Atomicity - "All or nothing" .. entire transaction fails if part of a query fails

Consistency - Only valid data is written to database

Isolation - Multiple simultaneous transactions don't impact each other

Durability - Transactions committed to database will never be lost



It's a set of goals written by database programmers to ensure the integrity of data within a database. That way, when you request data from a database, you know you will always get good quality data. The downfall of ACID compliant databases is performance. In order to implement an ACID compliant database properly, performance is sacrificed. So, you have to beef up the hardware system in order to overcome the performance degradation for all of the checking constraints needed to ensure ACID compliance.

In databases, ACID stands for Atomicity, Consistency, Isolation, and Durability. They are considered to be the key transaction processing features/properties of a database management system, or DBMS. Without them, the integrity of the database cannot be guaranteed. In practice, these properties are often relaxed somewhat to provide better performance.



In the context of databases, a single logical operation on the data is called a transaction. An example of a transaction is a transfer of funds from one account to another, even though it might consist of multiple individual operations (such as debiting one account and crediting another). The ACID properties guarantee that such transactions are processed reliably.



Atomicity refers to the ability of the DBMS to guarantee that either all of the tasks of a transaction are performed or none of them are. The transfer of funds can be completed or it can fail for a multitude of reasons, but atomicity guarantees that one account won't be debited if the other is not credited as well.

Consistency refers to the database being in a legal state when the transaction begins and when it ends. This means that a transaction can't break the rules, or integrity constraints, of the database. If an integrity constraint states that all accounts must have a positive balance, then any transaction violating this rule will be aborted.

Isolation refers to the ability of the application to make operations in a transaction appear isolated from all other operations. This means that no operation outside the transaction can ever see the data in an intermediate state; a bank manager can see the transferred funds on one account or the other, but never on both—even if she ran her query while the transfer was still being processed. More formally, isolation means the transaction history (or schedule) is serializable. For performance reasons, this ability is the most often relaxed constraint. See the isolation article for more details.

Durability refers to the guarantee that once the user has been notified of success, the transaction will persist, and not be undone. This means it will survive system failure, and that the database system has checked the integrity constraints and won't need to abort the transaction. Typically, all transactions are written into a log that can be played back to recreate the system to its state right before the failure. A transaction can only be deemed committed after it is safely in the log.

Implementing the ACID properties correctly is not simple. Processing a transaction often requires a number of small changes to be made, including updating indices that are used by the system to speed up searches. This sequence of operations is subject to failure for a number of reasons; for instance, the system may have no room left on its disk drives, or it may have used up its allocated CPU time.



ACID suggests that the database be able to perform all of these operations at once. In fact this is difficult to arrange. There are two popular families of techniques: Write ahead logging and Shadow paging. In both cases, locks must be acquired on all information that is updated, and depending on the implementation, on all data that is being read. In write ahead logging, atomicity is guaranteed by ensuring that information about all changes is written to a log before it is written to the database. That allows the database to return the database to a consistent state in the event of a crash. In shadowing, updates are applied to a copy of the database, and the new copy is activated when the transaction commits. The copy refers to unchanged parts of the old version of the database, rather than being an entire duplicate.



Almost all databases used nothing but locking to ensure they were ACID until recently. This means that a lock must be acquired anytime before processing data in a database, even on read operations. Maintaining a large number of locks, however, results in substantial overhead as well as hurting concurrency. If user A is running a transaction that has read a row of data that user B wants to modify, for example, user B must wait until user A's transaction is finished.



An alternative to locking is to maintain separate copies of any data that is modified. This allows users to read data without acquiring any locks. Going back to the example of user A and user B, when user A's transaction gets to data that user B has modified, the database is able to retrieve the exact version of that data that existed when user A started their transaction. This ensures that user A gets a consistent view of the database even if other users are changing data that user A needs to read.



It is difficult to guarantee ACID properties in a network environment. Network connections might fail, or two users might want to use the same part of the database at the same time.



Two-phase commit is typically applied in distributed transactions to ensure that each participant in the transaction agrees on whether the transaction should be committed or not.

Analysis Console for Intrusion Databases





--------------------------------------------------------------------------------



The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis engine to search and process a database of security events generated by various IDSes, firewalls, and network monitoring tools. The features currently include:



Query-builder and search interface for finding alerts matching on alert meta information (e.g. signature, detection time) as well as the underlying network evidence (e.g. source/destination address, ports, payload, or flags).



Packet viewer (decoder) will graphically display the layer-3 and layer-4 packet information of logged alerts



Alert management by providing constructs to logically group alerts to create incidents (alert groups), deleting the handled alerts or false positives, exporting to email for collaboration, or archiving of alerts to transfer them between alert databases.



Chart and statistics generation based on time, sensor, signature, protocol, IP address, TCP/UDP ports, or classification

ACID has the ability to analyze a wide variety of events which are post-processed into its database. Tools exist for the following formats:

using Snort (www.snort.org)

Snort alerts

tcpdump binary logs

using logsnorter ( www.snort.org/downloads/logsnorter-0.2.tar.gz)

ipchains

iptables

ipfw

This web page contains the latest information about the ACID application development status. It should be noted that ACID is the result of ongoing work at the CERT Coordination Center for the AIRCERT project. We encourage you to visit the AIRCERT website for more information on how you can benefit from participating in the prototype.





Documentation (applicable to v0.9.5 and later) Installation and Configuration

FAQ

Configuration Parameters

Searching and Specifying Criteria

Alert Group

Managing Large Alert Databases (Deleting and Archiving)

Performance Tuning

Latest CHANGELOG

TODO

CREDITS

ACID Model. ACID Test.

Accuracy, Consistency, Integrity Constraints, Durability.



A stupid acronym made by some textbook writer.

A THING WHICH HAS MANY TYPES