Conference Paper

A Semi-Markov Survivability Evaluation Model for Intrusion Tolerant Real-Time Database Systems

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

With the application of real-time databases and the intrusion of malicious transactions, it has become increasingly important to model the ability of real-time database intrusion tolerance and effectively evaluate its survivability. Based on the features of transaction and data for real-time database system, an intrusion tolerant architecture has been proposed for real-time database system. Considering factors such as intrusion detection latency and a variety of parameters for real-time, Semi-Markov evaluation model for survival assessment is established. Based on this model, relevant quantitative criteria are made to define the important indicators of survivability, such as integrity and availability, so as to validate intrusion detection capability and the survivability of real-time database. The three important factors of false alarm, detection rate and the intensity of attack are analyzed in detail by the TPC-C benchmark. Experiments show that the model can accurately predict the behavior of real-time database. The real-time database following the model can still provide essential services when facing attacks and the basic survival characteristics will not be seriously affected.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

Article
Availability is essential index for strategic weapons in storage mission. Spare parts replacement is an effective way to improve system storage availability. Normally, the performance degradation of spare parts before replacement is hardly considered in traditional instantaneous availability model. We established a instantaneous availability model using backward equation of semi-Markov Process (SMP) when considering the degradation time of spare parts before replacement. Our analysis indicated that availability had been great effect on when the performance degradation of spare parts is considered. An example is shown to express that this model could help policymakers to choose more suitable supporting plan.
Article
Full-text available
In this paper, we present the design and implementation of ITDB, a self-healing or intrusion-tolerant database prototype system. While traditional secure database systems rely on preventive controls and are very limited in surviving malicious attacks, ITDB can detect intrusions, isolate attacks, contain, assess, and repair the damage caused by intrusions in a timely manner such that sustained, self-stabilized levels of data integrity and availability can be provided to applications in the face of attacks. ITDB is implemented on top of a COTS DBMS. We have evaluated the cost-effectiveness of ITDB using several micro-benchmarks. Preliminary testing measurements suggest that when the accuracy of intrusion detection is satisfactory, ITDB can effectively locate and repair the damage on-the-fly with reasonable (database) performance penalty.
Conference Paper
Full-text available
The computer systems that provide the information underpinnings for critical infrastructure applications, both military and civilian, are essential to the operation of those applications. Failure of the information systems can cause a major loss of service, and so their dependability is a major concern. Current facets of dependability, such as reliability and availability, do not address the needs of critical information systems adequately because they do not include the notion of degraded service as an explicit requirement. What is needed is a precise notion of what forms of degraded service are acceptable to users, under what circumstances each form is most useful, and the fraction of time such degraded service levels are acceptable. This concept is termed survivability. In this paper, we present the basis for a rigorous definition of survivability and an example of its use.
Article
Complex software and network based information server systems may exhibit failures. Quite often, such failures may not be accidental. Instead some failures may be caused by deliberate security intrusions with the intent ranging from simple mischief, theft of confidential information to loss of crucial and possibly life saving services. Not only it is important to prevent and/or tolerate security intrusions, it is equally important to treat security as a QoS attribute at par with other QoS attributes such as availability and performance. This paper deals with various issues related to quantifying the security attributes of an intrusion tolerant system, such as the SITAR system. A security intrusion and the response of an intrusion tolerant system to an attack is modeled as a random process. This facilitates the use of stochastic modeling techniques to capture the attacker behavior as well as the system’s response to a security intrusion. This model is used to analyze and quantify the security attributes of the system. The security quantification analysis is first carried out for steady-state behavior leading to measures like steady-state availability. By transforming this model to a model with absorbing states, we compute a security measure called the “mean time (or effort) to security failure” (MTTSF) and also compute probabilities of security failure due to violations of different security attributes.
Conference Paper
The immaturity of current intrusion detection techniques limits the traditional security systems in surviving malicious attacks. Intrusion tolerance approaches have emerged to overcome these limitations. Before intrusion tolerance is accepted as an approach to security, there must be quantitative methods to measure its survivability. However, there are very few attempts to do quantitative, model-based evaluation of the survivability of intrusion tolerant systems, especially in database field. In this paper, we focus on modeling the behaviors of an intrusion tolerant database system in the presence of attacks. Quantitative measures are proposed to characterize the capability of a resilient database system surviving intrusions. An Intrusion Tolerant DataBase system (ITDB) is studied as an example. Our experimental results validate the models we proposed. Survivability evaluation is also conducted to study the impact of attack intensity and various system deficiencies on the survivability.
Conference Paper
With the application of real-time databases and the intrusion of malicious transactions, it has become increasingly important to model the ability of real-time database intrusion tolerance and effectively evaluate its survivability. Based on the features of transaction and data for real-time database system, an intrusion tolerant architecture has been proposed for real-time database system. Considering factors such as intrusion detection latency and a variety of parameters for real-time, Semi-Markov evaluation model for survival assessment is established. Based on this model, relevant quantitative criteria are made to define the important indicators of survivability, such as integrity and availability, so as to validate intrusion detection capability and the survivability of real-time database. The three important factors of false alarm, detection rate and the intensity of attack are analyzed in detail by the TPC-C benchmark. Experiments show that the model can accurately predict the behavior of real- time database. The real-time database following the model can still provide essential services when facing attacks and the basic survival characteristics will not be seriously affected.
Conference Paper
Workflow systems are popular in daily business processing. Since vulnerability cannot be totally removed from a workflow management system, successful attacks always happen and may inject malicious tasks or incorrect data into the workflow system. Referring to the incorrect data further corrupt more data objects in the system, which comprises the integrity level of the system. This problem cannot be efficiently solved by existing defense mechanisms, such as access control, intrusion detection, and checkpoints. In this paper, we propose a practical solution for online attack recovery of workflows. The recovery system discovers all damages caused by the malicious tasks that the intrusion detection system reports and automatically repairs the damages based on data and control dependencies among workflow tasks. We analyze the behaviors of our attack recovery system based on the continuous time Markov chain model. The analytical results demonstrate that our system is practical when the parameters of the system are reasonably designed.
Conference Paper
In this paper we propose four architectures for intrusion-tolerant database systems. While traditional secure database systems rely on prevention controls, an intrusion-tolerant database system can operate through attacks in such a way that the system can continue delivering essential services in the face of attacks. With a focus on attacks by malicious transactions, Architecture I can detect intrusions, and locate and repair the damage caused by the intrusions. Architecture II enhances Architecture I with the ability to isolate attacks so that the database can be immunized from the damage caused by a lot of attacks. Architecture III enhances Architecture I with the ability to dynamically contain the damage in such a way that no damage will leak out during the attack recovery process. Architecture IV enhances Architectures II and III with the ability to adapt the intrusion-tolerance controls to the changing environment so that a stabilized level of trustworthiness can be maintained. Architecture IV enhances Architecture IV with the ability to deliver differential, quantitative QoIA services to customers who have subscribed for these services even in the face of attacks.