可生存性数据库关键技术研究
|
摘要
数据库作为信息系统中重要数据的存储中心,往往成为最吸引攻击的目标。传统的以预防为中心的被动式安全保护机制无法及时发现并阻止所有恶意入侵。当入侵行为被发现时,数据库中的数据可能已经发生一定程度的损坏,而其它读取损坏数据的合法操作又可能造成更多的合法数据被破坏。数据库可生存性技术旨在提高数据库系统面临恶意入侵时的可生存能力,首先对数据库入侵行为进行检测,以中止其对数据库的继续破坏,然后隔离入侵已造成的数据损坏,以防止损坏传播,最后对损坏数据进行修复,以全面恢复数据库的正确性和可用性;同时,在对损坏隔离和修复过程中,提供针对未损坏数据的可持续性访问服务。本文重点研究了可生存性数据库的入侵检测和隔离的方法和技术,主要创新点如下:
(1)提出了一种基于目标-条件关联规则模型的数据库异常检测方法,解决了现有面向SQL访问操作的异常检测方法中存在的由于SQL语句的特征向量解析粒度较粗而导致的检测能力下降问题。该方法通过引入SQL语句的细粒度特征向量表示方法,并利用SQL语句结构的关联规则特性,给出能够描述用户正常行为特征轮廓的目标-条件关联规则;然后,通过给出目标-条件关联规则库挖掘算法和应用该规则库的异常检测算法,实现针对异常SQL操作的检测。
(2)提出了一种基于事务模板的恶意事务检测方法,解决了传统的恶意事务检测方法不考虑事务执行环境约束和事务内SQL语句的特征向量解析粒度较粗等问题。该方法通过建立包含SQL语句细粒度特征向量、事务内SQL操作执行顺序有向图和事务执行环境约束信息的事务模板,表示用户的正常行为特征轮廓,并利用事务模板实现对恶意事务的检测。与同类恶意事务检测方法相比,该方法具有更强的检测能力和更广的适用范围。
(3)提出了一种基于颜色-时序标记对象(CTMO)模型的损坏数据隔离方法,解决了现有损坏数据隔离技术中存在的合法数据误隔离问题。该方法首先给出基于数据影响关系的损坏数据确定方法,然后通过引入CTMO模型,给出针对事务及其更新数据的动态CTMO标记算法和基于隔离标记向量的损坏数据实时隔离算法。由隔离方法的完全性和正确性证明可知,该方法能够实现对损坏数据的精确隔离,且具有更低的误隔离率和更高的数据可用度。
(4)提出了一种基于DBSUIM模型的可疑用户隔离方法,解决了现有可疑用户隔离技术中存在的合法数据更新丢失和损坏数据泄漏问题。该方法首先给出包含双态数据模型、可疑用户的隔离协议和可疑数据对象修复协议的可疑用户隔离模型DBSUIM;然后在隔离模型的基础上,给出基于隔离协议的用户操作执行算法,该算法通过在可疑期内阻止合法用户访问可疑数据,防止潜在的损坏数据泄漏;此外,还给出基于修复协议的可疑数据对象修复算法,该算法在可疑用户身份最终确认时,通过对可疑数据对象的修复,确保合法用户的数据更新不丢失。
(5)在本文可生存性关键技术研究的基础上,并结合课题组研发的安全数据库原型系统NHSecure,给出了一种基于DBMS内核的可生存性机制的体系结构,并在NHSecure中实现了具有入侵检测、损坏评估、隔离和修复等功能的可生存性模块,主要包括入侵检测模块、损坏评估模块、隔离控制模块、调度/执行模块和损坏修复模块,并给出了这些关键可生存性模块的设计和实现方法。
Database, being the essential storage center in the information system, is prone to become theattack-attractor. The traditional passive security mechanism which depends on prevention can notperceive all the malicious intrusions in time, thus lacking the ability to stop them. Data stored indatabase may have suffered certain degree of damage when the intrusions are perceived, while otherlegal operations may have read the damaged data, spreading damages to more legal data further.Database survivability technology focuses on improving the ability of database to survive the maliciousintrusions. It first detects intrusions to stop them from undermining database, and then isolate thecorrupted data to prevent damage spreading and finally repair all the damaged data to recover theintegrity and availability of database. In addition, the service of accessing undamaged legal data shouldbe uninterrupted during the process of both isolating and repairing damages. Based on existing researchwork, this dissertation focuses on the techniques of intrustion detection and isolation as well as theimplementation of survivable database. The main contributions are as follows:
(1) For the problem of deteriorating detection ability caused by inadequately formalized featurevector of SQL statement in the existing SQL operation oriented anomaly detection methods, a databaseanomaly detection method based on the object-condition association rule model is proposed. Throughthe introduction of finer-grained SQL feature vetor, and the association rule feature of SQL statementstructure, we give the definition of object-condition association rule which can describe the featureprofiles of normal user behavior. Then the object-condition assication rule set mining algorithm andanomaly detection algorithm are given to achieve the better ability of detecting anomaly SQLoperations.
(2) Since traditional malicious transaction detection methods do not consider the environmentalconstraints of transaction execution, and the resolving granularity of feature vector is fairly coarse forthe SQL statement within the transaction, we propose a detection method to detect malicioustransactions based on transaction templates. This method represents the feature profile of normal userbehavior by establishing the transaction templates which contains the finer-grained SQL feature vector,directed graph of the execution order of SQL operations and the environmental constraints of thetransaction and its execution. And the established transaction templates are thus used to detect themalicious transactions. Compared to its peers, this method has a stronger detection ability and widerapplication filed.
(3) To solve the legal data mis-quarantine problems in the existing damage quarantine techniques for database, we present a damage quarantine mechanism based on color-time marks object (CTMO)model. Firstly a method to assess the damaged data based on data affection relation is given, and thenCTMO model is introduced. Through the CTMO model, we proposed a dynamic CTMO markingalgorithm to tag the transaction and its updated data. Also a real-time damage quarantine algorithmbased quarantine marks vectors is given to apply the quarantine of damaged data. The proof ofcompleteness and correctness of the CTMO model based damage quarantine mechanism indicates that:this quarantine mechanism is an accurate quarantine method with a lower negative quarantine rate andhigher data available rate.
(4) To address the problems of valid updates lost and damaged data leakage in the existingsuspicious user isolation techniques, we propose a database suspicious user isolation model (DBSUIM)based suspicious user isolation method. Firstly, the isolation model DBSUIM which contains doublestates data model, suspicious user isolation protocols and suspicious data object repair protocols aregiven. Then, on the basis of DBSUIM, a user operation execution algorithm is given to prevent thepotential damaged data leakage by keeping legal users from suspicious data. In addition, a suspiciousdata object repair algorithm is also given to prevent the valid updates lost by repairing suspicious dataobjects, when the identity of suspicious user is proved.
(5) Based on the research of the key technologies of survival database, we propose aDBMS-kernel based survival architecture, which is applied in the secure database prototype NHSecure.Also the survival modulars, which have the ability of detecting intrusions, assessing, quarantining andrepairing damaged data, are implementd in NHSecure. The survival modulars consist of intrusiondetection modular, damage assessment modular, qurantine control modular, schedule/executionmodular and damage repair modular. And the methods to design and implement of those key survivalmodulars are also presented.
(1)提出了一种基于目标-条件关联规则模型的数据库异常检测方法,解决了现有面向SQL访问操作的异常检测方法中存在的由于SQL语句的特征向量解析粒度较粗而导致的检测能力下降问题。该方法通过引入SQL语句的细粒度特征向量表示方法,并利用SQL语句结构的关联规则特性,给出能够描述用户正常行为特征轮廓的目标-条件关联规则;然后,通过给出目标-条件关联规则库挖掘算法和应用该规则库的异常检测算法,实现针对异常SQL操作的检测。
(2)提出了一种基于事务模板的恶意事务检测方法,解决了传统的恶意事务检测方法不考虑事务执行环境约束和事务内SQL语句的特征向量解析粒度较粗等问题。该方法通过建立包含SQL语句细粒度特征向量、事务内SQL操作执行顺序有向图和事务执行环境约束信息的事务模板,表示用户的正常行为特征轮廓,并利用事务模板实现对恶意事务的检测。与同类恶意事务检测方法相比,该方法具有更强的检测能力和更广的适用范围。
(3)提出了一种基于颜色-时序标记对象(CTMO)模型的损坏数据隔离方法,解决了现有损坏数据隔离技术中存在的合法数据误隔离问题。该方法首先给出基于数据影响关系的损坏数据确定方法,然后通过引入CTMO模型,给出针对事务及其更新数据的动态CTMO标记算法和基于隔离标记向量的损坏数据实时隔离算法。由隔离方法的完全性和正确性证明可知,该方法能够实现对损坏数据的精确隔离,且具有更低的误隔离率和更高的数据可用度。
(4)提出了一种基于DBSUIM模型的可疑用户隔离方法,解决了现有可疑用户隔离技术中存在的合法数据更新丢失和损坏数据泄漏问题。该方法首先给出包含双态数据模型、可疑用户的隔离协议和可疑数据对象修复协议的可疑用户隔离模型DBSUIM;然后在隔离模型的基础上,给出基于隔离协议的用户操作执行算法,该算法通过在可疑期内阻止合法用户访问可疑数据,防止潜在的损坏数据泄漏;此外,还给出基于修复协议的可疑数据对象修复算法,该算法在可疑用户身份最终确认时,通过对可疑数据对象的修复,确保合法用户的数据更新不丢失。
(5)在本文可生存性关键技术研究的基础上,并结合课题组研发的安全数据库原型系统NHSecure,给出了一种基于DBMS内核的可生存性机制的体系结构,并在NHSecure中实现了具有入侵检测、损坏评估、隔离和修复等功能的可生存性模块,主要包括入侵检测模块、损坏评估模块、隔离控制模块、调度/执行模块和损坏修复模块,并给出了这些关键可生存性模块的设计和实现方法。
Database, being the essential storage center in the information system, is prone to become theattack-attractor. The traditional passive security mechanism which depends on prevention can notperceive all the malicious intrusions in time, thus lacking the ability to stop them. Data stored indatabase may have suffered certain degree of damage when the intrusions are perceived, while otherlegal operations may have read the damaged data, spreading damages to more legal data further.Database survivability technology focuses on improving the ability of database to survive the maliciousintrusions. It first detects intrusions to stop them from undermining database, and then isolate thecorrupted data to prevent damage spreading and finally repair all the damaged data to recover theintegrity and availability of database. In addition, the service of accessing undamaged legal data shouldbe uninterrupted during the process of both isolating and repairing damages. Based on existing researchwork, this dissertation focuses on the techniques of intrustion detection and isolation as well as theimplementation of survivable database. The main contributions are as follows:
(1) For the problem of deteriorating detection ability caused by inadequately formalized featurevector of SQL statement in the existing SQL operation oriented anomaly detection methods, a databaseanomaly detection method based on the object-condition association rule model is proposed. Throughthe introduction of finer-grained SQL feature vetor, and the association rule feature of SQL statementstructure, we give the definition of object-condition association rule which can describe the featureprofiles of normal user behavior. Then the object-condition assication rule set mining algorithm andanomaly detection algorithm are given to achieve the better ability of detecting anomaly SQLoperations.
(2) Since traditional malicious transaction detection methods do not consider the environmentalconstraints of transaction execution, and the resolving granularity of feature vector is fairly coarse forthe SQL statement within the transaction, we propose a detection method to detect malicioustransactions based on transaction templates. This method represents the feature profile of normal userbehavior by establishing the transaction templates which contains the finer-grained SQL feature vector,directed graph of the execution order of SQL operations and the environmental constraints of thetransaction and its execution. And the established transaction templates are thus used to detect themalicious transactions. Compared to its peers, this method has a stronger detection ability and widerapplication filed.
(3) To solve the legal data mis-quarantine problems in the existing damage quarantine techniques for database, we present a damage quarantine mechanism based on color-time marks object (CTMO)model. Firstly a method to assess the damaged data based on data affection relation is given, and thenCTMO model is introduced. Through the CTMO model, we proposed a dynamic CTMO markingalgorithm to tag the transaction and its updated data. Also a real-time damage quarantine algorithmbased quarantine marks vectors is given to apply the quarantine of damaged data. The proof ofcompleteness and correctness of the CTMO model based damage quarantine mechanism indicates that:this quarantine mechanism is an accurate quarantine method with a lower negative quarantine rate andhigher data available rate.
(4) To address the problems of valid updates lost and damaged data leakage in the existingsuspicious user isolation techniques, we propose a database suspicious user isolation model (DBSUIM)based suspicious user isolation method. Firstly, the isolation model DBSUIM which contains doublestates data model, suspicious user isolation protocols and suspicious data object repair protocols aregiven. Then, on the basis of DBSUIM, a user operation execution algorithm is given to prevent thepotential damaged data leakage by keeping legal users from suspicious data. In addition, a suspiciousdata object repair algorithm is also given to prevent the valid updates lost by repairing suspicious dataobjects, when the identity of suspicious user is proved.
(5) Based on the research of the key technologies of survival database, we propose aDBMS-kernel based survival architecture, which is applied in the secure database prototype NHSecure.Also the survival modulars, which have the ability of detecting intrusions, assessing, quarantining andrepairing damaged data, are implementd in NHSecure. The survival modulars consist of intrusiondetection modular, damage assessment modular, qurantine control modular, schedule/executionmodular and damage repair modular. And the methods to design and implement of those key survivalmodulars are also presented.
引文
[1] Verizon business.2009Data Breach Investigations Report.2009.http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
[2]郑吉平.具有可生存能力的安全DBMS关键技术研究.南京:南京航空航天大学.2007.
[3] L. A. Gordon, M. P. Loeb, W. Lucyshyn, et al.2006CSI/FBI Computer Crime and SecuritySurvey: Computer Security Institute.2007.
[4] J. Fraga, D. Powell. A fault and intrusion-tolerant file system. Proceeding of the3rd Intel Confon Computer Security.1985. p.203~218.
[5] M. Duren. Organically Assured and Survivable Information Systems (OASIS) TechnologyTransition Assessment (OTTA). WETSTONE TECHNOLOGIES CORTLAND NY.2004.
[6] A. Adelsbach, C. Cachin, S. Creese, et al. Conceptual model and architecture of MAFTIA.Department of Informatics, University of Lisbon.2003.
[7] R.J. Ellison. Survivable network systems: An emerging discipline. CARNEGIE-MELLON UNIVPITTSBURGH PA SOFTWARE ENGINEERING INST.1997.
[8] R.J. Ellison, D.A. Fisher, R.C. Linger, et al. An approach to survivable systems: the NATOIST.Symposium on Protecting Information Systems in the21st Century.2001.
[9] P.A. Lee, T. Anderson, JC Laprie, et al. Fault tolerance: principles and practice.2ed.Springer-Verlag New York, Inc. Secaucus, NJ, USA.1990.
[10] P. Verissimo, N. Neves, M. Correia. Intrusion-tolerant architectures: Concepts and design.Architecting Dependable Systems.2003.33-36.
[11] P. Verissimo, N.F. Neves, M. Correia. The middleware architecture of MAFTIA: A blueprint.Proceeding the IEEE3rd Information Survivability Workshop. Boston, Massachusetts, USA.2000.
[12] T. Wu, M. Malkin, D. Boneh. Building intrusion tolerant applications. Proceedings of theUSENIX Security Symposium: USENIX Association.1999. p.79-91.
[13] M. Cukier, J. Lyons, P. Pandey, et al. Intrusion Tolerance Approaches in ITUA. The2001International Conference on Dependable Systems and Networks.2001. p.64~65.
[14] F. Wang, F. Jou, F. Gong, et al. SITAR: A scalable intrusion-tolerant architecture for distributedservices. Proceedings of the2001IEEE Workshop on Information Assurance and Security. UnitedStates Military Academy, West Point, NY: IEEE Computer Society.2001. p.38~45.
[15] L. Zhou, F.B. Schneider, R. Van Renesse. COCA: A Secure Distributed Online CertificationAuthority. ACM Transactions on Computer Systems.2002.20(4):329-368.
[16] D. Malkhi, M. Reiter. Byzantine quorum systems. Distributed Computing.1998(11):203-213.
[17] J. Reynolds, J. Just, E. Lawson, et al. The design and implementation of an intrusion tolerantsystem. Proceedings of International Conference on Dependable Systems and Networks: IEEE.2002. p.285-290.
[18] J. Kubiatowicz, D. Bindel, Y. Chen, et al. Oceanstore: An architecture for global-scale persistentstorage. Proceedings of the ninth international conference on Architectural support forprogramming languages and operating systems: ACM.2000. p.190-201.
[19] P. Liu. ITDB: an attack self-healing database system prototype. Proceedings of DARPAInformation Survivability Conference and Exposition: IEEE.2003. p.131-133.
[20] P. Liu, J. Jing, P. Luenam, et al. The Design and Implementation of a Self-Healing DatabaseSystem Journal of Intelligent Information Systems.2004.23(3):247~269.
[21] T. Chiueh, D. Pilania. Design, implementation, and evaluation of a repairable databasemanagement system. Proceedings of21st International Conference on Data Engineering (ICDE):IEEE Computer Society.2005. p.1024~1035.
[22] D. Pilania, T. Chiueh. Design, Implementation and Evaluation of An Intrusion-Resilient DatabaseSystem. New York. Experimental Computer Systems Lab, State University of New York.2002.
[23] T. Chiueh, S. Bajpai. Accurate and efficient inter-transaction dependency tracking. Proceedings ofthe2008IEEE24th International Conference on Data Engineering.2008. p.1209-1218.
[24] E. Bertino, R. Sandhu. Database security-concepts, approaches, and challenges. IEEETransactions on Dependable and Secure Computing.2005.2(1):12-19.
[25]刘启原,刘怡.数据库与信息系统的安全.北京:科学出版社.2000.
[26]张敏,徐震,冯登国.数据库安全.北京:科学出版社.2005.
[27] B. Schneier. Attack trends:2004and2005. ACM Queue.2005:52-53.
[28] D. L. Carter, A. J. Katz. Computer crime: an emerging challenge for law enforcement. FBI LawEnforcement Bulletin.1996.65(12):1-8.
[29]王珊,萨师煊.数据库系统概论.第四版.北京:高等教育出版社.2006.
[30] P.A. Bernstein, V. Hadzilacos, N. Goodman. Concurrency control and recovery in databasesystems. New York: Addison-wesley1987.
[31] R. Agrawal, J. Kiernan, R. Srikant, et al. Order preserving encryption for numeric data.Proceedings of the2004ACM SIGMOD international conference on Management of data. Paris,France: ACM.2004. p.563-574.
[32] E. Damiani, S. De Capitani di Vimercati, S. Foresti, et al. Selective data encryption in outsourceddynamic environments. Electronic Notes in Theoretical Computer Science.2007:127-142.
[33] S. Evdokimov, M. Fischmann, O. Gunther. Provable security for outsourcing database operations.22nd International Conference on Data Engineering (ICDE'06). Atlanta, Georgia: IEEE ComputerSociety.2006. p.117.
[34] R. Agrawal, J. Kiernan. Watermarking relational databases. Proceeding of the28th VLDBConference. Hong Kong, China.2002. p.155-166.
[35] R. Sion, M. Atallah, S. Prabhakar. Rights protection for relational data. IEEE Transactions onKnowledge and Data Engineering.2004.16(12):1509-1525.
[36] B. Fung, K. Wang, R. Chen, et al. Privacy-preserving data publishing: A survey of recentdevelopments. ACM Computing Surveys (CSUR).2010.42(4):1-53.
[37] X. Xiao, Y. Tao. Personalized privacy preservation. Proceedings of the2006ACM SIGMODinternational conference on Management of data: ACM.2006. p.2292-2240.
[38] P. Ammann, S. Jajodia, C.D. McCollum, et al. Surviving information warfare attacks on databases.Proceedings of the IEEE Symposium on Security and Privacy. Oakland, CA: IEEE ComputerSociety.1997. p.164-174.
[39] I. Goldburg. Information Warfare: Institute for the Advanced Study of Information Warfare.1996.
[40] National Computer Security Center. Trusted Database Management System Interpretation of theTCSEC.1991.
[41] The International Organization for Standardization and the International ElectrotechnicalCommission. Joint Technical Committee. Common Criteria for Information Technology SecurityEvaluation.2004.
[42] J. Allen, J. McHugh, W. Fithen, et al. State of the Practice of Intrusion Detection Technologies.Software Engineering Institute, Carnegie Mellon University.2000.
[43] S. Axelsson. Intrusion detection systems: A survey and taxonomy. Dept. of Computer Engineering,Chalmers University of Technology.2000.
[44]钟勇.安全数据库异常检测和若干关键技术研究.南京:南京航空航天大学.2006.
[45] U. Maheshwari, R. Vingralek, W. Shapiro. How to build a trusted database system on untrustedstorage. Proceedings of4th Symposium on Operating System Design and Implementation. SanDiego, CA: USENIX Association.2000. p.135~150.
[46] D. Barbara, R. Goel, S. Jajodia. Using checksums to detect data corruption. Proceedings of the2000International Conference on Extending Data Base Technology: Springer.2000. p.136-149.
[47] J. McDermott, D. Goldschlag. Towards a model of storage jamming. Proceedings of the IEEEComputer Security Foundations Workshop. Kenmare, Ireland: IEEE Computer Society.1996. p.176~185.
[48] J. McDermott, D. Goldschlag. Storage jamming. Database Security IX: Status and Prospects.Chapman&Hall, London;1996. p.365-381.
[49] Y. Zhong, X.L. Qin, D.M. Lin. An intrusion detection method based on clusteringmultidimensional sets. Proceedings of the2006International Conference on Machine Learningand Cybernetics. DaLian, China: IEEE.2006. p.2799-2804.
[50] Y. Zhong, Z. Zhu, X.L. Qin. A clustering method based on data queries and its application indatabase intrusion detection. Proceedings of Fourth International Conference on MachineLearning and Cybernetics. GuangZhou, China: IEEE.2005. p.2096-2101.
[51]钟勇,秦小麟,包磊.基于用户查询模式的挖掘算法及其在入侵检测中的应用.应用科学学报.2005.23(5):506-512.
[52] E. Bertino, A. Kamra, E. Terzi, et al. Intrusion detection in RBAC-administered databases.Proceeding of the21st Annual Computer Security Applications Conference. Tucson, Arizona:IEEE Computer Society.2005. p.170-182.
[53] A. Kamra, E. Terzi, E. Bertino. Detecting anomalous access patterns in relational databases. TheVLDB Journal.2008.17(5):1063-1077.
[54] C. Chung, M. Gertz, K. Levitt. Discovery of multi-level security policies. The14th Annual IFIPWG113Working Conference on Database Security: Springer.2002. p.173-184.
[55] C.Y. Chung, M. Gertz, K. Levitt. DEMIDS: A misuse detection system for database systems. TheThird Annual IFIP TC-11WG115Working Conference on Integrity and Internal Control inInformation Systems: Springer.1999. p.159~178.
[56] S. Lee, W. Low, P. Wong. Learning fingerprints for a database intrusion detection system.Proceeding of the7th European Symposium on Research in Computer Security (ESORICS2002):Springer.2002. p.264-279.
[57] W.L. Low, J. Lee, P. Teoh. DIDAFIT: Detecting intrusions in databases through fingerprinttransactions. Proceedings of the4th International Conference on Enterprise Information Systems.2002. p.121~128.
[58] Y. Hu, B. Panda. Identification of malicious transactions in database systems. Proceeding of the7th International Database Engineering and Applications Symposim. Hong Kong.2003. p.329-335.
[59] Y. Hu, B. Panda. A data mining approach for database intrusion detection. Proceeding of the2004ACM Symposim on Applied computing. Nicosia, Cyprus: ACM.2004. p.711-716.
[60] J. Fonseca, M. Vieira, H. Madeira. Integrated intrusion detection in databases. Proceeding ofDependable Computing,3rd Latin-American Symp. Morelia, Mexico: Springer.2007. p.198-211.
[61] M. Vieira, H. Madeira. Detection of malicious transactions in DBMS. Proceeding of11th IEEEInternational Symposim of Pacific Rim Dependable Computing. Changsha, China.2005. p.350-357.
[62]陈锦富,卢炎生,谢晓东.一种基于事务时序图的恶意事务检测算法.计算机集成制造系统.2008.14(6):1230-1235.
[63] R.S. Sielken. Application intrusion detection. Virginia. Department of Computer Science.University of Virginia.1999.
[64] S. Rosset, U. Murad, E. Neumann, et al. Discovery of fraud rules for telecommunications-challenges and solutions. Proceeding of Knowledge Discovery and Data Mining (KDD). SanDiego, CA, USA: ACM.1999. p.409-413.
[65] S. Stolfo, W. Fan, W. Lee, et al. Credit card fraud detection using meta-learning: Issues and initialresults. Proceeding of AAAI Workshop on AI Approaches to Fraud Detection and RiskManagement. Menlo Park, CA.1997. p.83-90.
[66] K. Bai, P. Liu. Towards database firewall: Mining the damage spreading patterns. Proceeding of22nd Annual Computer Security Applications Conference.2006. p.449-462.
[67] K. Bai, P. Liu. A data damage tracking quarantine and recovery (DTQR) scheme formission-critical database systems. Proceeding of12th International Conference on ExtendingDatabase Technology. Saint Petersburg, Russia: ACM.2009. p.720-731.
[68] K. Bai, M. Yu, P. Liu. Trace: Zero-down-time database damage tracking, quarantine, andcleansing with negligible run-time overhead. Proceeding of13th European Symposium onResearch in Computer Security. Málaga, Spain: Springer.2008. p.161-176.
[69] P. Liu, S. Jajodia. Multi-phase damage confinement in database systems for intrusion tolerance.Proceedings14th IEEE Computer Security Foundations Workshop. Nova Scotia, Canada:Published by the IEEE Computer Society.2001. p.191-205.
[70] M. Yu, W. Zang, P. Liu. Database isolation and filtering against data corruption attacks.Proceeding of23rd Annual Computer Security Application Conference (ACSAC2007).2007. p.97-106.
[71] S. Jajodia, P. Liu, C.D. McCollum. Application-level isolation to cope with malicious databaseusers. Proceeding of14th Annual Computer Security Applications Conference: IEEE.1998. p.73-82.
[72] P. Liu. DAIS: A real-time data attack isolation system for commercial database applications.Proceeding of17th Annual Computer Security Applications Conference.2001. p.219-229.
[73] P. Liu, H. Wang, L. Li. Real-time data attack isolation for commercial database applications.Journal of network and computer applications.2006.29(4):294-320.
[74] P. Liu. Architectures for intrusion tolerant database systems. Proceeding of18th Annual ComputerSecurity Applications Conference: IEEE.2002. p.311-320.
[75] P. Liu, S. Jajodia, M. Yu. Damage Quarantine and Recovery in Data Processing Systems.Handbook of Database Security.2008.383-407.
[76] J. Gray, A. Reuter. Transaction processing: concepts and techniques: Morgan Kaufmann.1993.
[77] C. Mohan, D. Haderle, B. Lindsay, et al. Aries: Atransaction recovery method supportingfine-granularity locking. ACM Transaction on Database Systems.1992.17(1):94-162.
[78] IBM Inc. IBM DB2Software. http://www-01.ibm.com/software/data/db2/.
[79] Macrosoft Inc. SQL Sever. http://www.microsoft.com/sql/default.mspx.
[80] Oracle Inc. Oracle database. http://www.oracle.com/database/index.html.
[81] H. Garcia-Molina. Using semantic knowledge for transaction processing in a distributed database.ACM Transaction on Database Systems.1983.8(2):186-213.
[82] H. Garcia-Molina, K. Salem. Sagas. Proceeding of the1987ACM SIGMOD InternationalConference on Management of Data. SanFrancisco.1987. p.249-259.
[83] H. F. Korth, E. Levy, A. Silberschatz. A formal approach to recovery by compensating transaction.Proceeding of16th International Conference on Very Large Databases. Brisbane, Australia.1990.p.95-106.
[84] D. B. Lomet. MLR:A recovery method for multi-level systems. Proceedings of the1992ACMSIGMOD International Conference on Management of Data. SanDiego.1992. p.185-194.
[85] G. Weikum, C. Hasse, P. Broessler, et al. Multi-level recovery. The Ninth ACMSIGACT-SIGMOD-SIGART Symposium of Principles of Database Systems.1990. p.109-123.
[86] J. Gray, P. Helland, P. O'Neil, et al. The dangers of replication and a solution. Proceeding of the1996ACM SIGMOD International Conference on Management of Data.1996. p.173-182.
[87] Oracle Inc. Oracle data protection and disaster recovery solutions.http://www.oracle.com/technology/deploy/availability/htdocs/OracleDRSolutions.html.
[88] S. Jajodia, C.D. McCollum, P. Ammann. Trusted recovery. Communications of the ACM.1999.42(7):71-75.
[89] P. Ammann, S. Jajodia, P. Liu. Recovery from malicious transactions. IEEE Transactions onKnowledge and Data Engineering.2002.14(5):1167-1185.
[90] S. Bajpai, A. Smirnov, T. Chiueh. Accurate Inter-Transaction Dependency Tracking for RepairableDBMS. Proceeding of6th IEEE International Symposium on Network Computing andApplications: IEEE Computer Society.2007. p.161-168.
[91] B. Panda, R. Yalamanchili. Transaction fusion in the wake of information warfare. Proceedingsof the2001ACM symposium on Applied computing ACM.2001. p.242-247.
[92] R. Yalamanchili, B. Panda. Transaction fusion: a model for data recovery from informationattacks. Journal of Intelligent Information Systems.2004.23(3):225-245.
[93] S. Patnaik, B. Panda. Dependency based logging for database survivability from hostiletransactions. Proceedings of the12th International Conference on Computer Applications inIndustry and Engineering.1999.
[94] B. Panda, J. Giordano. An overview of post information warfare data recovery. Proceedings of the1998ACM Symposium on Applied Computing: ACM.1998. p.253-254.
[95] B. Panda, J. Giordano. Reconstructing the database after electronic attacks. Database security XII.1999.143~156.
[96] B. Panda, S. Tripathy. Data dependency based logging for defensive information warfare.Proceedings of the2000ACM symposium on Applied computing: ACM.2000. p.361-365.
[97] P. Ragothaman, B. Panda. Hybrid log segmentation for assured damage assessment. Proceedingsof the2003ACM Symposium on Applied Computing: ACM.2003. p.522-527.
[98] S. Tripathy, B. Panda. Post-intrusion recovery using data dependency approach. Proceedings ofthe2001IEEE Workshop on Information Assurance and Security.2001. p.56~60.
[99]郑吉平,秦小麟,钟勇, et al.基于SPN模型的可生存性DBMS中恶意事务恢复算法的研究.计算机学报.2006.28(8):1840-1846.
[100] J. Zheng, X. Qin, J. Sun. Data Dependency Based Recovery Approaches in Survival DatabaseSystems. Proceeding of2007International Conference on Computational Science (ICCS2007):Springer.2007. p.1131-1138.
[101] A. Smirnov, T. Chiueh. A portable implementation framework for intrusion-resilient databasemanagement systems.2004International Conference on Dependable Systems and Networks(DSN'04).2004. p.443-452.
[102]谢美意.入侵容忍数据库技术研究.武汉:华中科技大学.2009.
[103] Y. Deswarte, J.C. Fabre, J.M. Fray, et al. Saturne: A distributed computing system which toleratesfaults and intrusions. Workshop on future trends of distributed computing systems.988. p.329-338.
[104] K. Goseva-Popstojanova, K. Vaidyanathan, K. Trivedi, et al. Characterizing intrusion tolerantsystems using a state transition model.2001DARPA Information Survivability Conference andExposition: IEEE Computer Society.2001. p.211~221.
[105] I. Krsul, E. H. Spafford, M. V. Tripunitara. Computer vulnerability analysis Department ofComputer Science, Purdue University.1998.
[106] S.A. Hofmeyr, S. Forrest. Architecture for an artificial immune system. EvolutionaryComputation.2000.8(4):443-473.
[107] J. Kim, P.J. Bentley. A model of gene library evolution in the dynamic clonal selection algorithm.Proceedings of the First International Conference on Artificial Immune Systems.2002. p.57~65.
[108] M. Malkin, T. Wu, D. Boneh. Experimenting with Shared Generation of RSA keys. Citeseer.1999. p.43-56.
[109] F. Anjum, A. Umar. Agent based intrusion tolerance using fragmentation-redundancy-scatteringtechnique. IEEE Wireless Communications and Networking Confernce.2000. p.1101-1106.
[110]屈婉玲,耿素云,张立昂.离散数学.北京:清华大学出版社.2005.
[111] R. Agrawal, T. Imielinski, A. Swami. Mining association rules between sets of items in largedatabases. Proceeding of the1993ACM SIGMOD International Conference on Management ofdata. Washington D.C: ACM.1993. p.207-216.
[112] Transaction Processing Performance Council. TPC benchmark W (web commerce).2002.http://www.tpc.org/tpcw/spec/tpcw_V1.8.pdf.
[113] Transaction Processing Performance Council. TPC Benchmark C (V5.10.1).http://www.tpc.org/tpcc/spec/tpcc_current.pdf.
[114] P. Liu, P. Ammann, S. Jajodia. Rewriting histories: Recovering from malicious transactions.Distributed and Parallel Databases.2000.8(1):7-40.
[115] Transaction Processing Performance Council. TPC Benchmark D (Decision Support) StandardSpecification (V2.1).1998. http://www.tpc.org/tpcd/spec/tpcd_current.pdf.
[2]郑吉平.具有可生存能力的安全DBMS关键技术研究.南京:南京航空航天大学.2007.
[3] L. A. Gordon, M. P. Loeb, W. Lucyshyn, et al.2006CSI/FBI Computer Crime and SecuritySurvey: Computer Security Institute.2007.
[4] J. Fraga, D. Powell. A fault and intrusion-tolerant file system. Proceeding of the3rd Intel Confon Computer Security.1985. p.203~218.
[5] M. Duren. Organically Assured and Survivable Information Systems (OASIS) TechnologyTransition Assessment (OTTA). WETSTONE TECHNOLOGIES CORTLAND NY.2004.
[6] A. Adelsbach, C. Cachin, S. Creese, et al. Conceptual model and architecture of MAFTIA.Department of Informatics, University of Lisbon.2003.
[7] R.J. Ellison. Survivable network systems: An emerging discipline. CARNEGIE-MELLON UNIVPITTSBURGH PA SOFTWARE ENGINEERING INST.1997.
[8] R.J. Ellison, D.A. Fisher, R.C. Linger, et al. An approach to survivable systems: the NATOIST.Symposium on Protecting Information Systems in the21st Century.2001.
[9] P.A. Lee, T. Anderson, JC Laprie, et al. Fault tolerance: principles and practice.2ed.Springer-Verlag New York, Inc. Secaucus, NJ, USA.1990.
[10] P. Verissimo, N. Neves, M. Correia. Intrusion-tolerant architectures: Concepts and design.Architecting Dependable Systems.2003.33-36.
[11] P. Verissimo, N.F. Neves, M. Correia. The middleware architecture of MAFTIA: A blueprint.Proceeding the IEEE3rd Information Survivability Workshop. Boston, Massachusetts, USA.2000.
[12] T. Wu, M. Malkin, D. Boneh. Building intrusion tolerant applications. Proceedings of theUSENIX Security Symposium: USENIX Association.1999. p.79-91.
[13] M. Cukier, J. Lyons, P. Pandey, et al. Intrusion Tolerance Approaches in ITUA. The2001International Conference on Dependable Systems and Networks.2001. p.64~65.
[14] F. Wang, F. Jou, F. Gong, et al. SITAR: A scalable intrusion-tolerant architecture for distributedservices. Proceedings of the2001IEEE Workshop on Information Assurance and Security. UnitedStates Military Academy, West Point, NY: IEEE Computer Society.2001. p.38~45.
[15] L. Zhou, F.B. Schneider, R. Van Renesse. COCA: A Secure Distributed Online CertificationAuthority. ACM Transactions on Computer Systems.2002.20(4):329-368.
[16] D. Malkhi, M. Reiter. Byzantine quorum systems. Distributed Computing.1998(11):203-213.
[17] J. Reynolds, J. Just, E. Lawson, et al. The design and implementation of an intrusion tolerantsystem. Proceedings of International Conference on Dependable Systems and Networks: IEEE.2002. p.285-290.
[18] J. Kubiatowicz, D. Bindel, Y. Chen, et al. Oceanstore: An architecture for global-scale persistentstorage. Proceedings of the ninth international conference on Architectural support forprogramming languages and operating systems: ACM.2000. p.190-201.
[19] P. Liu. ITDB: an attack self-healing database system prototype. Proceedings of DARPAInformation Survivability Conference and Exposition: IEEE.2003. p.131-133.
[20] P. Liu, J. Jing, P. Luenam, et al. The Design and Implementation of a Self-Healing DatabaseSystem Journal of Intelligent Information Systems.2004.23(3):247~269.
[21] T. Chiueh, D. Pilania. Design, implementation, and evaluation of a repairable databasemanagement system. Proceedings of21st International Conference on Data Engineering (ICDE):IEEE Computer Society.2005. p.1024~1035.
[22] D. Pilania, T. Chiueh. Design, Implementation and Evaluation of An Intrusion-Resilient DatabaseSystem. New York. Experimental Computer Systems Lab, State University of New York.2002.
[23] T. Chiueh, S. Bajpai. Accurate and efficient inter-transaction dependency tracking. Proceedings ofthe2008IEEE24th International Conference on Data Engineering.2008. p.1209-1218.
[24] E. Bertino, R. Sandhu. Database security-concepts, approaches, and challenges. IEEETransactions on Dependable and Secure Computing.2005.2(1):12-19.
[25]刘启原,刘怡.数据库与信息系统的安全.北京:科学出版社.2000.
[26]张敏,徐震,冯登国.数据库安全.北京:科学出版社.2005.
[27] B. Schneier. Attack trends:2004and2005. ACM Queue.2005:52-53.
[28] D. L. Carter, A. J. Katz. Computer crime: an emerging challenge for law enforcement. FBI LawEnforcement Bulletin.1996.65(12):1-8.
[29]王珊,萨师煊.数据库系统概论.第四版.北京:高等教育出版社.2006.
[30] P.A. Bernstein, V. Hadzilacos, N. Goodman. Concurrency control and recovery in databasesystems. New York: Addison-wesley1987.
[31] R. Agrawal, J. Kiernan, R. Srikant, et al. Order preserving encryption for numeric data.Proceedings of the2004ACM SIGMOD international conference on Management of data. Paris,France: ACM.2004. p.563-574.
[32] E. Damiani, S. De Capitani di Vimercati, S. Foresti, et al. Selective data encryption in outsourceddynamic environments. Electronic Notes in Theoretical Computer Science.2007:127-142.
[33] S. Evdokimov, M. Fischmann, O. Gunther. Provable security for outsourcing database operations.22nd International Conference on Data Engineering (ICDE'06). Atlanta, Georgia: IEEE ComputerSociety.2006. p.117.
[34] R. Agrawal, J. Kiernan. Watermarking relational databases. Proceeding of the28th VLDBConference. Hong Kong, China.2002. p.155-166.
[35] R. Sion, M. Atallah, S. Prabhakar. Rights protection for relational data. IEEE Transactions onKnowledge and Data Engineering.2004.16(12):1509-1525.
[36] B. Fung, K. Wang, R. Chen, et al. Privacy-preserving data publishing: A survey of recentdevelopments. ACM Computing Surveys (CSUR).2010.42(4):1-53.
[37] X. Xiao, Y. Tao. Personalized privacy preservation. Proceedings of the2006ACM SIGMODinternational conference on Management of data: ACM.2006. p.2292-2240.
[38] P. Ammann, S. Jajodia, C.D. McCollum, et al. Surviving information warfare attacks on databases.Proceedings of the IEEE Symposium on Security and Privacy. Oakland, CA: IEEE ComputerSociety.1997. p.164-174.
[39] I. Goldburg. Information Warfare: Institute for the Advanced Study of Information Warfare.1996.
[40] National Computer Security Center. Trusted Database Management System Interpretation of theTCSEC.1991.
[41] The International Organization for Standardization and the International ElectrotechnicalCommission. Joint Technical Committee. Common Criteria for Information Technology SecurityEvaluation.2004.
[42] J. Allen, J. McHugh, W. Fithen, et al. State of the Practice of Intrusion Detection Technologies.Software Engineering Institute, Carnegie Mellon University.2000.
[43] S. Axelsson. Intrusion detection systems: A survey and taxonomy. Dept. of Computer Engineering,Chalmers University of Technology.2000.
[44]钟勇.安全数据库异常检测和若干关键技术研究.南京:南京航空航天大学.2006.
[45] U. Maheshwari, R. Vingralek, W. Shapiro. How to build a trusted database system on untrustedstorage. Proceedings of4th Symposium on Operating System Design and Implementation. SanDiego, CA: USENIX Association.2000. p.135~150.
[46] D. Barbara, R. Goel, S. Jajodia. Using checksums to detect data corruption. Proceedings of the2000International Conference on Extending Data Base Technology: Springer.2000. p.136-149.
[47] J. McDermott, D. Goldschlag. Towards a model of storage jamming. Proceedings of the IEEEComputer Security Foundations Workshop. Kenmare, Ireland: IEEE Computer Society.1996. p.176~185.
[48] J. McDermott, D. Goldschlag. Storage jamming. Database Security IX: Status and Prospects.Chapman&Hall, London;1996. p.365-381.
[49] Y. Zhong, X.L. Qin, D.M. Lin. An intrusion detection method based on clusteringmultidimensional sets. Proceedings of the2006International Conference on Machine Learningand Cybernetics. DaLian, China: IEEE.2006. p.2799-2804.
[50] Y. Zhong, Z. Zhu, X.L. Qin. A clustering method based on data queries and its application indatabase intrusion detection. Proceedings of Fourth International Conference on MachineLearning and Cybernetics. GuangZhou, China: IEEE.2005. p.2096-2101.
[51]钟勇,秦小麟,包磊.基于用户查询模式的挖掘算法及其在入侵检测中的应用.应用科学学报.2005.23(5):506-512.
[52] E. Bertino, A. Kamra, E. Terzi, et al. Intrusion detection in RBAC-administered databases.Proceeding of the21st Annual Computer Security Applications Conference. Tucson, Arizona:IEEE Computer Society.2005. p.170-182.
[53] A. Kamra, E. Terzi, E. Bertino. Detecting anomalous access patterns in relational databases. TheVLDB Journal.2008.17(5):1063-1077.
[54] C. Chung, M. Gertz, K. Levitt. Discovery of multi-level security policies. The14th Annual IFIPWG113Working Conference on Database Security: Springer.2002. p.173-184.
[55] C.Y. Chung, M. Gertz, K. Levitt. DEMIDS: A misuse detection system for database systems. TheThird Annual IFIP TC-11WG115Working Conference on Integrity and Internal Control inInformation Systems: Springer.1999. p.159~178.
[56] S. Lee, W. Low, P. Wong. Learning fingerprints for a database intrusion detection system.Proceeding of the7th European Symposium on Research in Computer Security (ESORICS2002):Springer.2002. p.264-279.
[57] W.L. Low, J. Lee, P. Teoh. DIDAFIT: Detecting intrusions in databases through fingerprinttransactions. Proceedings of the4th International Conference on Enterprise Information Systems.2002. p.121~128.
[58] Y. Hu, B. Panda. Identification of malicious transactions in database systems. Proceeding of the7th International Database Engineering and Applications Symposim. Hong Kong.2003. p.329-335.
[59] Y. Hu, B. Panda. A data mining approach for database intrusion detection. Proceeding of the2004ACM Symposim on Applied computing. Nicosia, Cyprus: ACM.2004. p.711-716.
[60] J. Fonseca, M. Vieira, H. Madeira. Integrated intrusion detection in databases. Proceeding ofDependable Computing,3rd Latin-American Symp. Morelia, Mexico: Springer.2007. p.198-211.
[61] M. Vieira, H. Madeira. Detection of malicious transactions in DBMS. Proceeding of11th IEEEInternational Symposim of Pacific Rim Dependable Computing. Changsha, China.2005. p.350-357.
[62]陈锦富,卢炎生,谢晓东.一种基于事务时序图的恶意事务检测算法.计算机集成制造系统.2008.14(6):1230-1235.
[63] R.S. Sielken. Application intrusion detection. Virginia. Department of Computer Science.University of Virginia.1999.
[64] S. Rosset, U. Murad, E. Neumann, et al. Discovery of fraud rules for telecommunications-challenges and solutions. Proceeding of Knowledge Discovery and Data Mining (KDD). SanDiego, CA, USA: ACM.1999. p.409-413.
[65] S. Stolfo, W. Fan, W. Lee, et al. Credit card fraud detection using meta-learning: Issues and initialresults. Proceeding of AAAI Workshop on AI Approaches to Fraud Detection and RiskManagement. Menlo Park, CA.1997. p.83-90.
[66] K. Bai, P. Liu. Towards database firewall: Mining the damage spreading patterns. Proceeding of22nd Annual Computer Security Applications Conference.2006. p.449-462.
[67] K. Bai, P. Liu. A data damage tracking quarantine and recovery (DTQR) scheme formission-critical database systems. Proceeding of12th International Conference on ExtendingDatabase Technology. Saint Petersburg, Russia: ACM.2009. p.720-731.
[68] K. Bai, M. Yu, P. Liu. Trace: Zero-down-time database damage tracking, quarantine, andcleansing with negligible run-time overhead. Proceeding of13th European Symposium onResearch in Computer Security. Málaga, Spain: Springer.2008. p.161-176.
[69] P. Liu, S. Jajodia. Multi-phase damage confinement in database systems for intrusion tolerance.Proceedings14th IEEE Computer Security Foundations Workshop. Nova Scotia, Canada:Published by the IEEE Computer Society.2001. p.191-205.
[70] M. Yu, W. Zang, P. Liu. Database isolation and filtering against data corruption attacks.Proceeding of23rd Annual Computer Security Application Conference (ACSAC2007).2007. p.97-106.
[71] S. Jajodia, P. Liu, C.D. McCollum. Application-level isolation to cope with malicious databaseusers. Proceeding of14th Annual Computer Security Applications Conference: IEEE.1998. p.73-82.
[72] P. Liu. DAIS: A real-time data attack isolation system for commercial database applications.Proceeding of17th Annual Computer Security Applications Conference.2001. p.219-229.
[73] P. Liu, H. Wang, L. Li. Real-time data attack isolation for commercial database applications.Journal of network and computer applications.2006.29(4):294-320.
[74] P. Liu. Architectures for intrusion tolerant database systems. Proceeding of18th Annual ComputerSecurity Applications Conference: IEEE.2002. p.311-320.
[75] P. Liu, S. Jajodia, M. Yu. Damage Quarantine and Recovery in Data Processing Systems.Handbook of Database Security.2008.383-407.
[76] J. Gray, A. Reuter. Transaction processing: concepts and techniques: Morgan Kaufmann.1993.
[77] C. Mohan, D. Haderle, B. Lindsay, et al. Aries: Atransaction recovery method supportingfine-granularity locking. ACM Transaction on Database Systems.1992.17(1):94-162.
[78] IBM Inc. IBM DB2Software. http://www-01.ibm.com/software/data/db2/.
[79] Macrosoft Inc. SQL Sever. http://www.microsoft.com/sql/default.mspx.
[80] Oracle Inc. Oracle database. http://www.oracle.com/database/index.html.
[81] H. Garcia-Molina. Using semantic knowledge for transaction processing in a distributed database.ACM Transaction on Database Systems.1983.8(2):186-213.
[82] H. Garcia-Molina, K. Salem. Sagas. Proceeding of the1987ACM SIGMOD InternationalConference on Management of Data. SanFrancisco.1987. p.249-259.
[83] H. F. Korth, E. Levy, A. Silberschatz. A formal approach to recovery by compensating transaction.Proceeding of16th International Conference on Very Large Databases. Brisbane, Australia.1990.p.95-106.
[84] D. B. Lomet. MLR:A recovery method for multi-level systems. Proceedings of the1992ACMSIGMOD International Conference on Management of Data. SanDiego.1992. p.185-194.
[85] G. Weikum, C. Hasse, P. Broessler, et al. Multi-level recovery. The Ninth ACMSIGACT-SIGMOD-SIGART Symposium of Principles of Database Systems.1990. p.109-123.
[86] J. Gray, P. Helland, P. O'Neil, et al. The dangers of replication and a solution. Proceeding of the1996ACM SIGMOD International Conference on Management of Data.1996. p.173-182.
[87] Oracle Inc. Oracle data protection and disaster recovery solutions.http://www.oracle.com/technology/deploy/availability/htdocs/OracleDRSolutions.html.
[88] S. Jajodia, C.D. McCollum, P. Ammann. Trusted recovery. Communications of the ACM.1999.42(7):71-75.
[89] P. Ammann, S. Jajodia, P. Liu. Recovery from malicious transactions. IEEE Transactions onKnowledge and Data Engineering.2002.14(5):1167-1185.
[90] S. Bajpai, A. Smirnov, T. Chiueh. Accurate Inter-Transaction Dependency Tracking for RepairableDBMS. Proceeding of6th IEEE International Symposium on Network Computing andApplications: IEEE Computer Society.2007. p.161-168.
[91] B. Panda, R. Yalamanchili. Transaction fusion in the wake of information warfare. Proceedingsof the2001ACM symposium on Applied computing ACM.2001. p.242-247.
[92] R. Yalamanchili, B. Panda. Transaction fusion: a model for data recovery from informationattacks. Journal of Intelligent Information Systems.2004.23(3):225-245.
[93] S. Patnaik, B. Panda. Dependency based logging for database survivability from hostiletransactions. Proceedings of the12th International Conference on Computer Applications inIndustry and Engineering.1999.
[94] B. Panda, J. Giordano. An overview of post information warfare data recovery. Proceedings of the1998ACM Symposium on Applied Computing: ACM.1998. p.253-254.
[95] B. Panda, J. Giordano. Reconstructing the database after electronic attacks. Database security XII.1999.143~156.
[96] B. Panda, S. Tripathy. Data dependency based logging for defensive information warfare.Proceedings of the2000ACM symposium on Applied computing: ACM.2000. p.361-365.
[97] P. Ragothaman, B. Panda. Hybrid log segmentation for assured damage assessment. Proceedingsof the2003ACM Symposium on Applied Computing: ACM.2003. p.522-527.
[98] S. Tripathy, B. Panda. Post-intrusion recovery using data dependency approach. Proceedings ofthe2001IEEE Workshop on Information Assurance and Security.2001. p.56~60.
[99]郑吉平,秦小麟,钟勇, et al.基于SPN模型的可生存性DBMS中恶意事务恢复算法的研究.计算机学报.2006.28(8):1840-1846.
[100] J. Zheng, X. Qin, J. Sun. Data Dependency Based Recovery Approaches in Survival DatabaseSystems. Proceeding of2007International Conference on Computational Science (ICCS2007):Springer.2007. p.1131-1138.
[101] A. Smirnov, T. Chiueh. A portable implementation framework for intrusion-resilient databasemanagement systems.2004International Conference on Dependable Systems and Networks(DSN'04).2004. p.443-452.
[102]谢美意.入侵容忍数据库技术研究.武汉:华中科技大学.2009.
[103] Y. Deswarte, J.C. Fabre, J.M. Fray, et al. Saturne: A distributed computing system which toleratesfaults and intrusions. Workshop on future trends of distributed computing systems.988. p.329-338.
[104] K. Goseva-Popstojanova, K. Vaidyanathan, K. Trivedi, et al. Characterizing intrusion tolerantsystems using a state transition model.2001DARPA Information Survivability Conference andExposition: IEEE Computer Society.2001. p.211~221.
[105] I. Krsul, E. H. Spafford, M. V. Tripunitara. Computer vulnerability analysis Department ofComputer Science, Purdue University.1998.
[106] S.A. Hofmeyr, S. Forrest. Architecture for an artificial immune system. EvolutionaryComputation.2000.8(4):443-473.
[107] J. Kim, P.J. Bentley. A model of gene library evolution in the dynamic clonal selection algorithm.Proceedings of the First International Conference on Artificial Immune Systems.2002. p.57~65.
[108] M. Malkin, T. Wu, D. Boneh. Experimenting with Shared Generation of RSA keys. Citeseer.1999. p.43-56.
[109] F. Anjum, A. Umar. Agent based intrusion tolerance using fragmentation-redundancy-scatteringtechnique. IEEE Wireless Communications and Networking Confernce.2000. p.1101-1106.
[110]屈婉玲,耿素云,张立昂.离散数学.北京:清华大学出版社.2005.
[111] R. Agrawal, T. Imielinski, A. Swami. Mining association rules between sets of items in largedatabases. Proceeding of the1993ACM SIGMOD International Conference on Management ofdata. Washington D.C: ACM.1993. p.207-216.
[112] Transaction Processing Performance Council. TPC benchmark W (web commerce).2002.http://www.tpc.org/tpcw/spec/tpcw_V1.8.pdf.
[113] Transaction Processing Performance Council. TPC Benchmark C (V5.10.1).http://www.tpc.org/tpcc/spec/tpcc_current.pdf.
[114] P. Liu, P. Ammann, S. Jajodia. Rewriting histories: Recovering from malicious transactions.Distributed and Parallel Databases.2000.8(1):7-40.
[115] Transaction Processing Performance Council. TPC Benchmark D (Decision Support) StandardSpecification (V2.1).1998. http://www.tpc.org/tpcd/spec/tpcd_current.pdf.