Self-Healing
Data Base and Workflow Systems
2000-2002: DARPA OASIS Program
2002-2006: NSF Cyber Trust:
CCR-0233324
2007-2008: NSF CNS-0716479
The Self-Healing Database Systems project is a Penn State
research project that is investigating innovative techniques for building
highly-survivable database systems. While traditional secure database systems
rely on preventive controls and are
very limited in surviving malicious attacks, self-healing database systems can detect intrusions, mask and
isolate attacks, contain, assess, and
repair the damage caused by intrusions in an
agile, adaptive manner such that
sustained, self-stabilized levels of data integrity and
availability can be provided to
applications in face of attacks. A self-healing database system prototype is
developed and under evaluation.
Ongoing research of this project aims to deliver multilevel, differentiated, quantitative QoIA services, i.e., services associated
with a specific level of trustworthiness, to end users through intelligent,
predictive, composite QoIA adaptations.
The Self-Healing Database Systems project suite is composed of the
following projects:
Publications
[59] Kun Bai, Meng Yu, Peng Liu, TRACE: Zero-down-time Database Damage
Tracking, Quarantine, and Cleansing with
Negligible Run-time Overhead, to appear in Proceedings of 13th
European Symposium on Research in Computer Security (ESORICS 2008), Malaga, Spain, 2008.
[58] M. Yu, W. Zang, P. Liu, Database Isolation and Filtering against
Data Corruption Attacks, In Proc. 23rd Annual Computer Security Application Conference
(ACSAC 2007).
[57] M. Yu, P. Liu, W. Zang,
The Implementation and Evaluation of a Self-Healing Workflow System,
In review for journal publication
[56] P. Liu, M. Yu, Efficient Attack Recovery in Resilient
Distributed Database Systems, In
review for journal publication.
[55] P. Liu, S. Jajodia, Multiphase Damage Containment in Self-Healing Database Systems, In
review by IEEE Trans. on
Knowledge and Data Engineering. [Main] [Supplemental]
[54] M.
Yu, P. Liu, W. Zang,
Dependency Relation based Attack
Recovery of Workflow Systems, In review for journal publication.
[53] W. Zang, M. Yu, P. Liu, A Distributed Algorithm for Workflow Recovery, International Journal on Intelligent Control and
Systems, accepted, to appear
[52] H. Wang,
P. Liu, L. Li, Evaluating the
Survivability of Intrusion Tolerant
Database Systems and the Impact of
Intrusion Detection Deficiencies, International
Journal of Information and Computer
Security, accepted, to appear.
[51] M.
Yu, P. Liu, S. Jajodia, Trusted Recovery,
in Secure Data Management
in Decentralized Systems, T. Yu, S. Jajodia, eds., Springer, Berlin, invited book
chapter, to appear.
[50] H. Wang, P. Liu, Modeling
and Evaluating the Survivability of an Intrusion Tolerant
Database System, Proc. ESORICS 2006, acceptance rate = 20%
[49] E. Damiani,
P. Liu (eds.), Database and Applications Security XX, Springer
Lecture Notes in Computer Science, LNCS 4127, 2006, ISBN 3-540-36796-9
[48] F.
Li, B. Luo, P. Liu, D. Lee, P. Mitra, W. Lee, C. Chu, In-broker Access Control: Towards Efficient End-to-End Performance of Information Brokerage Systems, Proc. IEEE SUTC 2006, acceptance rate = 25%
[47] P.
Liu, J. Jing, Architectures for
Self-Healing Databases under
Cyber Attacks, Journal of
Computer Science and Network
Security, Vol. 8, No. 1B, 2006, pages 204-216.
[46] M.
Yu, P. Liu (Eds.), Proceedings of the First International Workshop on
Information Assurance in Distributed
Systems, Springer Lecture Notes in Computer Science, 2006.
[45] P. Mitra, C. Pan, P. Liu, V. Atluri, Privacy-preserving Semantic Interoperation and
Access Control of Heterogeneous Databases, Proc. ACM Symposium on
Information, Computer and
Communications Security (ASIACCS), 2006, to appear, acceptance rate
= 17%
[44] K. Bai, P. Liu, Towards Database Firewall: Mining the Damage
Spreading Patterns, Proc. ACSAC 2006, to
appear, acceptance
rate = 30%
[43] P.
Mitra, C. Pan, P. Liu, Semantic
Access Control for Information Interoperation, Proc. ACM SACMAT
2006, to appear.
[42] M.
Yu, W. Zang, P. Liu, Defensive Execution of Transactional Processes against Attacks, Proc.
ACSAC 2005, to appear, acceptance
rate = 19.6%
[41] K.
Bai, H. Wang, P. Liu, Towards Database Firewalls, Proc. 19th Annual IFIP WG 11.3
Working Conference on Data and
Applications Security (DBSEC ’05), Storrs, CT, August 7-10, 2005. To
appear
[40] M. Yu, W. Zang, P. Liu, J. Wang,
The Architecture of An Automatic
Distributed Recovery System, Proc. 2005
IEEE International Conference on Networking, Sensing and
Control (ICNSC
’05).
[39] M.
Yu, P. Liu, W. Zang, Specifying and
Using Group-to-Group Communication Services for Intrusion Masking, Journal of Computer Security, Vol. 13,
No. 4, 623-658. [PDF]
[38] Peng Liu, Amit Chetal, Trust-based Secure Information Sharing between Federal Government
Agencies, Journal of the American Society for Information Science and Technology, 56(3): 283--298.
[38] P.
Liu, Emerging Technologies in
Information Assurance, DoD IA Newsletter, to appear
[37]
Pramote Luenam, A Neuro-Fuzzy Approach
Towards Adaptive Intrusion Tolerant
Database Systems, Ph.D. Dissertation,
In preparation
[36] M.
Yu, W. Zang,
P. Liu, Self Healing Workflows under
Attacks, 5 minute talk, IEEE
Symposium on Security and Privacy,
2005.
[35] Peng Liu, Meng Yu, Jiwu Jing, Information Assurance, In
The Handbook
of Information Security, Hossein Bidgoli et al. (eds.), John Wiley &
Sons, to appear [PDF]
[34] Peng Liu, H. Wang,
L. Li, Real-Time Data Attack Isolation for
Commercial Database Applications, Elsevier
Journal of Network and Computer
Applications, in press.
[33] M.
Yu, P. Liu, W. Zang, Self Healing Workflow Systems under
Attacks, Proc. 24th IEEE
International Conference on Distributed Computing Systems (ICDCS
’04), Tokyo, Japan, March
2004, pages 418-425. Acceptance rate = 17.68%
[32] H. Wang, P. Liu, L. Li, Evaluating the Impact of Intrusion Detection Deficiencies on the
Cost-Effectiveness of Attack Recovery, In Proceedings of the 7th
Information Security Conference, Springer LNCS, Vol. xx, September 2004.
[31] P.
Liu, J. Jing, P. Luenam, Y. Wang, L.
Li, S. Ingsriswang,
The Design and
Implementation of a Self-Healing Database System, Journal of Intelligent Information Systems, Vol. 23, No. 3,
247-269, 2004
[30] Peng Liu,
Engineering a Distributed Intrusion
Tolerant Database System Using COT
Components, Proc. DISCEX III,
Volume 2, pages 284-289, April 2003
[29] M. Yu, P. Liu, W. Zhang, Intrusion
Masking for Distributed Atomic Operations,
Proc. 18th IFIP International
Information Security Conference (SEC ’03), May 2003, acceptance ratio 27%, pages 229-240.
[28] Peng Liu, ITDB: An Attack Self-Healing Database
System Prototype, Demo Abstract, Proc.
DISCEX III, Volume 2, pages 131-133, 2003
[27] P. Liu, Architectures
for Intrusion Tolerant Database
Systems, in Foundations of Intrusion
Tolerant Systems, Jaynarayan H. Lala (ed), IEEE
Computer Society Press, 2003, pages 3-13. A previous version appears as [28].
[26] P. Luenam, P. Liu, The
Design of an Adaptive Intrusion
Tolerant Database System, in Foundations of Intrusion Tolerant Systems, Jaynarayan
H. Lala (ed), IEEE Computer Society Press, 2003,
pages 14-21. A previous version appears as [30].
[25] P. Liu, Measuring
Quality of Information Assurance, DARPA
OASIS Final Technical Report, 2003
[24] J. Zhang,
P. Liu, Delivering Services with
Integrity Guarantees in Survivable
Database Systems, Proc. 17th IFIP WG
11.3 Conference on Data and
Applications Security (DBSEC ’03), August 2003, pages 31-45.
[23] M. Yu, P. Liu, W. Zang, Multi-Version
Data Objects Based Attack Recovery of Workflows, Proc. 19th Annual Computer Security Applications Conference (ACSAC
’03), Las Vegas, Dec, 2003, pages 142-151. [PDF]
[22] J. Jing, P. Liu, D. G. Feng,
J. Xiang, N. Gao, J. Q. Lin, ARECA: A Highly Attack Resilient
Certification Authority, Proc. First ACM Workshop on Survivable and Self-Regenerative Systems (SSRS ’03),
October 2003, pages 53-63. [PDF]
[21] P. Ammann, S.
Jajodia, P. Liu, Recovery from Malicious Transactions,
IEEE Transactions
on Knowledge and Data Engineering,
Vol. 15, No. 5, September 2002, pages 1167-1185 [PDF]
[20] P. Liu, Y. Wang, The
Design and Implementation of a
Multiphase Database Damage Confinement System, Proc. 16th IFIP Working Conf. on Data and
Applications Security (DBSEC ’02), July 2002. [PDF]
[19] P. Luenam, P. Liu, The Design of an
Adaptive Intrusion Tolerant Database
System, Proc. IEEE Workshop on
Intrusion Tolerant Systems (ITS
’02) June 2002. [PDF]
[18] P. Liu, S. Jajodia, P. Ammann,
J. Li, Can-Follow Concurrency
Control, Proc. 2002 IASTED
Int’l Conf. on Networks, Parallel and
Distributed Processing, and
Applications (NPDPA ’02), Japan,
Oct 2002 [Postscript]
[17] P. Liu, Architectures for Intrusion
Tolerant Database Systems, Proc. 18th Annual Computer Security
Applications Conference (ACSAC ’02), Dec 2002, acceptance ratio 32%, pages 311-320. [PDF]
[16] P. Liu, Engineering a Distributed
Intrusion Tolerant Database System, DARPA
OASIS Final Technical Report, 2002
[15] (Book) P. Liu, S. Jajodia, Trusted Recovery and Defensive Information Warfare, Monograph, Kluwer
Academic Publishers, 2002. ISBN 0-7923-7572-6.
[14] P. Liu, S. Jajodia, Multi-Phase Damage Confinement in
Database Systems for Intrusion Tolerance,
Proc. 14th IEEE Computer Security
Foundations Workshop (CSFW ’01)), June 2001, pages 191-205. [PDF]
[13] Peng Liu, Xu Hao, Efficient
Damage Assessment and Repair in
Resilient Distributed Database Systems, Proc.
15th IFIP WG 11.3 Working Conference on Data and
Applications Security (DBSEC ’01), July 2001. [Postscript]
[12] P. Luenam, P. Liu, ODAR: An On-the-fly Damage Assessment and Repair System for Commercial Database
Applications, Proc. 15th IFIP WG 11.3
Working Conference on Data and
Application Security (DBSEC ’01), July 2001. [PDF]
[11] P. Liu, DAIS: A Real-Time Data Attack Isolation System for
Commercial Database Applications, Proc. 17th Annual Computer Security
Applications Conference (ACSAC ’01), Dec 2001, pages 219-229. [PDF]
[10] S. Ingsriswang,
P. Liu, AAID: An Application Aware Transaction
Level Database Intrusion Detection System, Technical Report, 2001.
[9] P. Liu, P. Ammann,
S. Jajodia, Rewriting Histories: Recovering
From Malicious Transactions, Distributed and
Parallel Databases, Vol. 8, No. 1, January
2000, pages 7-40. [PDF]
[8] P. Liu, S. Jajodia, C. D. McCollum, Intrusion
Confinement by Isolation in Information Systems, Journal of Computer Security, Vol. 8, No. 4, pages 243-279 [PDF]
[7] Peng Liu,
Peng Ning, Sushil Jajodia, Avoiding Loss of Fairness Owing to Process
Crashes in Fair Data Exchange
Protocols, Proc. IEEE International
Conference on Dependable Systems and
Networks (DSN ’00), Workshop on
Dependability Despite Malicious Faults, June 2000, pages 631-640.
[6] Peng Liu, General
Design of ItDBMS, Technical Report, 2000.
[5] P. Liu, P. Ammann,
S. Jajodia, Incorporating Transaction Semantics
to Reduce Reprocessing Overhead in Replicated Mobile Data Applications, Proc. 19th IEEE International Conference on
Distributed Computing Systems (ICDCS ’99), June 1999, pages 414-423. [PDF]
[4] Paul Ammann,
Sushil Jajodia, Peng Liu, A fault
tolerance approach to survivability,
in Computer Security, Dependability, and Assurance:
From Needs to Solutions, P. Ammann,
B. H. Barnes, S. Jajodia, E. H. Sibley (eds.), IEEE Computer Society Press,
1999
[3] P. Liu, S. Jajodia, C. D. McCollum, Intrusion
Confinement by Isolation in Information Systems, Proc. IFIP WG 11.3 13th Working Conference on Database Security
(DESEC ’99), July 1999.
[2] S. Jajodia, P. Ammann,
P. Liu, A Fault Tolerance
Approach to Survivability, Proc. IST 4th Symposium on Protecting NATO
Information Systems (NATO Security ’99), Oct 1999, pages 20-1 to
20-7.
[1] S.
Jajodia, P. Liu, C. D. McCollum, Application Level Isolation to Cope with
Malicious Database Users, Proc. 14th
Annual Computer Security Applications Conference (ACSAC ’98),
December 1998, pages 73-82