Databases Reference
In-Depth Information
•
(2) The
recovery
dimension covers three semantics for recovery: the
cold-
start
semantics mean that the system is “halted” while damage is being
assessed and repaired. (Damage assessment is to identify the set of cor-
rupted data objects. Damage repairing is to restore the value of each cor-
rupted data object to the latest before-infection version.) To address the
DoS threat, recovery mechanisms with
warmstart
or
hotstart
semantics are
needed. Warmstart semantics allow continuous, but degraded, running of
the application while damage is being recovered. Hotstart semantics make
recovery transparent to the users.
•
(3) The
quarantine
dimension covers a spectrum of quarantine strategies:
(a) coldstart recovery without quarantine, (b) warmstart recovery with
conservative, reactive quarantine, (c) warmstart recovery with proactive
or predictive quarantine, (b) hotstart recovery with optimistic quarantine,
to name a few.
•
(4) The
application
dimension covers the various transaction models de-
ployed by conventional and modern applications. The uniqueness of each
model may introduce new challenges for solving the DQR problem.
•
(5) The
correctness
dimension tells whether a DQR scheme is
correct
in
terms of consistency, recoverability, and quarantinability.
•
(6) The
quality
dimension allows people to measure and compare the
qual-
ity levels
achieved by a set of correct yet different DQR schemes.
2.4 What Transaction Level DQR Solutions Cannot Do
First, although transaction-level DQR solutions will help minimize the dam-
age caused by cyberspace attacks in the physical world, they cannot repair
physical damage, which is a different field of study. Second, transaction-level
DQR solutions are not designed to patch software which is another critical in-
trusion recovery problem. Nevertheless, transaction-level DQR solutions and
software patching are complementary to each other. Transaction-level DQR
solutions can help quarantine and repair the damage done by unpatched soft-
ware broken-in by the adversary.
3 Traditional Failure Recovery Techniques and
Their Limitations
DQR theories and mechanisms draw on work from several areas of systems
research such as survivable computing, fault-tolerant computing, and trans-
action processing. Among all the relevant areas, the closest one should be
Failure Recovery, which is part of Fault Tolerance [25]. In the literature, fail-
ure recovery has not only been extensively studied in data processing systems
[3, 26, 4], but also been thoroughly studied in other types of computing sys-
tems. In [27] and [28], operating systems failure recovery is investigated. In
