Delivering Services with Integrity Guarantees in Survivable Database Systems

Current database survivability technologies focus on maintaining data integrity and availability in the face of attacks. They are very limited in satisfying differentiated information assurance requirements of various database services under sustained attacks. This paper takes the first steps towards delivering database services with information assurance guarantees. In particular, (a) we introduce the concept of Quality of Integrity Assurance(QoIA) services; (b) we present a data integrity model which allows customers or applications to quantitatively specify their integrity requirements on the services that they want the database system to deliver; and (c) we present an algorithm that can enable a database system to deliver a set of QoIA services without violating the integrity requirements specified by the customers on the set of services. Our approach can deliver integrity guarantees to database services, though sometimes some availability loss could be caused. Our approach can be easily integrated into our Intrusion Tolerant Database System(ITDB).