Application-level isolation to cope with malicious database users

Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217) Pub Date : 1998-12-07 DOI:10.1109/CSAC.1998.738580

S. Jajodia, Peng Liu, Catherine D. McCollum

{"title":"Application-level isolation to cope with malicious database users","authors":"S. Jajodia, Peng Liu, Catherine D. McCollum","doi":"10.1109/CSAC.1998.738580","DOIUrl":null,"url":null,"abstract":"System protection mechanisms such as access controls can be fooled by authorized but malicious users, masqueraders, and misfeasors. Intrusion detection techniques are therefore used to supplement them. The capacity of these techniques, however is limited: innocent users may be mistaken for malicious ones while malicious users stay at large. Isolation is a method that has been applied to protect systems from damage while investigating further. This paper proposes the use of isolation at an application level to gain its benefits while minimizing loss of resources and productive work in the case of incidents later deemed innocent. We describe our scheme in the database context. It isolates the database transparently from further damage by users suspected to be malicious, while still maintaining continued availability for their transactions. Isolation is complicated by the inconsistencies that may develop between isolated database versions. We present both static and dynamic approaches to identify and resolve conflicts. Finally, we give several examples of applications in which the isolation scheme should be worthwhile and be able to achieve good performance.","PeriodicalId":426526,"journal":{"name":"Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)","volume":"64 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1998-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSAC.1998.738580","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 20

Abstract

System protection mechanisms such as access controls can be fooled by authorized but malicious users, masqueraders, and misfeasors. Intrusion detection techniques are therefore used to supplement them. The capacity of these techniques, however is limited: innocent users may be mistaken for malicious ones while malicious users stay at large. Isolation is a method that has been applied to protect systems from damage while investigating further. This paper proposes the use of isolation at an application level to gain its benefits while minimizing loss of resources and productive work in the case of incidents later deemed innocent. We describe our scheme in the database context. It isolates the database transparently from further damage by users suspected to be malicious, while still maintaining continued availability for their transactions. Isolation is complicated by the inconsistencies that may develop between isolated database versions. We present both static and dynamic approaches to identify and resolve conflicts. Finally, we give several examples of applications in which the isolation scheme should be worthwhile and be able to achieve good performance.

查看原文本刊更多论文

应用程序级隔离，以应对恶意数据库用户

访问控制等系统保护机制可能会被授权但恶意的用户、伪装者和不法行为者所欺骗。因此，入侵检测技术被用来补充它们。然而，这些技术的能力是有限的:无辜用户可能被误认为是恶意用户，而恶意用户则逍遥法外。隔离是一种在进一步调查时用于保护系统免受损害的方法。本文建议在应用程序级别使用隔离，以获得其好处，同时在后来被认为是无辜的事件的情况下，最大限度地减少资源和生产工作的损失。我们在数据库上下文中描述我们的方案。它透明地隔离了数据库，使其免受疑似恶意用户的进一步破坏，同时仍然保持其事务的持续可用性。孤立的数据库版本之间可能产生的不一致性使隔离变得复杂。我们提出了静态和动态方法来识别和解决冲突。最后，我们给出了几个应用实例，在这些应用中，隔离方案应该是值得的，并且能够获得良好的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217)

自引率

0.00%

发文量