Title :
Application-level isolation using data inconsistency detection
Author :
Fayad, Amgad ; Jajodia, Sushil ; McCollum, Catherine D.
Author_Institution :
Mitre Corp., McLean, VA, USA
Abstract :
Recently, application-level isolation was introduced as an effective means of containing the damage that a suspicious user could inflict on data. In most cases, only a subset of the data items needs to be protected from damage due to the criticality level or integrity requirements of the data items. In such a case, complete isolation of a suspicious user can consume more resources than necessary. The paper proposes partitioning the data items into categories based on their criticality levels and integrity requirements; these categories determine the allowable data flows between trustworthy and suspicious users. An algorithm that achieves good performance when the number of data items is small, is also provided to detect inconsistencies between suspicious versions of the data and the main version
Keywords :
data integrity; data privacy; safety systems; allowable data flows; application-level isolation; criticality level; criticality levels; data inconsistency detection; data items; data partitioning; integrity requirements; suspicious users; suspicious versions; Computer crime; Intrusion detection; Merging; Monitoring; National electric code; Protection; Read only memory; Surveillance; Transaction databases;
Conference_Titel :
Computer Security Applications Conference, 1999. (ACSAC '99) Proceedings. 15th Annual
Conference_Location :
Phoenix, AZ
Print_ISBN :
0-7695-0346-2
DOI :
10.1109/CSAC.1999.816019
