Computer Security Applications Conference, Annual (2007)
Miami Beach, Florida, USA
Dec. 10, 2007 to Dec. 14, 2007
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ACSAC.2007.18
Various attacks (e.g., SQL injections) may corrupt data items in the database systems, which decreases the integrity level of the database. Intrusion detections systems are be- coming more and more sophisticated to detect such attacks. However, more advanced detection techniques require more complicated analyses, e.g, sequential analysis, which incurs detection latency. If we have an intrusion detection system as a filter for all system inputs, we will introduce a uniform processing latency to all transactions of the database sys- tem. In this paper, we propose to use a "unsafe zone" to iso- late user's SQL queries from a "safe zone" of the database. In the unsafe zone, we use polyinstantiations and flags for the records to provide an immediate but different view from that of the safe zone to the user. Such isolation has negligi- ble processing latency from the user's view, while it can sig- nificantly improve the integrity level of the whole database system and reduce the recovery costs. Our techniques pro- vide different integrity levels within different zones. Both our analytical and experimental results confirm the effec- tiveness of our isolation techniques against data corruption attacks to the databases. Our techniques can be applied to database systems to provide multizone isolations with dif- ferent levels of QoS.
M. Yu, P. Liu and W. Zang, "Database Isolation and Filtering against Data Corruption Attacks," Computer Security Applications Conference, Annual(ACSAC), Miami Beach, Florida, USA, 2007, pp. 97-106.