Attack Isolation Project


We focus on how to isolate malicious transactions in data applications. Since transaction processing is much quicker than intrusion detection, during the detection latency of a malicious transaction B a lot of damage can spread from the objects corrupted by B to many other objects. Our isolation scheme mitigates this problem by redirecting the transactions of suspicious users (or sessions) to a virtually separated database environment. Suspicious users can read the results of trustworthy users but not versa. When an isolated user is proven innocent, most, if not all, of his or her results will be merged back into the main database. In this way, the main database is immunized from the damage that could by caused by the suspicious users without losing the availability to them. The cost of our scheme is much less than using completely replicated databases (to do isolation).