Abstract
We consider recovery from malicious but committed transactions. Traditional recovery mechanisms do not address this problem, except for complete rollbacks, which undo the work of good transactions as well as malicious ones, and compensating transactions, whose utility depends on application semantics. We develop an algorithm that rewrites execution histories for the purpose of backing out malicious transactions. Good transactions that are affected, directly or indirectly, by malicious transactions complicate the process of backing out undesirable transactions. We show that the prefix of a rewritten history produced by the algorithm serializes exactly the set of unaffected good transactions. The suffix of the rewritten history includes special state information to describe affected good transactions as well as malicious transactions. We describe techniques that can extract additional good transactions from this latter part of a rewritten history. The latter processing saves more good transactions than is possible with a dependency-graph based approach to recovery.
Similar content being viewed by others
References
P. Ammann and S. Jajodia, “Atimestamp ordering algorithm for secure, single-version, multi-level databases,” in Database Security, V: Status and Prospects, C. Landwehr and S. Jajodia (Eds.), Amsterdam, North Holland, 1992, pp. 23-25.
P. Ammann, S. Jajodia, and P. Liu, “Recovery from malicious transactions,” Technical report, George Mason University, 1998. http://www.isse.gmu.edu/~pliu/papers/dynamic.ps.
P. Ammann, S. Jajodia, and P. Mavuluri, “On the fly reading of entire databases,” IEEE Transactions on Knowledge and Data Engineering, vol. 7, no. 5, pp. 834-838, October 1995.
P. Ammann, S. Jajodia, C.D. McCollum, and B.T. Blaustein, “Surviving information warfare attacks on databases,” in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 1997, pp. 164-174.
V. Atluri, S. Jajodia, and E. Bertino, “Alternative correctness criteria for concurrent execution of transactions in multilevel secure databases,” IEEE Transactions on Knowledge and Data Engineering, vol. 8, no. 5, pp. 839-854, October 1996.
V. Atluri, S. Jajodia, and E. Bertino, “Transaction processing in multilevel secure databases with kernelized architecture: Challenges and solutions,” IEEE Transactions on Knowledge and Data Engineering, vol. 9, no. 5, pp. 697-708, 1997.
B.R. Badrinath and Ramamritham Krithi, “Semantics-based concurrency control: Beyond commutativity,” ACM Transactions on Database Systems, vol. 17, no. 1, pp. 163-199, March 1992.
P.A. Bernstein, V. Hadzilacos, and N. Goodman, Concurrency Control and Recovery in Database Systems, Addison-Wesley: Reading, MA, 1987.
Committee on Multilevel Data Management Security, Air Force Studies Board, and National Research Council. Multilevel Data Management Security. National Academy Press: Washington, DC, March 1983.
O. Costich, “Transaction processing using an untrusted scheduler in a multilevel secure database with replicated architecture,” in Database Security, V: Status and Prospects, C. Landwehr and S. Jajodia (Eds.), Amsterdam, North Holland, 1992, pp. 173-189.
O. Costich and J. McDermott, “A multilevel transaction problem for multilevel secure database systems and its solution for the replicated architecture,” in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1992, pp. 192-203.
S.B. Davidson, “Optimism and consistency in partitioned distributed database systems,” ACM Transactions on Database Systems, vol. 9, no. 3, pp. 456-581, September 1984.
H. Garcia-Molina, “Using semantic knowledge for transaction processing in a distributed database,” ACM Transactions on Database Systems, vol. 8, no. 2, pp. 186-213, June 1983.
H. Garcia-Molina and K. Salem, “Sagas,” in Proceedings of ACM-SIGMOD International Conference on Management of Data, San Francisco, CA, 1987, pp. 249-259.
J. Gray, P. Helland, P. O'Neil, and D. Shasha, “The dangers of replication and a solution,” in Proceedings of ACM-SIGMOD International Conference on Management of Data, Montreal, Canada, 1996, pp. 173-182.
J. Gray and A. Reuter, Transaction Processing: Concepts and Techniques, Morgan Kaufmann Publishers, 1993.
S. Jajodia and V. Atluri, “Alternative correctness criteria for concurrent execution of transactions in multilevel secure databases,” in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1992, pp. 216-224.
S. Jajodia and B.Kogan, “Transaction processing in multilevel secure databases using replicated architecture,” in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1990, pp. 360-368.
S. Jajodia, P. Liu, and C.D. McCollum, “Application-level isolation to cope with malicious database users,” in Proceedings of the 14th Annual Computer Security Application Conference, Phoenix, AZ, December 1998, pp. 73-82.
S. Jajodia, L. Mancini, and I. Ray, “Secure locking protocols for multilevel database management systems,” in Database Security X: Status and Prospects, P. Samarati and R. Sandhu (Eds.), London: Chapman & Hall, 1997.
S. Jajodia, P. Samarati, and V.S. Subrahmanian, “A logical language for expressing authorizations,” in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1997, pp. 31-42.
T.F. Keefe and W.T. Tsai, “Multiversion concurrency control for multilevel secure database systems,” in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1990, pp. 369-383
H.F. Korth, “Locking primitives in a database system,” Journal of the ACM, vol. 30, no. 1, pp. 55-79, January 1983.
H.F. Korth, E. Levy, and A. Silberschatz, “A formal approach to recovery by compensating transactions,” in Proceedings of the International Conference on Very Large Databases, Brisbane, Australia, 1990, pp. 95-106.
B.W. Lampson, “Protection,” ACM Operating Systems Review, vol. 8, no. 1, pp. 18-24, January 1974.
D.B. Lomet, “MLR: A recovery method for multi-level systems,” in Proceedings of ACM-SIGMOD International Conference on Management of Data, San Diego, CA, June 1992, pp. 185-194.
D. Lomet and M.R. Tuttle, “Redo recovery after system crashes,” in Recovery Mechanisms in Database Systems, V. Kumar and M. Hsu (Eds.), chap. 6. Prentice Hall PTR, 1998.
N. Lynch, M. Merritt, W. Weihl, and A. Fekete, Atomic Transactions. Morgan Kaufmann, 1994.
J. McDermott and S. Jajodia, “Orange locking: Channel-free database concurrency control,” in Database Security, VI: Status and Prospects, B.M. Thuraisingham and C.E. Landwehr (Eds.), Amsterdam, North Holland, 1993, pp. 267-284.
J. McDermott, S. Jajodia, and R. Sandhu, “A single-level scheduler for replicated architecture for multilevel secure databases,” in Proceedings of the 7th Annual Computer Security Applications Conference, San Antonio, TX, 1991, pp. 2-11.
C. Mohan, H. Pirahesh, and R. Lorie, “Efficient and flexible methods for transient versioning of records to avoid locking by read-only transactions,” in Proceedings of ACM SIGMOD International Conference on Management of Data, San Diego, CA, June 1992, pp. 124-133.
V.R. Pesati, T.F. Keefe, and S. Pal, “The design and implementation of a multilevel secure log manager,” in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, 1997, pp. 55-64.
C. Pu, “On-the-fly, incremental, consistent reading of entire databases,” Algorithmica, vol. 1, no. 3, pp. 271-287, October 1986.
R.S. Sandhu, “The typed access matrix model,” in Proceedings of the IEEE Symposium on Security and Privacy, Los Alamitos, CA, 1992, pp. 122-136.
R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, “Role-based access control models,” IEEE Computer, vol. 2, pp. 38-47, February 1996.
M. Stonebraker, R. Katz, D. Patterson, and J. Ousterhout, “The design of XPRS,” in Proceedings of the International Conference on Very Large Databases, Los Angeles, CA, 1988, pp. 318-330.
H. Wachter and A. Reuter, “The contract model,” in Database Transaction Models for Advanced Applications, A. Elmagarmid (Ed.), Morgan Kaufmann Publishers, 1991, pp. 219-263.
G. Weikum, C. Hasse, P. Broessler, and P. Muth, “Multi-level recovery,” in Proceedings of the Ninth ACM SIGACT-SIGMOD-SIGART Symposium of Principles of Database Systems, Nashville, Tenn, April 1990, pp. 109-123.
G. Weikum and H.-J. Schek, “Concepts and applications of multilevel transactions and open nested transactions,” in Database Transaction Models for Advanced Applications, A.K. Elmagarmid (Ed.), chap. 13. Morgan Kaufmann Publishers, 1992.
W.E.Weihl, “Commutativity-based concurrency control for abstract data types,” IEEE Transactions on Computers, vol. 37, no. 12, pp. 1488-1505, December 1988.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Liu, P., Ammann, P. & Jajodia, S. Rewriting Histories: Recovering from Malicious Transactions. Distributed and Parallel Databases 8, 7–40 (2000). https://doi.org/10.1023/A:1008731200105
Issue Date:
DOI: https://doi.org/10.1023/A:1008731200105