Skip to main content
SpringerLink
Log in

Rewriting Histories: Recovering from Malicious Transactions

  • Chapter
Security of Data and Transaction Processing

Abstract

We consider recovery from malicious but committed transactions. Traditional recovery mechanisms do not address this problem, except for complete rollbacks, which undo the work of good transactions as well as malicious ones, and compensating transactions, whose utility depends on application semantics. We develop an algorithm that rewrites execution histories for the purpose of backing out malicious transactions. Good transactions that are affected, directly or indirectly, by malicious transactions complicate the process of backing out undesirable transactions. We show that the prefix of a rewritten history produced by the algorithm serializes exactly the set of unaffected good transactions. The suffix of the rewritten history includes special state information to describe affected good transactions as well as malicious transactions. We describe techniques that can extract additional good transactions from this latter part of a rewritten history. The latter processing saves more good transactions than is possible with a dependency-graph based approach to recovery.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. P. Ammann and S. Jajodia, “A timestamp ordering algorithm for secure, single-version, multi-level databases,” in Database Security, V: Status and Prospects, C. Landwehr and S. Jajodia (Eds.), Amsterdam, North Holland, 1992, pp. 23–25.

    Google Scholar 

  2. P. Ammann, S. Jajodia, and P. Liu, “Recovery from malicious transactions,” Technical report, George Mason University, 1998. http://www.isse.gmu.edu/~pliu/papers/dynamic.ps.

  3. P. Ammann, S. Jajodia, and P. Mavuluri, “On the fly reading of entire databases,” IEEE Transactions on Knowledge and Data Engineering, vol. 7, no. 5, pp. 834–838, October 1995.

    Article  Google Scholar 

  4. P. Ammann, S. Jajodia, C.D. McCollum, and B.T. Blaustein, “Surviving information warfare attacks on databases,” in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 1997, pp. 164–174.

    Google Scholar 

  5. V. Atluri, S. Jajodia, and E. Bertino, “Alternative correctness criteria for concurrent execution of transactions in multilevel secure databases,” IEEE Transactions on Knowledge and Data Engineering, vol. 8, no. 5, pp. 839–854, October 1996.

    Article  Google Scholar 

  6. V. Atluri, S. Jajodia, and E. Bertino, “Transaction processing in multilevel secure databases with kernelized architecture: Challenges and solutions,” IEEE Transactions on Knowledge and Data Engineering, vol. 9, no. 5, pp. 697–708, 1997.

    Article  Google Scholar 

  7. B.R. Badrinath and Ramamritham Krithi, “Semantics-based concurrency control: Beyond commutativity,” ACM Transactions on Database Systems, vol. 17, no. 1, pp. 163–199, March 1992.

    Article  Google Scholar 

  8. P.A. Bernstein, V. Hadzilacos, and N. Goodman, Concurrency Control and Recovery in Database Systems, Addison-Wesley: Reading, MA, 1987.

    Google Scholar 

  9. Committee on Multilevel Data Management Security, Air Force Studies Board, and National Research Council. Multilevel Data Management Security. National Academy Press: Washington, DC, March 1983.

    Google Scholar 

  10. O. Costich, “Transaction processing using an untrusted scheduler in a multilevel secure database with replicated architecture,” in Database Security, V: Status and Prospects, C. Landwehr and S. Jajodia (Eds.), Amsterdam, North Holland, 1992, pp. 173–189.

    Google Scholar 

  11. O. Costich and J. McDermott, “A multilevel transaction problem for multilevel secure database systems and its solution for the replicated architecture,” in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1992, pp. 192–203.

    Google Scholar 

  12. S.B. Davidson, “Optimism and consistency in partitioned distributed database systems,” ACM Transactions on Database Systems, vol. 9, no. 3, pp. 456–581, September 1984.

    Article  Google Scholar 

  13. H. Garcia-Molina, “Using semantic knowledge for transaction processing in a distributed database,” ACM Transactions on Database Systems, vol. 8, no. 2, pp. 186–213, June 1983.

    Article  Google Scholar 

  14. H. Garcia-Molina and K. Salem, “Sagas,” in Proceedings of ACM-SIGMOD International Conference on Management of Data, San Francisco, CA, 1987, pp. 249–259.

    Google Scholar 

  15. J. Gray, P. Heiland, P. O’Neil, and D. Shasha, “The dangers of replication and a solution,” in Proceedings of ACM-SIGMOD International Conference on Management of Data, Montreal, Canada, 1996, pp. 173–182.

    Google Scholar 

  16. J. Gray and A. Reuter, Transaction Processing: Concepts and Techniques, Morgan Kaufmann Publishers, 1993.

    Google Scholar 

  17. S. Jajodia and V. Atluri, “Alternative correctness criteria for concurrent execution of transactions in multilevel secure databases,” in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1992, pp. 216–224.

    Google Scholar 

  18. S. Jajodia and B. Kogan, “Transaction processing in multilevel secure databases using replicated architecture,” in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1990, pp. 360–368.

    Google Scholar 

  19. S. Jajodia, P. Liu, and C.D. McCollum, “Application-level isolation to cope with malicious database users,” in Proceedings of the 14th Annual Computer Security Application Conference, Phoenix, AZ, December 1998, pp. 73–82.

    Google Scholar 

  20. S. Jajodia, L. Mancini, and I. Ray, “Secure locking protocols for multilevel database management systems,” in Database Security X: Status and Prospects, P. Samarati and R. Sandhu (Eds.), London: Chapman & Hall, 1997.

    Google Scholar 

  21. S. Jajodia, P. Samarati, and V.S. Subrahmanian, “A logical language for expressing authorizations,” in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1997, pp. 31–42.

    Google Scholar 

  22. T.F. Keefe and W.T. Tsai, “Multiversion concurrency control for multilevel secure database systems,” in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1990, pp. 369–383.

    Google Scholar 

  23. H.F. Korth, “Locking primitives in a database system,” Journal of the ACM, vol. 30, no. 1, pp. 55–79, January 1983.

    Article  MathSciNet  MATH  Google Scholar 

  24. H.F. Korth, E. Levy, and A. Silberschatz, “A formal approach to recovery by compensating transactions,” in Proceedings of the International Conference on Very Large Databases, Brisbane, Australia, 1990, pp. 95–106.

    Google Scholar 

  25. B.W. Lampson, “Protection,” ACM Operating Systems Review, vol. 8, no. 1, pp. 18–24, January 1974.

    Article  Google Scholar 

  26. D.B. Lomet, “MLR: A recovery method for multi-level systems,” in Proceedings of ACM-SIGMOD International Conference on Management of Data, San Diego, CA, June 1992, pp. 185–194.

    Google Scholar 

  27. D. Lomet and M.R. Tuttle, “Redo recovery after system crashes,” in Recovery Mechanisms in Database Systems, V. Kumar and M. Hsu (Eds.), chap. 6. Prentice Hall PTR, 1998.

    Google Scholar 

  28. N. Lynch, M. Merritt, W. Weihl, and A. Fekete, Atomic Transactions. Morgan Kaufmann, 1994.

    Google Scholar 

  29. J. McDermott and S. Jajodia, “Orange locking: Channel-free database concurrency control,” in Database Security, VI: Status and Prospects, B.M. Thuraisingham and C.E. Landwehr (Eds.), Amsterdam, North Holland, 1993, pp. 267–284.

    Google Scholar 

  30. J. McDermott, S. Jajodia, and R. Sandhu, “A single-level scheduler for replicated architecture for multilevel secure databases,” in Proceedings of the 7th Annual Computer Security Applications Conference, San Antonio, TX, 1991, pp. 2–11.

    Google Scholar 

  31. C. Mohan, H. Pirahesh, and R. Lorie, “Efficient and flexible methods for transient versioning of records to avoid locking by read-only transactions,” in Proceedings of ACM SIGMOD International Conference on Management of Data, San Diego, CA, June 1992, pp. 124–133.

    Google Scholar 

  32. V.R. Pesati, T.F. Keefe, and S. Pal, “The design and implementation of a multilevel secure log manager,” in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1997, pp. 55–64.

    Google Scholar 

  33. C. Pu, “On-the-fly, incremental, consistent reading of entire databases,” Algorithmica, vol. 1, no. 3, pp. 271–287, October 1986.

    Article  MathSciNet  MATH  Google Scholar 

  34. R.S. Sandhu, “The typed access matrix model,” in Proceedings of the IEEE Symposium on Security and Privacy, Los Alamitos, CA, 1992, pp. 122–136.

    Google Scholar 

  35. R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, “Role-based access control models,” IEEE Computer, vol. 2, pp. 38–47, February 1996.

    Article  Google Scholar 

  36. M. Stonebraker, R. Katz, D. Patterson, and J. Ousterhout, “The design of XPRS,” in Proceedings of the International Conference on Very Large Databases, Los Angeles, CA, 1988, pp. 318–330.

    Google Scholar 

  37. H. Wachter and A. Reuter, “The contract model,” in Database Transaction Models for Advanced Applications, A. Elmagarmid (Ed.), Morgan Kaufmann Publishers, 1991, pp. 219–263.

    Google Scholar 

  38. G. Weikum, C. Hasse, P. Broessler, and P. Muth, “Multi-level recovery,” in Proceedings of the Ninth ACM SIGACT-SIGMOD-SIGART Symposium of Principles of Database Systems, Nashville, Tenn, April 1990, pp. 109–123.

    Google Scholar 

  39. G. Weikum and H.-J. Schek, “Concepts and applications of multilevel transactions and open nested transactions,” in Database Transaction Models for Advanced Applications, A.K. Elmagarmid (Ed.), chap. 13. Morgan Kaufmann Publishers, 1992.

    Google Scholar 

  40. W.E. Weihl, “Commutativity-based concurrency control for abstract data types,” IEEE Transactions on Computers, vol. 37, no. 12, pp. 1488–1505, December 1988.

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Systems, University of Maryland, Baltimore County, Baltimore, MD, 212 150, USA

    Peng Liu

  2. Center for Secure Information Systems, George Mason University, Fairfax, VA, 22030, USA

    Paul Ammann & Sushil Jajodia

Authors
  1. Peng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paul Ammann
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sushil Jajodia
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Rutgers University, USA

    Vijay Atluri

  2. SRI International, USA

    Pierangela Samarati

Rights and permissions

Reprints and permissions

Copyright information

© 2000 Springer Science+Business Media New York

About this chapter

Cite this chapter

Liu, P., Ammann, P., Jajodia, S. (2000). Rewriting Histories: Recovering from Malicious Transactions. In: Atluri, V., Samarati, P. (eds) Security of Data and Transaction Processing. Springer, Boston, MA. https://doi.org/10.1007/978-1-4615-4461-6_2

Download citation

  • DOI: https://doi.org/10.1007/978-1-4615-4461-6_2

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-1-4613-7009-3

  • Online ISBN: 978-1-4615-4461-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation