数据库事务恢复日志和入侵响应模型研究  被引量：4

作　　者：陈驰[1] 冯登国[1] 徐震[1] 

机构地区：[1]信息安全国家重点实验室(中国科学院软件研究所),北京100190

出　　处：《计算机研究与发展》2010年第10期1797-1804,共8页Journal of Computer Research and Development

基　　金：国家"八六三"高技术研究发展计划基金项目(2007AA120404;2007AA120405);中国科学院知识创新工程领域前沿项目(ISCAS2009-DR13);国家自然科学基金项目(61003228)~~

摘　　要：数据库日志记录数据元素的变迁历史,是维护数据库系统正确性和一致性的重要依据.现有的日志模式无法体现事务间依赖关系,系统在遭到恶意攻击时只得让所有数据元素恢复到出错点的状态,容忍入侵的能力差.提出一种新型的事务恢复日志模型,采用抽象状态机描述了日志生成规则和入侵响应模型,对事务之间的依赖关系进行了形式化的定义,并对入侵响应模型的完整性和正确性进行了分析.配置事务恢复日志和入侵响应机制的数据库系统在遭受攻击时,可以仅恢复受恶意事务影响的后继而无需回滚所有事务,从而提高了数据库系统的生存性.Log is important to the database system,which is the foundation of maintaining the correctness and consistency.The existing database log mechanism only stores the history of transactions,but can not record the relationship between transactions.Facing the attack,databases with traditional log system can only stop the service of database and recover to the point of attack occurrence.This kind of recovery will abandon all the transactions after the malicious transaction regardless of whether these transactions are related to the malicious transaction.That means the database system is out of service between the fault-point to the end of recovery.By using this vulnerability,the attacker can commit malicious transactions constantly and the database will always be in the state of recovery.In this paper,we present a new model of transaction recovery log and intrusion response.We use ASM to describe the model,give a formal definition of transaction dependency and prove the correctness and categoricalness of the model.Databases with transaction recovery log and intrusion response mechanism roll back only affected transactions rather than all the transactions after malicious attack.This method will not stop the service of the database system,significantly enhancing the performance of recovery for defensive information warfare.

关 键 词：入侵容忍 事务恢复日志 入侵响应 事务依赖 恶意事务 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]