Intrusion tolerant serializability for transaction-based SAN environments

The serializability of transactions is among the properties that should be implemented in order to ensure the correct processing in transaction-based environments. When the system is compromised, the serializability in addition to the relevant properties of transaction-based environments may be affected. Ensuring the serializability of transactions in compromised systems is among the needs in order to enable the processing of interrelated transactions and avoiding blocking situations with the inability of committing transactions or some available sub-transactions. In this context, this paper proposes an approach to ensure an intrusion tolerant serializability in a compromised transaction-based environment. This approach is built on a new concept that is based on the definition and the use of virtual nodes instead of the detected malicious nodes. These virtual entities ensures the processing of transactions and sub transactions in a secure manner even if the running environment is compromised. They ensure the continuous running of transactions without experimenting the blocking of interleaved transactions and therefore to ensure the serializability even if the monitored system is compromised. A serial schedule graph is also generated and used by the Central Security Node in order to make decisions concerning the nodes and the set of data and transactions that are threatened by a malicious activity by attaching to each component a set of security parameters. The behavior of the proposed intrusion tolerant serializability scheme in addition to its efficiency is illustrated through a case study describing a SAN system that ensures the monitoring of cars activity and generates infractions and warning messages on road in order to prevent the occurrence of car accidents.