Application-Level Isolation Using Data Inconsistency Detection

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Amgad Fayad Articles by Sushil Jajodia Articles by Catherine D. McCollum

15th Annual Computer Security Applications Conference (ACSAC '99)

Phoenix, Arizona

December 06-December 10

ISBN: 0-7695-0346-2

	ASCII Text	x
	Amgad Fayad, Sushil Jajodia, Catherine D. McCollum, "Application-Level Isolation Using Data Inconsistency Detection," Computer Security Applications Conference, Annual, pp. 119, 15th Annual Computer Security Applications Conference (ACSAC '99), 1999.

	BibTex	x
	@article{ 10.1109/CSAC.1999.816019, author = {Amgad Fayad and Sushil Jajodia and Catherine D. McCollum}, title = {Application-Level Isolation Using Data Inconsistency Detection}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {1999}, issn = {1063-9527}, pages = {119}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.1999.816019}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Application-Level Isolation Using Data Inconsistency Detection SN - 1063-9527 SP EP A1 - Amgad Fayad, A1 - Sushil Jajodia, A1 - Catherine D. McCollum, PY - 1999 KW - Security KW - Intrusion Detection KW - Isolation KW - databases KW - Information Warfare VL - 0 JA - Computer Security Applications Conference, Annual ER -

Amgad Fayad, The MITRE Corporation

Sushil Jajodia, The MITRE Corporation

Catherine D. McCollum, The MITRE Corporation

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.1999.816019

Recently, application-level isolation was introduced as an effective means of containing the damage that a suspicious user could inflict on data. In most cases, only a subset of the data items needs to be protected from damage due to the criticality level or integrity requirements of the data items. In such a case, complete isolation of a suspicious user can consume more resources than necessary. This paper proposes partitioning the data items into categories based on their criticality levels and integrity requirements; these categories determine the allowable data flows between trustworthy and suspicious users. An algorithm, that achieves good performance when the number of data items is small, is also provided to detect inconsistencies between suspicious versions of the data and the main version.

Index Terms:

Security, Intrusion Detection, Isolation, databases, Information Warfare

Citation:

Amgad Fayad, Sushil Jajodia, Catherine D. McCollum, "Application-Level Isolation Using Data Inconsistency Detection," acsac, pp.119, 15th Annual Computer Security Applications Conference (ACSAC '99), 1999

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.