Attack Isolation Project
Overview
We focus on how to isolate malicious transactions in data applications.
Since transaction processing is much quicker than intrusion detection, during the detection
latency of a malicious transaction B a lot of damage can spread from the objects corrupted
by B to many other objects. Our isolation scheme mitigates this problem by redirecting the
transactions of suspicious users (or sessions) to a virtually separated database environment.
Suspicious users can read the results of trustworthy users but not versa. When an isolated user
is proven innocent, most, if not all, of his or her results will be merged back into the main database.
In this way, the main database is immunized from the damage that could by caused by the
suspicious users without losing the availability to them. The cost of our scheme is much less
than using completely replicated databases (to do isolation).
Papers
- P. Liu, S. Jajodia, C. D. McCollum, "Intrusion Confinement by Isolation in Information
Systems", Journal of Computer Security, Vol. 8, No. 4, pages 243-279.
[Download]
- P. Liu,
"DAIS: A Real-Time Data Attack Isolation System for Commercial Database Applications",
17th Annual Computer Security Applications Conference, Dec. 10-14, New Orleans, 2001.
[Download]
- S. Jajodia, P. Liu, C. D. McCollum,
"Application-Level Isolation to Cope With Malicious Database Users",
ACSAC'98, Proc. 14th Annual Computer Security Applications Conf. , Phoenix, AZ,
December 1998, pages 73--82.
[Download]
- P. Liu, S. Jajodia, C. D. McCollum,
"Intrusion Confinement by Isolation in Information Systems",
in Research Advances in Database and Information Systems Security, Vijayalakshmi Atluri,
John Hale, eds., Kluwer Academic Publishers (2000). This paper was presented
at IFIP WG 11.3 13th Working Conference on Database Security, July 26-28, 1999, Seattle,
Washington, USA.
People
- Peng Liu (Penn State), Sushil Jajodia (George Mason University), C. D.
McCollum (MITRE)