This work focused on how to recover a database after it is
attacked by a set of malicious transactions that corrupt data. Attack recovery
has two aspects: damage assessment and repair. Using checkpoints is simple, but
it can sacrifice a lot of good work. If we can stop the database server to do
attack recovery, then a technique similar to cascading abort can work. However,
since many critical database servers need to be 24*7 available and temporarily
making the database shut down can be the real goal of the attacker, on-the-fly
attack recovery which never stops the database is necessary in many cases.
However, on-the-fly attack recovery faces several unique challenges (compared
with traditional database recovery): (1) we need to do repair forwardly; (2)
cleaned data objects could be re-damaged during attack recovery; (3) the attack
recovery may never terminate in some cases. We have developed both syntact and
semantics based attack recovery algorithms. Our syntact-based framework
successfully addresses these three challenges. Our semantics-based approach is
(in most cases) strictly better than commutativity based repair.