Self-Healing Data Base and Workflow Systems

2000-2002: DARPA OASIS Program

2002-2006: NSF Cyber Trust: CCR-0233324

2007-2008: NSF CNS-0716479

 

The Self-Healing Database Systems project is a Penn State research project that is investigating innovative techniques for building highly-survivable database systems. While traditional secure database systems rely on preventive controls and are very limited in surviving malicious attacks, self-healing database systems can detect intrusions, mask and isolate attacks, contain, assess, and repair the damage caused by intrusions in an agile, adaptive manner such that sustained, self-stabilized levels of data integrity and availability can be provided to applications in face of attacks. A self-healing database system prototype is developed and under evaluation. Ongoing research of this project aims to deliver multilevel, differentiated, quantitative QoIA services, i.e., services associated with a specific level of trustworthiness, to end users through intelligent, predictive, composite QoIA adaptations.

 

The Self-Healing Database Systems project suite is composed of the following projects:

Publications

[59] Kun Bai, Meng Yu, Peng Liu, TRACE: Zero-down-time Database Damage Tracking, Quarantine, and Cleansing with  Negligible Run-time Overhead, to appear in Proceedings of 13th European Symposium on Research in Computer Security (ESORICS 2008),  Malaga, Spain, 2008.

[58] M. Yu, W. Zang, P. Liu, Database Isolation and Filtering against Data Corruption Attacks, In Proc. 23rd Annual  Computer Security Application Conference (ACSAC 2007).

[57] M. Yu, P. Liu, W. Zang, The Implementation and Evaluation of a Self-Healing Workflow System, In review for journal publication

[56] P. Liu, M. Yu, Efficient Attack Recovery in Resilient Distributed Database Systems, In review for journal publication.

[55] P. Liu, S. Jajodia, Multiphase Damage Containment in Self-Healing Database Systems, In review by IEEE Trans. on Knowledge and Data Engineering. [Main] [Supplemental]

[54] M. Yu, P. Liu, W. Zang, Dependency Relation based Attack Recovery of Workflow Systems, In review for journal publication.

[53] W. Zang, M. Yu, P. Liu, A Distributed Algorithm for Workflow Recovery, International Journal on Intelligent Control and Systems, accepted, to appear

[52] H. Wang, P. Liu, L. Li, Evaluating the Survivability of Intrusion Tolerant Database Systems and the Impact of Intrusion Detection Deficiencies, International Journal of Information and Computer Security, accepted, to appear.

[51] M. Yu, P. Liu, S. Jajodia, Trusted Recovery, in Secure Data Management in Decentralized Systems, T. Yu, S. Jajodia, eds., Springer, Berlin, invited book chapter, to appear.

[50] H. Wang, P. Liu, Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System, Proc. ESORICS 2006, acceptance rate = 20%

[49] E. Damiani, P. Liu (eds.), Database and Applications Security XX, Springer Lecture Notes in Computer Science, LNCS 4127, 2006, ISBN 3-540-36796-9

[48] F. Li, B. Luo, P. Liu, D. Lee, P. Mitra, W. Lee, C. Chu, In-broker Access Control: Towards Efficient End-to-End Performance of Information Brokerage Systems, Proc. IEEE SUTC 2006, acceptance rate = 25%

[47] P. Liu, J. Jing, Architectures for Self-Healing Databases under   Cyber Attacks, Journal of Computer Science and Network Security, Vol. 8, No. 1B, 2006, pages 204-216. 

[46] M. Yu, P. Liu (Eds.), Proceedings of the First International Workshop on Information Assurance in Distributed Systems, Springer Lecture Notes in Computer Science, 2006.

[45] P. Mitra, C. Pan, P. Liu, V. Atluri, Privacy-preserving Semantic Interoperation and Access Control of Heterogeneous Databases, Proc. ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2006, to appear, acceptance rate = 17%

[44] K. Bai, P. Liu, Towards Database Firewall: Mining the Damage Spreading Patterns, Proc. ACSAC 2006, to appear, acceptance rate = 30%

[43] P. Mitra, C. Pan, P. Liu, Semantic Access Control for Information Interoperation, Proc. ACM SACMAT 2006, to appear.

[42] M. Yu, W. Zang, P. Liu, Defensive Execution of Transactional Processes against Attacks, Proc. ACSAC 2005, to appear, acceptance rate = 19.6%

[41] K. Bai, H. Wang, P. Liu, Towards Database Firewalls, Proc. 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSEC ’05), Storrs, CT, August 7-10, 2005. To appear

[40] M. Yu, W. Zang, P. Liu, J. Wang, The Architecture of An Automatic Distributed Recovery System, Proc. 2005 IEEE International Conference on Networking, Sensing and Control (ICNSC ’05).

[39] M. Yu, P. Liu, W. Zang, Specifying and Using Group-to-Group Communication Services for Intrusion Masking, Journal of Computer Security, Vol. 13, No. 4, 623-658. [PDF]

[38] Peng Liu, Amit Chetal, Trust-based Secure Information Sharing between Federal Government Agencies, Journal of the American Society for Information Science and Technology, 56(3): 283--298.

[38] P. Liu, Emerging Technologies in Information Assurance, DoD IA Newsletter, to appear

[37] Pramote Luenam, A Neuro-Fuzzy Approach Towards Adaptive Intrusion Tolerant Database Systems, Ph.D. Dissertation, In preparation

[36] M. Yu, W. Zang, P. Liu, Self Healing Workflows under Attacks, 5 minute talk, IEEE Symposium on Security and Privacy, 2005.

[35] Peng Liu, Meng Yu, Jiwu Jing, Information Assurance, In The Handbook of Information Security, Hossein Bidgoli et al. (eds.), John Wiley & Sons,  to appear [PDF]

[34] Peng Liu, H. Wang, L. Li, Real-Time Data Attack Isolation for Commercial Database Applications, Elsevier Journal of Network and Computer Applications, in press.

[33] M. Yu, P. Liu, W. Zang, Self Healing Workflow Systems under Attacks, Proc. 24th IEEE International Conference on Distributed Computing Systems (ICDCS ’04), Tokyo, Japan, March 2004, pages 418-425. Acceptance rate = 17.68%

[32] H. Wang, P. Liu, L. Li, Evaluating the Impact of Intrusion Detection Deficiencies on the Cost-Effectiveness of Attack Recovery, In Proceedings of the 7th Information Security Conference, Springer LNCS, Vol.  xx, September 2004.

[31] P. Liu, J. Jing, P. Luenam, Y. Wang, L. Li, S. Ingsriswang, The Design and Implementation of a Self-Healing Database System, Journal of Intelligent Information Systems, Vol. 23, No. 3, 247-269, 2004 

[30] Peng Liu, Engineering a Distributed Intrusion Tolerant Database System Using COT Components, Proc. DISCEX III, Volume 2, pages 284-289, April 2003

[29]  M. Yu, P. Liu, W. Zhang, Intrusion Masking for Distributed Atomic Operations,  Proc. 18th IFIP International Information Security Conference (SEC ’03), May 2003, acceptance ratio 27%, pages 229-240.

[28] Peng Liu, ITDB: An Attack Self-Healing Database System Prototype, Demo Abstract, Proc. DISCEX III, Volume 2, pages 131-133, 2003

[27] P. Liu, Architectures for Intrusion Tolerant Database Systems, in Foundations of Intrusion Tolerant Systems, Jaynarayan H. Lala (ed), IEEE Computer Society Press, 2003, pages 3-13. A previous version appears as [28].

[26] P. Luenam, P. Liu, The Design of an Adaptive Intrusion Tolerant Database System, in Foundations of Intrusion Tolerant Systems, Jaynarayan H. Lala (ed), IEEE Computer Society Press, 2003, pages 14-21. A previous version appears as [30].

[25] P. Liu, Measuring Quality of Information Assurance, DARPA OASIS Final Technical Report, 2003

[24]  J. Zhang, P. Liu, Delivering Services with Integrity Guarantees in Survivable Database Systems, Proc. 17th IFIP WG 11.3 Conference on Data and Applications Security (DBSEC ’03), August 2003, pages 31-45.

[23] M. Yu, P. Liu, W. Zang, Multi-Version Data Objects Based Attack Recovery of Workflows, Proc. 19th Annual Computer Security Applications Conference (ACSAC ’03), Las Vegas, Dec, 2003, pages 142-151. [PDF]

[22] J. Jing, P. Liu, D. G. Feng, J. Xiang, N. Gao, J. Q. Lin, ARECA: A Highly Attack Resilient Certification Authority, Proc. First ACM Workshop on Survivable and Self-Regenerative Systems (SSRS ’03), October 2003, pages 53-63. [PDF]

[21] P. Ammann, S. Jajodia, P. Liu, Recovery from Malicious Transactions, IEEE Transactions on Knowledge and Data Engineering, Vol. 15, No. 5, September 2002, pages 1167-1185 [PDF]

[20] P. Liu, Y. Wang, The Design and Implementation of a Multiphase Database Damage Confinement System, Proc. 16th IFIP Working Conf. on Data and Applications Security (DBSEC ’02), July 2002. [PDF]

[19] P. Luenam, P. Liu, The Design of an Adaptive Intrusion Tolerant Database System, Proc. IEEE Workshop on Intrusion Tolerant Systems (ITS ’02) June 2002. [PDF

[18] P. Liu, S. Jajodia, P. Ammann, J. Li, Can-Follow Concurrency Control, Proc. 2002 IASTED Int’l Conf. on Networks, Parallel and Distributed Processing, and Applications (NPDPA ’02), Japan, Oct 2002 [Postscript]

[17] P. Liu, Architectures for Intrusion Tolerant Database Systems, Proc. 18th Annual Computer Security Applications Conference (ACSAC ’02), Dec 2002, acceptance ratio 32%, pages 311-320. [PDF]

[16] P. Liu, Engineering a Distributed Intrusion Tolerant Database System, DARPA OASIS Final Technical Report, 2002

[15] (Book) P. Liu, S. Jajodia, Trusted Recovery and Defensive Information Warfare, Monograph, Kluwer Academic Publishers, 2002. ISBN 0-7923-7572-6.

[14] P. Liu, S. Jajodia, Multi-Phase Damage Confinement in Database Systems for Intrusion Tolerance, Proc. 14th IEEE Computer Security Foundations Workshop (CSFW ’01)), June 2001, pages 191-205. [PDF]

[13] Peng Liu, Xu Hao, Efficient Damage Assessment and Repair in Resilient Distributed Database Systems, Proc. 15th IFIP WG 11.3 Working Conference on Data and Applications Security (DBSEC ’01),   July 2001. [Postscript]

[12] P. Luenam, P. Liu, ODAR: An On-the-fly Damage Assessment and Repair System for Commercial Database Applications, Proc. 15th IFIP WG 11.3 Working Conference on Data and Application Security (DBSEC ’01), July 2001. [PDF]

[11] P. Liu, DAIS: A Real-Time Data Attack Isolation System for Commercial Database Applications, Proc. 17th Annual Computer Security Applications Conference (ACSAC ’01), Dec 2001, pages 219-229.  [PDF

[10] S. Ingsriswang, P. Liu, AAID: An Application Aware Transaction Level Database Intrusion Detection System, Technical Report, 2001.  

[9] P. Liu, P. Ammann, S. Jajodia, Rewriting Histories: Recovering From Malicious Transactions, Distributed and Parallel Databases, Vol. 8, No. 1, January 2000, pages 7-40. [PDF]

[8] P. Liu, S. Jajodia, C. D. McCollum, Intrusion Confinement by Isolation in Information Systems, Journal of Computer Security, Vol. 8, No. 4, pages 243-279 [PDF]

[7] Peng Liu, Peng Ning, Sushil Jajodia, Avoiding Loss of Fairness Owing to Process Crashes in Fair Data Exchange Protocols, Proc. IEEE International Conference on Dependable Systems and Networks (DSN ’00), Workshop on Dependability Despite Malicious Faults, June 2000, pages 631-640.

[6] Peng Liu, General Design of ItDBMS, Technical Report, 2000.

[5] P. Liu, P. Ammann, S. Jajodia, Incorporating Transaction Semantics to Reduce Reprocessing Overhead in Replicated Mobile Data Applications, Proc. 19th IEEE International Conference on Distributed Computing Systems (ICDCS ’99),  June 1999, pages 414-423. [PDF]

[4] Paul Ammann, Sushil Jajodia, Peng Liu, A fault tolerance approach to survivability, in Computer Security, Dependability, and Assurance: From Needs to Solutions, P. Ammann, B. H. Barnes, S. Jajodia, E. H. Sibley (eds.), IEEE Computer Society Press, 1999

[3] P. Liu, S. Jajodia, C. D. McCollum, Intrusion Confinement by Isolation in Information Systems, Proc. IFIP WG 11.3 13th Working Conference on Database Security (DESEC ’99), July 1999. 

[2] S. Jajodia, P. Ammann, P. Liu, A Fault Tolerance Approach to Survivability,  Proc. IST 4th Symposium on Protecting NATO Information Systems (NATO Security ’99), Oct 1999, pages 20-1 to 20-7.

[1] S. Jajodia, P. Liu, C. D. McCollum, Application Level Isolation to Cope with Malicious Database Users, Proc. 14th Annual Computer Security Applications Conference (ACSAC ’98), December 1998, pages 73-82