DARPA ISO Sponsored Research

2000 Project Summary
Engineering a Distributed Intrusion Tolerant Database System Using COTS Components
University of Maryland, Baltimore County

Project Website:  http://www.research.umbc.edu/~pliu/ItDBMS/index.html -- Additional project information provided by the performing organization 
Quad Chart:  Quad Chart - PPT Format
Objective: The objective of this project is to engineer an experimental intrusion tolerant database system using COTS components for the purpose of providing comprehensive, integrated, and cost effective database intrusion tolerant solutions. Some research has been done in database survivability, however, to our knowledge there are no experimental or commercial systems that can provide comprehensive database intrusion tolerance functionalities to end users. Our goal is to fill this hole. The project takes a multi-layered defense strategy and extends it to tolerate database attacks. The focus is to develop a database system that can effectively tolerate intrusions with a reasonable cost by a novel intrusion tolerant transaction processing framework, a set of innovative intrusion tolerance layers, and an adaptation mechanism that can use the services provided by these layers in an optimal way.

This research will result in a database system that can provide end users sustained critical function under attacks. In particular, end users will be provided by the system sustained ability to process transactions and a guaranteed range of degrees of data integrity that they want to get, even when the system is under attacks.

Approach: The proposed work can be divided into six main areas: 

Transaction-Level Intrusion Detection. Substantial technologies have been developed to detect operating system and network intrusions, but very few can be directly used to detect database intrusions, i.e., malicious transactions. This project will show how existing intrusion detection techniques can be adapted to detect malicious transactions. The key challenge is how to capture and exploit transaction semantics.

Intrusion Isolation. Intrusion detectors raise warnings of attacks, but do not provide actual tolerance of intrusions. Although the damage caused by an intrusion can be located and repaired after the intrusion is detected, the latency of intrusion detection and damage assessment can cause substantial damage spreading across the database, thus seriously impair the data integrity. Moreover, mistakes made by intrusion detectors can further impair the data integrity. The objective of isolation is to immunize the database from the possible attacks by suspicious transactions before some of them turn out to be malicious. The idea is setting up a separate environment for allowing suspicious transactions to be executed under surveillance without risking further harm to the system.

Intrusion Masking. Intrusion isolation is too expensive a mechanism to handle every suspicious transaction since only very few suspicious users can be isolated within a separate environment. Intrusion masking can mask the possible attacks by multiple suspicious users using a single environment. This project will show how to use masking to handle not very suspicious users.

Multi-Phase Damage Locating and Confinement Damage confinement prevents damage from spreading by restricting the access to damaged data objects. Traditional damage confinement techniques depend on the outputs of the damage assessment process. Hence the delay of damage assessment can seriously impair the effectiveness of confinement. This project will show how to achieve more effective confinement by a multi-phase damage confinement scheme.

Damage Assessment and Trusted Recovery. Our previous work has developed a family of damage assessment and repair algorithms. This project will implement these algorthms, integrate them into the system, and evaluate their performance.

Self-Stabilization. The effectiveness of a database system in tolerating intrusions can vary dramatically from time to time based on how the system is accessed by legitimate users and attacked by malicious users. However, users typically desire a stabilized degree of data integrity. This requires the system be able to automatically stabilize its data integrity degree in a changing environment. This project will show how such self-stabilization ability can be provided.

Recent FY-00 Accomplishments: This project is newly started in May 23, 2000.

A high level specification of the function, structure, internal processes, and interface (almost) finished for each critical component of the framework.

Steps were taken to initiate implementing the transaction proxy and the proof collection agents.

FY-01 Milestones: Design of the experimental system finished and distributed as a technical report for peer review.

Prototype transaction proxy implemented.

Prototype proof collection agents implemented.

Prototype database intrusion detector implemented.

Technology Transition: Technology can be transferred through the channels indicated below:

- Technical papers published in leading technical meetings and technical reports.

- Release and dissemination of software prototypes in source and binary form.

- Pursue technology transition through major commercial DBMS vendors. The technologies can either be absorbed into their DBMS kernels, or be commercialized as intrusion tolerance wrappers.

- Start a company to commercialize the technologies and provide flexible services to arm customers' database systems with necessary intrusion tolerance facilities.

Principal Investigator: Peng Liu
Department of Information Systems
University of Maryland, Baltimore County
1000 Hilltop Circle
Baltimore, MD 21250
(410) 455-3268
(410) 455-1073 fax

Return to the ITS Project Summary Page  ]