Modeling and Evaluating the Survivability of an Intrusion Tolerant Database System
The immaturity of current intrusion detection techniques limits the traditional security systems in surviving malicious attacks. Intrusion tolerance approaches have emerged to overcome these limitations. Before intrusion tolerance is accepted as an approach to security, there must be quantitative methods to measure its survivability. However, there are very few attempts to do quantitative, model-based evaluation of the survivability of intrusion tolerant systems, especially in database field. In this paper, we focus on modeling the behaviors of an intrusion tolerant database system in the presence of attacks. Quantitative measures are proposed to characterize the capability of a resilient database system surviving intrusions. An Intrusion Tolerant DataBase system (ITDB) is studied as an example. Our experimental results validate the models we proposed. Survivability evaluation is also conducted to study the impact of attack intensity and various system deficiencies on the survivability.
KeywordsDetection Probability False Alarm Rate Intrusion Detection Intrusion Detection System Steady State Probability
Unable to display preview. Download preview PDF.
- 1.Trivedi, K.S.: Probability and statistics with reliability, queuing and computer science applications. John Wiley and Sons Ltd., Chichester (2002)Google Scholar
- 2.Liu, P.: Architectures for intrusion tolerant database systems. In: Proceedings of 18th Annual Computer Security Applications Conference (ACSAC 2002), pp. 311–320 (2002)Google Scholar
- 4.Yu, M., Liu, P., Zang, W.: Self-healing workflow systems under attacks. In: Proceedings of 24th International Conference on Distributed Computing Systems (ICDCS 2004), pp. 418–4025 (2004)Google Scholar
- 6.Lippmann, R., Fried, D., Graf, I., Haines, J., Kendall, K., McClung, D., Weber, D., Webster, S., Wyschogrod, D., Cunningham, R., Zissman, M.: Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation. In: Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX), pp. 12–26 (2000)Google Scholar
- 7.Hu, Y., Panda, B.: A data mining approach for database intrusion detection. In: Proceedings of the 2004 ACM Symposium on Applied Computing (SAC), pp. 711–716 (2004)Google Scholar
- 10.TPC: Tpc-c benchmark (2004), http://www.tpc.org/tpcc/
- 11.Knight, J.C., Strunk, E.A., Sullivan, K.J.: Towards a rigorous definition of information system survivability 1, 78–89 (2003)Google Scholar
- 13.Singh, S., Cukier, M., Sanders, W.H.: Probabilistic validation of an intrusion-tolerant replication system. In: Proceedings of the International Conference on Dependable Systems and Networks (DSN 2003), pp. 615–624 (2003)Google Scholar
- 14.Zhang, J., Liu, P.: Delivering services with integrity guarantees in survivable database systems. In: Proceedings of the 17th Annual Working Conference on Data and Application Security, pp. 33–46 (2003)Google Scholar