Design And Implementation Of An Intrusion Tolerant Database

With the development of database technology, the database system is playing a more and more important role in information processing, so its security problems have become a more important matter. Especially with the Internet technology widely used, although users can facilitate the exchange of information via the Internet, the leakage of sensitive information and attacks brought about a lot of potential safety problems. Therefore, the information security and database security as a core issue in recent years has become a hot research . Database security includes storage in the database of information confidentiality, integrity and availability. Database security research over the past stressed how to reject the attackers by encryption technology and strict access control, multi-level security classification system, border control, intrusion detection and physical security measures. These technologies can meet the needs of the users of confidentiality, but in fact these defensive measures sometimes for some malicious attacks are null and void, especially internal attacks, for example, a malicious user obtained legitimate authority and identity by illegal means, and then the maliciously tampered with the database. Therefore, we have to find an enhancement of the safety of existing database system, so that when the database system faces the attacks , can have a capacity of self-rehabilitation. Intrusion tolerance database technology to solve this problem. Its main idea is through redundancy, indirect visit ,and attacks isolation technology database systems is still able to provide normal legitimate users of key services after the attack. However, the traditional intrusion tolerant database performance is heavily dependent on intrusion detector. But the Intrusion Detection System in the pursuit of high accuracy rate caused Intrusion Detection low detection efficiency and longer delays, this will be severely affected the reliability and availability of the database.Based on the above issue, an intrusion intolerance database model is given. The model is mainly composite of the PEM (Policy Enforcement Manager), intrusion detector, damage assessor, damage repairer and isolation manager. The functions of the components are as follows:PEM (Policy Enforcement Manager): it is the entrance of whole model and the proxy of users. But the PEM haven't to be a proxy of all transactions, because that would reduce the performance of the system. Application administrators decides where to layout PEM by semantics of the application. PEM is also a policy managers, it decides when and where to run the components of database intrusion tolerance in the model, and is responsible for coordinating the jobs of various components.Intrusion Detection components: it is a semantic perception of Intrusion Detection System. The application managers formulate relevant rules of the invasion by the semantics of application, and then formulate corresponding intrusion detection algorithm. By analysis of the transaction log and write log, IDS can identify malicious transaction and send an alarm to system. In addition, Intrusion Detection decides the level of a suspicious user once its malicious action is found.Damage assessment components: in the database, a very small number of malicious transactions could contaminate a very large portion of the database because the damage caused by these transactions can be quickly propagated throughout the database by a large number of legitimate transactions through the read-write dependencies between the malicious and the legitimate transactions, and among these legitimate transactions. So the legitimate transactions"help"the malicious ones to propagate contaminate. Finally, data corruption is not only a data integrity issue, but also a data availability issue. In this model, damage assessor judge read-write dependencies relationship by using reading and writing log, and determine the scope of contamination by using the timestamps maintained by read and write log.Damage repair components: it is to heal the database by restoring the value of each corrupted object to its latest undamaged version. In this model, a database heals itself under attacks without stopping transaction processing.Isolation management components: Isolation management components is to solve the problem that intrusion tolerant database system relies heavily on intrusion detector. Its function is to isolate a suspicious user to a virtual environment. The idea of isolation is very simple: redirecting the access of a user when he or she is found suspicious (i.e., very likely to cause damage later on). Later on, if the user is proved malicious, his or her updates can be discarded without harming the database. If the user turns out to be innocent, (usually most of) his or her updates can be merged back to the real database. Isolation immunized the database from the damage caused by suspicious users without sacrificing availability.In short, this paper design an intrusion tolerance database prototype using the main idea of intrusion detection, intrusion tolerance, attacks isolation. This prototype is transparent for the users and enhance the safety and reliability of the database system.