Article Preview
Top1. Introduction
Because all information system applications, especially those business-based, are widely based on huge amount of shared data throughout the web, securing data becomes a critical issue to provide the integrity property and durability of database management systems. Information warfare has different definitions. In this paper, we define it as an electronic attack that disrupts computer system. There are many weapons for information warfare like viruses, information collection, service denial, spoofing, worms and chipping (Bernstein, Hadzilacos, & Goodman, 1987).
Defensive information warfare aims to protect computer systems from malicious attacks. It passes through three main phases: prevention, detection and recovery (Bernstein, Hadzilacos, & Goodman, 1987). During the prevention phase, the system works on defending the database against an attack. Nevertheless, the history of data security proves that there is always a successful attack. The detection phase comes next and is handled by an intrusion detection system that works on deciding whether a transaction is malicious or benign. It can prepare a list of all malicious transactions based on the study of the history of transactions. A lot of research has been conducted in this area (Lunt, 1993). However, the detection phase takes time and some benign transactions may become affected if they read data written by malicious transactions. In the third phase, the damage assessment and recovery take place to bring back the database to its consistent state. The consistent state is the state that the database should be in, if a malicious attack did not happen.
In this paper, we are interested in the damage assessment and recovery phase. Database transactions are highly dependent on each other. A data item may be written by one transaction and be read or updated by another one. When a data item that was updated or written by a malicious transaction, is read by a benign transaction, it becomes affected and must be rolled back during the recovery process. To increase the efficiency of the recovery algorithm, its execution time should be minimized to the lowest possible value. Also, the algorithm must only recover affected transactions. In this way, we can ensure the availability of the unaffected part of the database upon conducting the recovery process. The damage assessment phase is a part of the recovery phase.
The damage assessment process is responsible for classifying the database transactions into clean and affected. Alternatively, it can classify data items into clean and affected data items depending on the approach used. There are two approaches for this classification. The first one is the transaction dependency approach that keeps track of any transaction that reads from an affected transaction or a malicious one. Such transactions will be added to the set of affected transactions. The second one is the data dependency approach that keeps track of any data items that are updated by reading malicious or affected data items.
This research presents an innovative database damage assessment approach. The algorithm uses one two-dimensional matrix to store the dependencies between the transactions. Our approach waits for the set of malicious transactions to be sent from the intrusion detection system that is assumed to be available. The algorithm then starts the damage assessment process to identify the affected part of the database. The algorithm will only look at the matrix during damage assessment. There is no need for the log file after building the matrix. In this way, the time needed for the damage assessment process will decrease. The recovery process then recovers only the identified part and leaves the other part of the database available for use. The algorithm considers two important computer resources: execution time and memory. This approach does not use logical operators or “extra” data structures. Only one matrix will hold all the needed information.
The rest of the paper is divided as follows: Section 3 presents a literature review regarding previous works in this domain. In section 4, the proposed database damage assessment and recovery algorithm are discussed in details. In the fifth section, we discuss the experimental results and compare our approach to others. Section 6 presents a conclusion.