Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System

  • Hai Wang
  • Peng Liu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4189)


The immaturity of current intrusion detection techniques limits the traditional security systems in surviving malicious attacks. Intrusion tolerance approaches have emerged to overcome these limitations. Before intrusion tolerance is accepted as an approach to security, there must be quantitative methods to measure its survivability. However, there are very few attempts to do quantitative, model-based evaluation of the survivability of intrusion tolerant systems, especially in database field. In this paper, we focus on modeling the behaviors of an intrusion tolerant database system in the presence of attacks. Quantitative measures are proposed to characterize the capability of a resilient database system surviving intrusions. An Intrusion Tolerant DataBase system (ITDB) is studied as an example. Our experimental results validate the models we proposed. Survivability evaluation is also conducted to study the impact of attack intensity and various system deficiencies on the survivability.


Detection Probability False Alarm Rate Intrusion Detection Intrusion Detection System Steady State Probability 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Trivedi, K.S.: Probability and statistics with reliability, queuing and computer science applications. John Wiley and Sons Ltd., Chichester (2002)Google Scholar
  2. 2.
    Liu, P.: Architectures for intrusion tolerant database systems. In: Proceedings of 18th Annual Computer Security Applications Conference (ACSAC 2002), pp. 311–320 (2002)Google Scholar
  3. 3.
    Liu, P., Jing, J., Luenam, P., Wang, Y., Li, L., Ingsriswang, S.: The design and implementation of a self-healing database system. Journal of Intelligent Information Systems (JIIS) 23(3), 247–269 (2004)CrossRefMATHGoogle Scholar
  4. 4.
    Yu, M., Liu, P., Zang, W.: Self-healing workflow systems under attacks. In: Proceedings of 24th International Conference on Distributed Computing Systems (ICDCS 2004), pp. 418–4025 (2004)Google Scholar
  5. 5.
    Madan, B.B., Goseva-Popstojanova, K., Vaidyanathan, K., Trivedi, K.S.: A method for modeling and quantifying the security attributes of intrusion tolerant systems. Performance Evaluation 56(1–4), 167–186 (2004)CrossRefGoogle Scholar
  6. 6.
    Lippmann, R., Fried, D., Graf, I., Haines, J., Kendall, K., McClung, D., Weber, D., Webster, S., Wyschogrod, D., Cunningham, R., Zissman, M.: Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation. In: Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX), pp. 12–26 (2000)Google Scholar
  7. 7.
    Hu, Y., Panda, B.: A data mining approach for database intrusion detection. In: Proceedings of the 2004 ACM Symposium on Applied Computing (SAC), pp. 711–716 (2004)Google Scholar
  8. 8.
    Chen, W., Toueg, S., Aguilera, M.K.: On the quality of service of failure detectors. IEEE Transactions on Computers 51(1), 13–32 (2002)CrossRefMathSciNetGoogle Scholar
  9. 9.
    Ellison, R.J., Fisher, D.A., Linger, R.C., Lipson, H.F., Longstaff, T.A., Mead, N.R.: Survivability: Protecting your critical systems. IEEE Internet Computing 3(6), 55–63 (1999)CrossRefGoogle Scholar
  10. 10.
    TPC: Tpc-c benchmark (2004),
  11. 11.
    Knight, J.C., Strunk, E.A., Sullivan, K.J.: Towards a rigorous definition of information system survivability  1, 78–89 (2003)Google Scholar
  12. 12.
    Landwehr, C.E.: Formal models for computer security. ACM Computing Surveys 13(3), 247–278 (1981)CrossRefGoogle Scholar
  13. 13.
    Singh, S., Cukier, M., Sanders, W.H.: Probabilistic validation of an intrusion-tolerant replication system. In: Proceedings of the International Conference on Dependable Systems and Networks (DSN 2003), pp. 615–624 (2003)Google Scholar
  14. 14.
    Zhang, J., Liu, P.: Delivering services with integrity guarantees in survivable database systems. In: Proceedings of the 17th Annual Working Conference on Data and Application Security, pp. 33–46 (2003)Google Scholar
  15. 15.
    Wang, H., Liu, P., Li, L.: Evaluating the impact of intrusion detection deficiencies on the cost-effectiveness of attack recovery. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 146–157. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Hai Wang
    • 1
  • Peng Liu
    • 1
  1. 1.College of Information Sciences and TechnologyPennsylvania State UniversityUniversity ParkUSA

Personalised recommendations