| DARPA ISO
Sponsored Research
2000 Project Summary
|
|
| Project Website: | http://www.research.umbc.edu/~pliu/ItDBMS/index.html -- Additional project information provided by the performing organization |
| Quad Chart: | Quad Chart - PPT Format |
| Objective: | The objective of this project is to
engineer an experimental intrusion tolerant database system
using COTS components for
the purpose of providing comprehensive, integrated, and cost
effective database intrusion tolerant solutions.
Some research has been done in database survivability,
however, to our knowledge there are no experimental
or commercial systems that can provide comprehensive
database intrusion tolerance functionalities to
end users. Our goal is to fill this hole.
The project takes a multi-layered defense
strategy and extends it to tolerate database attacks.
The focus is to develop a database system that
can effectively tolerate intrusions with a reasonable
cost by a novel intrusion tolerant
transaction processing framework,
a set of innovative intrusion tolerance layers,
and an adaptation mechanism
that can use the services provided by these layers
in an optimal way.
This research will result in a database system that can provide end users sustained critical function under attacks. In particular, end users will be provided by the system sustained ability to process transactions and a guaranteed range of degrees of data integrity that they want to get, even when the system is under attacks. |
| Approach: | The proposed work can be divided into
six main areas:
Transaction-Level Intrusion Detection. Substantial technologies have been developed to detect operating system and network intrusions, but very few can be directly used to detect database intrusions, i.e., malicious transactions. This project will show how existing intrusion detection techniques can be adapted to detect malicious transactions. The key challenge is how to capture and exploit transaction semantics. Intrusion Isolation. Intrusion detectors raise warnings of attacks, but do not provide actual tolerance of intrusions. Although the damage caused by an intrusion can be located and repaired after the intrusion is detected, the latency of intrusion detection and damage assessment can cause substantial damage spreading across the database, thus seriously impair the data integrity. Moreover, mistakes made by intrusion detectors can further impair the data integrity. The objective of isolation is to immunize the database from the possible attacks by suspicious transactions before some of them turn out to be malicious. The idea is setting up a separate environment for allowing suspicious transactions to be executed under surveillance without risking further harm to the system. Intrusion Masking. Intrusion isolation is too expensive a mechanism to handle every suspicious transaction since only very few suspicious users can be isolated within a separate environment. Intrusion masking can mask the possible attacks by multiple suspicious users using a single environment. This project will show how to use masking to handle not very suspicious users. Multi-Phase Damage Locating and Confinement Damage confinement prevents damage from spreading by restricting the access to damaged data objects. Traditional damage confinement techniques depend on the outputs of the damage assessment process. Hence the delay of damage assessment can seriously impair the effectiveness of confinement. This project will show how to achieve more effective confinement by a multi-phase damage confinement scheme. Damage Assessment and Trusted Recovery. Our previous work has developed a family of damage assessment and repair algorithms. This project will implement these algorthms, integrate them into the system, and evaluate their performance. Self-Stabilization. The effectiveness of a database system in tolerating intrusions can vary dramatically from time to time based on how the system is accessed by legitimate users and attacked by malicious users. However, users typically desire a stabilized degree of data integrity. This requires the system be able to automatically stabilize its data integrity degree in a changing environment. This project will show how such self-stabilization ability can be provided. |
| Recent FY-00 Accomplishments: | This project is newly started in May 23, 2000.
A high level specification of the function, structure, internal processes, and interface (almost) finished for each critical component of the framework. Steps were taken to initiate implementing the transaction proxy and the proof collection agents. |
| FY-01 Milestones: | Design of the experimental system finished and
distributed as a technical report for peer review.
Prototype transaction proxy implemented. Prototype proof collection agents implemented. Prototype database intrusion detector implemented. |
| Technology Transition: | Technology can be transferred through the
channels indicated below:
- Technical papers published in leading technical meetings and technical reports. - Release and dissemination of software prototypes in source and binary form. - Pursue technology transition through major commercial DBMS vendors. The technologies can either be absorbed into their DBMS kernels, or be commercialized as intrusion tolerance wrappers. - Start a company to commercialize the technologies and provide flexible services to arm customers' database systems with necessary intrusion tolerance facilities. |
| Principal Investigator: | Peng Liu
Department of Information Systems University of Maryland, Baltimore County 1000 Hilltop Circle Baltimore, MD 21250 (410) 455-3268 (410) 455-1073 fax pliu@umbc.edu |