Multilevel Secure Transaction Processing

Since 1990, transaction processing in multilevel secure database management systems (DBMSs) has been receiving a great deal of attention from the security community. Transaction processing in these systems requires modification of conventional scheduling algorithms and commit protocols. These modifications are necessary because preserving the usual transaction properties when transactions are executing at different security levels often conflicts with the enforcement of the security policy. Considerable effort has been devoted to the development of efficient, secure algorithms for the major types of secure DBMS architectures: kernelized, replicated, and distributed. An additional problem that arises uniquely in multilevel secure DBMSs is that of secure, correct execution when data at multiple security levels must be written within one transaction. Significant progress has been made in a number of these areas, and a few of the techniques have been incorporated into commercial trusted DBMS products. However, there are many open problems remain to be explored. This paper reviews the achievements to date in transaction processing for multilevel secure DBMSs. The paper provides an overview of transaction processing needs and solutions in conventional DBMSs as background, explains the constraints introduced by multilevel security, and then describes the results of research in multilevel secure transaction processing. Research results and limitations in concurrency control, multilevel transaction management, and secure commit protocols are summarized. Finally, important new areas are identified for secure transaction processing research.

[1]  Sushil Jajodia,et al.  A Semantic-Based Transaction Processing Model for Multilevel Transactions , 1998, J. Comput. Secur..

[2]  Sushil Jajodia,et al.  Integrity Versus Security in Multi-Level Secure Databases , 1988, DBSec.

[3]  Leslie Lamport,et al.  Concurrent reading and writing , 1977, Commun. ACM.

[4]  Rajeev Rastogi,et al.  Update propagation protocols for replicated databates , 1999, SIGMOD '99.

[5]  Elisa Bertino,et al.  Achieving stricter correctness requirements in multilevel secure databases , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  Elisa Bertino,et al.  Degrees of Isolation, Concurrency Control Protocols, and Commit Protocols , 1994, DBSec.

[7]  Sushil Jajodia,et al.  Distributed timestamp generation in planar lattice networks , 1993, TOCS.

[8]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[9]  Thomas F. Keefe,et al.  Version pool management in a multilevel secure multiversion transaction manager , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[10]  Jeffrey D. Uuman Principles of database and knowledge- base systems , 1989 .

[11]  Rasikan David,et al.  Design and analysis of a secure two-phase locking protocol , 1994, Proceedings Eighteenth Annual International Computer Software and Applications Conference (COMPSAC 94).

[12]  Shankar Pal,et al.  The design and implementation of a multilevel secure log manager , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[13]  Sushil Jajodia,et al.  Integrating an object-oriented data model with multilevel security , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  Sushil Jajodia,et al.  Ensuring atomicity of multilevel transactions , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[15]  Hector Garcia-Molina,et al.  Scheduling real-time transactions: a performance evaluation , 1988, TODS.

[16]  Bhavani M. Thuraisingham,et al.  An Adaptive Policy for Improved Timeliness in Secure Database Systems , 1995, DBSec.

[17]  Sushil Jajodia,et al.  A single-level scheduler for the replicated architecture for multilevel-secure databases , 1991, Proceedings Seventh Annual Computer Security Applications Conference.

[18]  Jim Gray,et al.  The transaction concept: virtues and limitations , 1988 .

[19]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[20]  S. S. Ravi,et al.  Deferred updates and data placement in distributed databases , 1996, Proceedings of the Twelfth International Conference on Data Engineering.

[21]  Lui Sha,et al.  Priority Inheritance Protocols: An Approach to Real-Time Synchronization , 1990, IEEE Trans. Computers.

[22]  Sang Hyuk Son,et al.  Towards a multilevel secure database management system for real-time applications , 1993, [1993] Proceedings of the IEEE Workshop on Real-Time Applications.

[23]  Divyakant Agrawal,et al.  Using delayed commitment in locking protocols for real-time databases , 1992, SIGMOD '92.

[24]  Elisa Bertino,et al.  A Semantic-Based Execution Model for Multilevel Secure Workflows , 2000, J. Comput. Secur..

[25]  Jayant R. Haritsa,et al.  Secure transaction processing in firm real-time database systems , 1997, SIGMOD '97.

[26]  Maintaining Multilevel Transaction Atomicity in MLS Database Systems with Kernelized Architecture , 1992, DBSec.

[27]  Ira S. Moskowitz,et al.  An architecture for multilevel secure interoperability , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[28]  Oliver Costich Transaction Processing Using an Untrusted Scheduler in a Multilevel Database with Replicated Architecture , 1991, DBSec.

[29]  Wolfgang Effelsberg,et al.  Principles of database buffer management , 1984, TODS.

[30]  Sushil Jajodia,et al.  Orange Locking: Channel-Free Database Concurrency Control Via Locking , 1992, DBSec.

[31]  D. Batory,et al.  Integrating Standard Transactions in Real-Time Database Systems , 1996 .

[32]  Thomas F. Keefe,et al.  Transaction Management for Multilevel Secure Replicated Databases , 1995, J. Comput. Secur..

[33]  Elisa Bertino,et al.  Providing Different Degrees of Recency Options to Transactions in Multilevel Secure Databases , 1995, DBSec.

[34]  Sushil Jajodia,et al.  Using Two-Phase Commit for Crash Recovery in Federated Multilevel Secure Database Management Systems , 1993 .

[35]  J. Thomas Haigh,et al.  Extending The Non-Interference Version Of MLS For Sat , 1987, 1986 IEEE Symposium on Security and Privacy.

[36]  Elisa Bertino,et al.  Advanced Transaction Processing in Multilevel Secure File Stores , 1998, IEEE Trans. Knowl. Data Eng..

[37]  Sushil Jajodia,et al.  Planar Lattice Security Structures for Multilevel Replicated Databases , 1993, DBSec.

[38]  Irving L. Traiger,et al.  The notions of consistency and predicate locks in a database system , 1976, CACM.

[39]  Sushil Jajodia,et al.  Secure Locking Protocols for Multilevel Database Management Systems , 1996, DBSec.

[40]  Sushil Jajodia,et al.  Alternative correctness criteria for concurrent execution of transactions in multilevel secure databases , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[41]  A. Elmagarmid,et al.  Workflow Management: State of the Art vs. State of the Products , 1997 .

[42]  Sang Hyuk Son,et al.  Supporting security requirements in multilevel real-time databases , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[43]  Spencer E. Minear,et al.  Providing Policy Control Over Object Operations in a Mach-Based System , 1995, USENIX Security Symposium.

[44]  Ira B. Greenberg,et al.  Single-level multiversion schedulers for multilevel secure database systems , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[45]  Sushil Jajodia,et al.  An efficient multiversion algorithm for secure servicing of transaction reads , 1994, CCS '94.

[46]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[47]  Elisa Bertino,et al.  An advanced commit protocol for MLS distributed database systems , 1996, CCS '96.

[48]  Daryl McCullough,et al.  A Hookup Theorem for Multilevel Security , 1990, IEEE Trans. Software Eng..

[49]  Chung Laung Liu,et al.  Scheduling Algorithms for Multiprogramming in a Hard-Real-Time Environment , 1989, JACM.

[50]  Oliver Costich,et al.  A multilevel transaction problem for multilevel secure database systems and its solution for the replicated architecture , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[51]  Bhavani M. Thuraisingham,et al.  Improving timeliness in real-time secure database systems , 1996, SGMD.

[52]  Sang Hyuk Son,et al.  Using dynamic adjustment of serialization order for real-time database systems , 1993, 1993 Proceedings Real-Time Systems Symposium.

[53]  Qiang Li,et al.  The Impact of Multilevel Security on Database Buffer Management , 1996, ESORICS.

[54]  Patrick Valduriez,et al.  Simple rational guidance for chopping up transactions , 1992, SIGMOD '92.

[55]  Thomas F. Keefe,et al.  On Transaction Processing for Multilevel Secure Replicated Databases , 1992, ESORICS.

[56]  Stuart E. Madnick,et al.  Hierarchical database decomposition: a technique for database concurrency control , 1983, PODS '83.

[57]  Elisa Bertino,et al.  Transaction Processing in Multilevel Secure Databases with Kernelized Architectures: Challenges and Solutions , 1997, IEEE Trans. Knowl. Data Eng..

[58]  Christos H. Papadimitriou,et al.  The Theory of Database Concurrency Control , 1986 .

[59]  Sushil Jajodia,et al.  Integrating Concurrency Control and Commit Algorithms in Distributed Multilevel Secure Databases , 1993, Database Security.

[60]  Andreas Reuter,et al.  Transaction Processing: Concepts and Techniques , 1992 .

[61]  Catriel Beeri,et al.  A model for concurrency in nested transactions systems , 1989, JACM.

[62]  S. Jajodia,et al.  A model of atomicity for multilevel transactions , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[63]  Jayant,et al.  Transaction Processing in Firm Real-Time Database Systems , 1998 .

[64]  David P. Reed,et al.  Synchronization with eventcounts and sequencers , 1979, CACM.

[65]  Daniel A. Menascé,et al.  Optimistic versus pessimistic concurrency control mechanisms in database management systems , 1982, Inf. Syst..

[66]  Vijayalakshmi Atluri,et al.  An Extended Petri Net Model for Supporting Workflows in a Multilevel Secure Environment , 1996, DBSec.

[67]  Oliver Costich,et al.  A Practical Transaction Model and Untrusted Transaction Manager for a Multilevel-Secure Database System , 1992, DBSec.

[68]  Wei-Tek Tsai,et al.  Multiversion concurrency control for multilevel secure database systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[69]  John A. Stankovic,et al.  On real-time transactions , 1988, SGMD.

[70]  Thomas F. Keefe,et al.  The concurrency control and recovery problem for multilevel update transactions in MLS systems , 1993, [1993] Proceedings Computer Security Foundations Workshop VI.

[71]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[72]  Jeffrey D. Ullman,et al.  Principles Of Database And Knowledge-Base Systems , 1979 .

[73]  Ira S. Moskowitz,et al.  A pump for rapid, reliable, secure communication , 1993, CCS '93.

[74]  Kenneth Kwok-Hei Yiu,et al.  Starlight: Interactive Link , 1996, Proceedings 12th Annual Computer Security Applications Conference.

[75]  Jaideep Srivastava,et al.  Database Concurrency Control in Multilevel Secure Database Management Systems , 1993, IEEE Trans. Knowl. Data Eng..

[76]  Sushil Jajodia,et al.  A two snapshot algorithm for concurrency control in multi-level secure databases , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[77]  Sang Hyuk Son,et al.  A secure two phase locking protocol , 1993, Proceedings of 1993 IEEE 12th Symposium on Reliable Distributed Systems.

[78]  Hideyuki Tokuda,et al.  A Time-Driven Scheduling Model for Real-Time Operating Systems , 1985, RTSS.

[79]  Sushil Jajodia,et al.  Globally Consistent Event Ordering in One-Directional Distributed Environments , 1996, IEEE Trans. Parallel Distributed Syst..

[80]  John A. Stankovic,et al.  Buffer Management in Real-Time Databases , 1990 .

[81]  Avishai Wool,et al.  Replication, consistency, and practicality: are these mutually exclusive? , 1998, SIGMOD '98.