Research On TCM Based Isolation And Repair Technologies Of Security Database Systems

As organizations increase their adoption of database systems as the key data management technology and decision making, the security of the database systems becomes crucial. Traditional prevention and protection centric database security mechanisms mainly concern confidentiality of data stored in database, but ignore the requirements for integrity and availability in many cases, which makes database systems become the main targets of malicious attacks from both internal and external. The objective of researching database survivability technology is to provide security for database systems against malicious intrusions. Based on the existing database survival techniques, this paper mainly concentrates on damage isolation and repair technology of database under the premise of malicious intrusions in transaction layer. The main contributions are as follows:Firstly, as the existing transaction dependency model cannot describe the details of transaction dependency relations, which reduces the effect of isolation and repair, a fine-grained transaction citation model named TCM is proposed, which details the description granularity of transaction dependency relations. And an algorithm for establishing transaction citation relations dynamically is presented in accordance with rules for constructing different classes of transaction citation relations. Both examples and experiments indicate TCM can effectively compensate the deficiencies of the traditional methods, which lay a foundation for the guarantee of database availability, as well as provide conditions for accurate isolation and effective repair under malicious intrusion.Secondly, the existing damage isolation methods cannot satisfy the requirements for real-time while ensuring accuracy of isolation scope, resulting in reduction of database availability. An isolation method based on timing mark matrix is addressed, taking TCM as the theoretical basis. The proposed method uses timing mark matrix to record data affection relations, according to which determines isolation scope, thereby achieving real-time isolation for damaged data, and reducing numbers of valid data isolated mistakenly. Experimental results and analysis show that this method has better isolation effect than the existing ones.Thirdly, since the deficiencies of the existing transaction dependency model leads to inaccurate damage assessment, and the traditional undo/redo method for repairing increases considerable amount of redundant operations, resulting in efficiency being affected, a damage assessment algorithm is employed based on TCM model, which improves accuracy of assessment. Furthermore, with the idea of before-image log and transaction chopping introduced, an on-the-fly repair algorithm is proposed based on transaction chopping, which avoids duplicating repair operations during database repairing to reduce time consumed. Simulated experiments prove the proposed method for repairing has significantly improved efficiency compared to the traditional undo/redo method as well as transaction dependency based methods.Fourthly, TCM based intrusion isolation and repair mechanisms are designed and implemented in survival DBMS-NHSecure developed by our researching team. In addition, design for relevant data structure and specific implementation steps are also illustrated.