October 31, 2002 12:11 PM PST
Software heals systems while they work
Scientists at the Cyber Security Group at Penn State's School of Information Sciences and Technology said the software can quarantine malicious commands sent to database management programs as it simultaneously repairs any damage done to the system.
The new software can be adapted for static repairs or for on-the-fly fixes that can unwind a chain of corrupted commands while the database continues to process transactions, researchers said.
"We simulated attackers' behaviors on a database and then monitored the response of the database," Dr. Peng Liu, a professor at Penn State and the team leader, said in a statement. "We can't prevent attackers from getting in, but with this technology, the database can heal itself on the fly."
The Cyber Security Group and the U.S. Air Force are testing a prototype of the software, which is not yet commercially available.
Several large database software makers are beginning to offer their own self-healing systems. But none is as advanced as the Penn State research project, which represents the next frontier in database management software, analysts said.
"There are various tools that can detect anomalies, but they simply generate a report or display that calls someone's attention to it," Carl Olofson, an analyst at IDC, said of current products on the market. "The interesting part of the (Penn State) research...is the ability to automatically respond to the attack."
Commercial software makers are also researching self-healing technologies. IBM, one of the earliest proponents of so-called autonomic computing--or the science of creating computing systems that can configure, tune and repair themselves--earlier this month announced it was opening a hub for research and product development in autonomic computing.
With the number of large, critically important databases continuing to increase, a concurrent increase in the number of attacks on them could also occur, said analysts. Nearly every major industry, from e-commerce to air traffic control to credit card billing, relies on massive database systems.
"Think about it: more complexity, more customers, more devices, greater promise in productivity. There aren't enough IT architects in the world, nor can we afford to pay the bills," said Sam Palmisano, IBM's chief executive, as he outlined>
In July, IBM unveiled version 8 of its DB2 database server software, furthering the autonomic computing-like features it includes. But that technology still must rely ultimately on an IT administrator, who maintains it after receiving notification from the affected system by e-mail, pager or personal digital assistant.
Database market leader Oracle also offers self-managing tools as part of its Oracle 9i database server software. Those tools, among other features, allow a database to automatically recover in the event of some failures and to manage the performance of a system with little human interaction, according to Oracle.
Microsoft's SQL Server database can also perform automated administration of some features.
After the attack
In traditional databases, an intrusion can be easily detected, but the repercussions of the attack can lead to longer-term damage. Subsequent transactions and data updating can spread the damage, and finding the root of the problem is usually expensive and can lead to the loss of other legitimate data, researchers said.
The software developed at Penn State lets databases be adaptive, according to the researchers, in order to avoid data loss or other damage.
"The database can adapt its own behavior and reconfigure itself based on the attack," Liu said.
Liu's research was initially funded by the Air Force and the Defense Advanced Research Projects Agency (DARPA). Subsequent grants have come from the National Science Foundation, the Air Force, DARPA and the U.S. Department of Energy.