Protecting a Federated Database Infrastructure against Denial-of-Service Attacks

  • Arne Ansper
  • Ahto Buldas
  • Margus Freudenthal
  • Jan Willemson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8328)

Abstract

The need for combining various heterogeneous data sources into a uniformly accessible infrastructure has given rise to the development of federated database systems. Security aspects of such systems have been well-studied, but they have mostly concentrated on privacy and access control issues. In this paper, we take a closer look at the availability problems caused by the network failures, Denial-of-Service attacks, etc. We take the X-Road infrastructure developed in Estonia as the basis of our studies and propose several methods to improve its resilience. We discuss the usage of alternative communication channels, replication of critical databases and replacing the present critical central services with more flexible alternatives.

Keywords

Federated database systems X-Road service availability Denial-of-Service attacks 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Apache Hadoop project, http://hadoop.apache.org/
  2. 2.
    Ansper, A., Buldas, A., Freudenthal, M., Willemson, J.: Scalable and Efficient PKI for Inter-Organizational Communication. In: Proceedings of the 19th Annual Computer Security Applications Conference, ACSAC 2003, pp. 308–318 (2003)Google Scholar
  3. 3.
    Bent, G., Dantressangle, P., Vyvyan, D., Mowshowitz, A., Mitsou, V.: A dynamic distributed federated database. In: Proc. 2nd Ann. Conf. International Technology Alliance (2008)Google Scholar
  4. 4.
    Dawson, S., Qian, S., Samarati, P.: Providing security and interoperation of heterogeneous systems. In: Security of Data and Transaction Processing, pp. 119–145. Springer (2000)Google Scholar
  5. 5.
    De Capitani di Vimercati, S., Samarati, P.: Authorization specification and enforcement in federated database systems. Journal of Computer Security 5(2), 155–188 (1997)Google Scholar
  6. 6.
    Gardarin, G., Sha, F., Tang, Z.-H.: Calibrating the Query Optimizer Cost Model of IRO-DB, an Object-Oriented Federated Database System. In: VLDB, vol. 96, pp. 3–6 (1996)Google Scholar
  7. 7.
    Heimbigner, D., McLeod, D.: A federated architecture for information management. ACM Trans. Inf. Syst. 3(3), 253–278 (1985)CrossRefGoogle Scholar
  8. 8.
    Kalja, A.: The X-Road Project. A Project to Modernize Estonia’s National Databases. Baltic IT&T Review 24, 47–48 (2002)Google Scholar
  9. 9.
    Kalja, A.: The first ten years of X-road. In: Estonian Information Society Yearbook 2011/2012, pp. 78–80. Department of State Information System, Estonia (2012)Google Scholar
  10. 10.
    Kalja, A., Vallner, U.: Public e-Service Projects in Estonia. In: Haav, H.-M., Kalja, A. (eds.) Databases and Information Sustems, Proceedings of the Fifth International Baltic Conference, Baltic DB&IS 2002, vol. 2, pp. 143–153 (June 2002)Google Scholar
  11. 11.
    Lim, E.-P., Srivastava, J.: Query optimization and processing in federated database systems. In: Proceedings of the Second International Conference on Information and Knowledge Management, CIKM 1993, pp. 720–722. ACM, New York (1993)CrossRefGoogle Scholar
  12. 12.
    Ottis, R.: Analysis of the 2007 Cyber Attacks Against Estonia from the Information Warfare Perspective. In: Proceedings of the 7th European Conference on Information Warfare and Security, pp. 163–168 (2008)Google Scholar
  13. 13.
    Sheth, A.P., Larson, J.A.: Federated database systems for managing distributed, heterogeneous, and autonomous databases. ACM Comput. Surv. 22(3), 183–236 (1990)CrossRefGoogle Scholar
  14. 14.
    Templeton, M., Henley, H., Maros, E., Van Buer, D.J.: InterViso: dealing with the complexity of federated database access. The VLDB Journal 4(2), 287–318 (1995)CrossRefGoogle Scholar
  15. 15.
    Tomasic, A., Raschid, L., Valduriez, P.: Scaling access to heterogeneous data sources with DISCO. IEEE Transactions on Knowledge and Data Engineering 10(5), 808–823 (1998)CrossRefGoogle Scholar
  16. 16.
    Willemson, J., Ansper, A.: A Secure and Scalable Infrastructure for Inter-Organizational Data Exchange and eGovernment Applications. In: Proceedings of the Third International Conference on Availability, Reliability and Security ARES 2008, pp. 572–577. IEEE Computer Society (2008)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Arne Ansper
    • 1
    • 2
  • Ahto Buldas
    • 1
    • 2
  • Margus Freudenthal
    • 1
  • Jan Willemson
    • 1
  1. 1.Cybernetica ASTallinnEstonia
  2. 2.ELIKO Competence Centre in Electronics-, Info- and Communication TechnologiesTallinnEstonia

Personalised recommendations