Citation:

P. Liu, "DAIS: A Real-Time Data Attack Isolation System for Commercial Database Applications," acsac, pp.0219, 17th Annual Computer Security Applications Conference (ACSAC'01), 2001

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.