Research On Intrusion Tolerance Database Technologies

Since database is the important data depository center of information systems, its survivability under various types of fault has received more and more attention and challenge. Transaction level intrusion is a type of fault which could not be completely avoided with and be detected in time by traditional database security mechanisms. Usually, when an intrusion is detected, the database has already been damaged to some extent. Moreover, transactions which access these damaged data will spread the damage to broader areas. Traditional database recovery mechanism can not identify and selectively repair these damaged data, while the loss and system halt caused by simply rollbacking all commited transactions beyond the malicious transaction are unacceptable by many applications. Intrusion tolerance database technologies aim for improving the survivability of the database systems faced with malicious intrusions, so as to enable the database systems to provide continuous data service even during the time of being intruded.Several problems including intrusion tolerance database architecture, damage assessment model, intrusion tolerance database log mechanism, and on-the-fly repair of post-intrusion databases are studied. Based on the DM database management system (DBMS), an intrusion tolerance database prototype ITDM is built.The requirements and goals of the intrusion tolerance database system are discussed according to the features of transaction level intrusions. An embedded architecture is proposed by analyzing the shortage of the existing external architectures. In embedded architectures, the intrusion tolerance mechanism is designed inside of the database server for the sake of sharing information during the execution of transactions with other mechanisms. Based on the embedded architecture and the DM DBMS, the framework of intrusion tolerance database prototype ITDM is designed.Based on the traditional transaction dependency model, an extended transaction dependency model which can describe the implied transaction dependency is presented. Traditional model can only track the express damage spreading caused by write-read dependency, but it ignores the implied transaction dependency caused by omitting deleted data. The extended model adpots the multi-version database and adds the overlooked-read operation to access deleted versions, so as to be able to track both types of transaction dependency and provide more accurate transaction dependency tracking.A new log mechanism for intrusion tolerance database system which can meet the information requirements of both traditional fault recovery and selective recovery is proposed, together with the recovery methods based on the new log. The log mechanism adds a transaction dependency log in the traditional log structure and replaces its rollback segment with the before image table. Thus it enables the system to implement the traditional recovery function and the selective recovery function in a uniform way. At last, the space and time cost of our method are analyzed and compared with two representative intrusion tolerance database prototypes, ITDB and Phoenix.A complete on-the-fly repair resolution is proposed. The resolution is based on the before image table and transaction dependency table which are unique to ITDM, and is composed of the two-phase damage confinement method, the damaged assessment algorithm and the on-the-fly repair algorithm. It resolves several key problems in on-the-fly repair including damage leaking, exit condition of the repair algorithm and the synchronization with intrusion detection system. The resolution is implemented in the ITDM prototype, and a set of experiments based on TPC-C benchmark are presented to illustrate the performance of our approach.