Liu, 2003 - Google Patents
Engineering a distributed intrusion tolerant database system using COTS componentsLiu, 2003
- Document ID
- 14295968205667160655
- Author
- Liu P
- Publication year
- Publication venue
- Proceedings DARPA Information Survivability Conference and Exposition
External Links
Snippet
In this paper, we present the design and implementation of ITDB, a self-healing or intrusion- tolerant database prototype system. While traditional secure database systems rely on preventive controls and are very limited in surviving malicious attacks, ITDB can detect …
- 238000001514 detection method 0 abstract description 26
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/1608—Error detection by comparing the output signals of redundant hardware
- G06F11/1612—Error detection by comparing the output signals of redundant hardware where the redundant component is persistent storage
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/20—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
- G06F21/645—Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Liu | Architectures for intrusion tolerant database systems | |
| Madan et al. | A method for modeling and quantifying the security attributes of intrusion tolerant systems | |
| Liu et al. | The design and implementation of a self-healing database system | |
| Xie et al. | Pagoda: A hybrid approach to enable efficient real-time provenance based intrusion detection in big data environments | |
| Liu et al. | Multi-Phase Damage Confinement in Database Systems for Intrusion Tolerance. | |
| CN107483414A (en) | A kind of security protection system and its means of defence based on cloud computing virtualized environment | |
| Zhang et al. | Active defense strategy selection based on static Bayesian game | |
| Botha et al. | The utilization of artificial intelligence in a hybrid intrusion detection system | |
| Pundir et al. | RanStop: A hardware-assisted runtime crypto-ransomware detection technique | |
| Liu | Engineering a distributed intrusion tolerant database system using COTS components | |
| CN108429746A (en) | A kind of private data guard method and system of facing cloud tenant | |
| Liu | Dais: A real-time data attack isolation system for commercial database applications | |
| Bai et al. | A data damage tracking quarantine and recovery (DTQR) scheme for mission-critical database systems | |
| Uemura et al. | Quantitative evaluation of intrusion tolerant systems subject to DoS attacks via semi-Markov cost models | |
| Bai et al. | Towards database firewalls | |
| Liu et al. | Architectures for self-healing databases under cyber attacks | |
| RU2202122C2 (en) | System for checking access to processes (programs) being run | |
| Hua et al. | SQRM: An effective solution to suspicious users in database | |
| Wang et al. | An abnormal file access behavior detection approach based on file path diversity | |
| WO2020102925A1 (en) | Method for monitoring tampering of static objects in mixed environment | |
| Zheng et al. | A pull-type security patch management of an intrusion tolerant system under a periodic vulnerability checking strategy | |
| Felemban et al. | A Security and Performance Driven Architecture for Cloud Data Centers | |
| Liu et al. | Real-time data attack isolation for commercial database applications | |
| CN118611983B (en) | Behavior gene identification method for network attack organization | |
| CN117725630B (en) | Security protection method, apparatus, storage medium and computer program product |