Architecture III has the following set of properties. (1)
It can ensure that after the containing phase no damage
(caused by the malicious transaction) leaks out. (2) As a
result, the attack recovery process needs only to repair the
damage caused by the transactions that commit during the
containing time window, and the termination problem
addressed in Architecture I does not exist any longer. (3)
One phase containment and multi-phase containment are
the two extremes of the spectrum of damage containment
methods. In particular, one-phase containment has
maximum damage leakage (so minimum integrity) but
maximum availability, while multi-phase containment has
zero damage leakage (so maximum integrity) but minimum
availability. In the middle of the spectrum, there could be a
variety of approximate damage containment methods that
allow some damage leakage.