
QoIA Management Project
Overview
This
project will build a QoIA-aware attack resistant
database system framework, call Linba. The
trustworthiness of a computing system in delivering valid services in face of
attacks has become a more critical concern than ever as people are experiencing
increased cyber security threats. A Quality of Information Assurance (QoIA) service is a service associated with a specific level
of trustworthiness. From the viewpoint of end users, the goal of trusted
computing is to enable people to get the QoIA
services that they have subscribed for even in face of attacks. However, (most)
existing trusted systems cannot deliver QoIA services
since they have very limited ability in
providing (sustained) quantitative trustworthiness guarantees.
The objective of this research is to build a new trusted computing
infrastructure that is able to continue delivering QoIA
services in face of attacks and cost constraints. Based on a novel formal
(service) trustworthiness model, Linba delivers
multilevel, differential, quantitative QoIA services
through near optimal neuro-fuzzy composite QoIA adaptations where Linba
intelligently adapts itself to environment changes and QoIA-cost tradeoffs are done in an optimized way.
Successful development of Linba will arm existing
trusted database systems with the ability to deliver QoIA
services (in a cost-effective way) and provide very valuable hints on
developing a variety of other types of trusted computing systems that can
deliver QoIA services. The cost-effectiveness of Linba will be evaluated through simulation or
prototyping.
Papers
- H. Wang, P. Liu, L. Li, Evaluating the Impact of Intrusion Detection Deficiencies on the Cost-Effectiveness
of Attack Recovery, Proceedings of the 7th Information Security Conference (Lecture Notes in Computer Science), September 2004.
- M. Yu, P. Liu, W. Zang,
Dependency
Relation based Attack Recovery of Workflow Systems, Submitted for review to ACM Trans.
on Information and Systems Security, 2004
- M. Yu, P. Liu, W. Zang, The Design, Implementation and
Evaluation of a Self-Healing Workflow System Prototype, To be submitted for journal
publication.
- M. Yu, P. Liu, W. Zang, Self Healing Workflow
Systems under Attacks, Proc. 24th IEEE International
Conference on Distributed Computing Systems (ICDCS’04), Tokyo,
Japan, March 2004, pages 418-425.
- M. Yu, P. Liu, W. Zang, Specifying and Using Group-to-Group Communication Services for Intrusion
Masking, Journal of Computer
Security, accepted, to appear
- P. Liu, J. Jing, P.
Luenam, Y. Wang, L. Li, S. Ingsriswang, The Design and Implementation
of a Self-Healing Database System, Journal of Intelligent
Information Systems, Vol.
23, No. 3, 247-269, 2004
- M. Yu, P. Liu, W. Zang, Multi-Version Data
Objects Based Attack Recovery of Workflows, Proc. 2003 Annual
Computer Applications Security Conference (ACSAC'03).
- P. Liu, S. Jajodia, Multiphase
Damage Containment in Self-Healing Database System, Submitted for review to IEEE
Trans. on Knowledge and Data Engineering, 2003
- J. Zhang, P. Liu, Delivering
Services with Integrity Guarantees in Survivable Database Systems, Proc. 17th Annual
IFIP WG 11.3 Working Conference on Database and Applications Security, Colorado, August 2003
- P. Liu, Architectures for Intrusion
Tolerant Database Systems, Proc. 2002 Annual Computer Security
Applications Conference, Dec 2002, pages 311-320
- P. Luenam, P. Liu, The Design of an Adaptive Intrusion Tolerant Database System, Proc.
IEEE Workshop on Intrusion Tolerant Systems, 2002.
People
- Peng Liu, Pramote Luenam, Meng Yu, Hai Wang,
Jianyong Zhang, Vinod Ramin
Acknowledgement
This project is supported by NSF
CCR-0233324