Transaction Fusion in the Wake of Information WarfareOverviewNew and SignificantWhat is Information Warfare?Defensive Information WarfareDatabase Information AttackPrevious WorkTraditional Recovery TechniquesTransaction Fusion ModelTypes of TransactionDefinitions (I)Definitions (II)ExampleModel Description (I)Model Description (II)Recovery Procedure (I)Recovery Procedure (II)Recovery Procedure (II)- AlgorithmRecovery Procedure (III)ConclusionFuture WorkReferencesThanks a lot …Slide 24HomeworkSweety Chauhan12 October 2005Proceedings of the 2001 ACM symposium on Applied computing Brajendra Panda, Rajesh Yalamanchili, March 2001Security and Error Correction/Detection in 802.1x and GSMTransaction Fusion in the Wake of Information WarfareSweety ChauhanOctober 19, 2005CMSC 691IBrajendra Panda, Rajesh Yalamanchili Computer Science Department, University of North Dakota Proceedings of the 2001 ACM symposium on Applied Computing March 2001 Information WarfareCMSC 691I 2Information WarfareOverviewNew and SignificantDefensive Information WarfarePrevious WorkTransaction Fusion ModelRecovery AlgorithmConclusionFuture workCMSC 691I 3Information WarfareNew and SignificantThe existing recovery techniques first undo all malicious and affected transactions and then redo all affected transactionsNew a model to fuse groups of malicious and affected transactionsSignificant by combining transactions, several data items that were required to be accessed multiple times in each individual transaction are now accessed only once in a fused transaction. Acceleration of recovery processCMSC 691I 4Information WarfareWhat is Information Warfare?Any electronic attack intended to disrupt a computer system is termed as “Information Warfare”Defensive information warfare - safeguarding systems from malicious attacksDatabases form the prime target for many of the malicious activities carried out by intrudersCMSC 691I 5Information WarfareDefensive Information WarfareA functional paradigm of defensive information warfare1. ProtectTechniques designed to guard hardware, software and user dataagainst threats from both outsiders as well as from malicious insiders2. Detect1. critical to the survival of information systems2. can be achieved by gaining an accurate understanding of the “state” of the system at any given point in time e.g. Intrusion Detection Systems3. React1. assessing damage2. finding malicious hidden programs3. locating and closing any back doors left by an attacker for future reentry4. recovering dataCMSC 691I 6Information WarfareDatabase Information AttackIn the protect phase, an attempt is made to prevent an attack on the database.Absolute prevention can never be achieved and hence there is a detect phase. intrusion detection mechanisms to identify attacksOnce an attack is detected, react phase makes every effort to completely wipe out the effect of malicious transaction andrestore the database to a consistent state, the state database would have reached if there was no malicious transactionmust be performed in the shortest time possibleCMSC 691I 7Information WarfarePrevious WorkThe damage inflicted on a database can spread manifold within a short timewhen the transactions are interdependant and there is lot of activity in the systemTraditional recovery techniques, which deal with media and system failures, are not efficient in dealing with malicious attacksrollback the database to the point of attackall transactions except for the malicious transaction(s) are then redone to bring the database to a consistent stateHighly time-consuming process which is UNACCEPTABLE!!!CMSC 691I 8Information WarfareTraditional Recovery TechniquesTransaction dependency approachmalicious transaction(s) and the transactions that depend on the malicious transaction(s) are considered for recovery purposes.Data dependency approachdata items that are affected by the malicious transaction(s) and their dependant data items are restored to their correct values.log has to be scanned from the point of attack to the end => time consuming processCMSC 691I 9Information WarfareTransaction Fusion ModelAssumptions:The schedule produced by the scheduler is strictly serializableBlind writes are not allowedThe entire schedule is logged and the log cannot be modified or purged by any userTransaction dependency approachfuses a group of transactions into a single transactionFast and efficient recoveryaccelerating the redo and undo phasesCMSC 691I 10Information WarfareTypes of TransactionMalicious TransactionAuthentic TransactionSet Notationsmalicious transactions (M),authentic transactions (A),affected transactions (F), and unaffected transactions (U)A schedule is a collection of transactions that are interleaved and there exists a partial ordering among the operations of these transactionsCMSC 691I 11Information WarfareDefinitions (I)A transaction Tj is said to be dependant upon another transaction Ti,if there exists a data item x such that Ti is the last committed transaction to update x before Tj reads x. dependency relationship is denoted by Ti → TjFor any two schedules of transactions Si and Sj, combined schedule where Si and Sj do not have any transaction in common the combined effect of executing schedule Si followed by SjSj is a sub-schedule of Si (Sj ⊂s Si ) ifSj contains all the transactions that are present in Sithe order among these transactions is same(Si Sj)CMSC 691I 12Information WarfareDefinitions (II)If Sj ⊂s Si then the effect of executing Si and undoing all the transactions belonging to Sj is represented by Si Θ SjTwo schedules are said to be value equivalents, if they produce the same final state when they start from the same initial stateCMSC 691I 13Information WarfareExampleSi : T1, T3, T5, T4, T2, T6 Sj : T1, T2, T6T4 and T5 depend on T3T6 depends on T1T2 depends on T1 and T3 Following steps are carried out for finding Si Θ Sj1. Dependency graph for original schedule (Si) is drawn first2. The last transaction in Si (T6) is undone only if it is a leaf node3. Node representing the transaction undone is deleted and the process is repeated.Si Θ Sj: T3, T5, T4T2T3T1T4T5T6Dependency GraphCMSC 691I 14Information WarfareModel Description (I)When an attack by one or more malicious
View Full Document