An efficient multiversion algorithm for secure servicing of transaction reads

We propose an efficient multiversion algorithm for servicing read requests in secure multilevel databases. Rather than keep an arbitrary number of versions of a datum, as standard multiversion algorithms do, the algorithm presented here maintains only a small fixed number of versions—up to three—for a modified datum. Each version corresponds to the state of the datum at the end of an externally defined version period. The algorithm avoids both covert channels and starvation of high transactions, and applies to security structures that are arbitrary partial orders. The algorithm also offers long-read transactions at any security level conflict-free access to a consistent, though slightly dated, view of any authorized portion of the database. We derive constraints sufficient to guarantee one-copy serializability of executions histories, and then exhibit an algorithm that satisfies these constraints.

[1]  Sushil Jajodia,et al.  Globally Consistent Event Ordering in One-Directional Distributed Environments , 1996, IEEE Trans. Parallel Distributed Syst..

[2]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[3]  Thomas F. Keefe,et al.  On Transaction Processing for Multilevel Secure Replicated Databases , 1992, ESORICS.

[4]  Hamid Pirahesh,et al.  Parallelism in relational data base systems: architectural issues and design approaches , 1990, [1990] Proceedings. Second International Symposium on Databases in Parallel and Distributed Systems.

[5]  Hamid Pirahesh,et al.  Parallelism in relational data base systems: architectural issues and design approaches , 1990, DPDS '90.

[6]  Oliver Costich,et al.  Maintaining Multilevel Transaction Atomicity in MLS Database Systems with Replicated Architecture , 1993, DBSec.

[7]  Catherine A. Meadows,et al.  Achieving a Trusted Database Management System Using Parallelism , 1988, DBSec.

[8]  Sushil Jajodia,et al.  A two snapshot algorithm for concurrency control in multi-level secure databases , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[10]  Sushil Jajodia,et al.  On-The-Fly Reading of Entire Databases , 1995, IEEE Trans. Knowl. Data Eng..

[11]  Oliver Costich Transaction Processing Using an Untrusted Scheduler in a Multilevel Database with Replicated Architecture , 1991, DBSec.

[12]  Hamid Pirahesh,et al.  Efficient and flexible methods for transient versioning of records to avoid locking by read-only transactions , 1992, SIGMOD '92.

[13]  John Pierce McDermott Transaction management in replicated-architecture multilevel-secure database systems , 1994 .

[14]  Oliver Costich,et al.  A multilevel transaction problem for multilevel secure database systems and its solution for the replicated architecture , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[15]  Sushil Jajodia,et al.  Concurrency control in multilevel-secure databases based on replicated architecture , 1990, SIGMOD '90.

[16]  Sushil Jajodia,et al.  Transaction processing in multilevel-secure databases using replicated architecture , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[17]  Sushil Jajodia,et al.  A single-level scheduler for the replicated architecture for multilevel-secure databases , 1991, Proceedings Seventh Annual Computer Security Applications Conference.

[18]  Wei-Tek Tsai,et al.  Multiversion concurrency control for multilevel secure database systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[19]  Sushil Jajodia,et al.  Distributed timestamp generation in planar lattice networks , 1993, TOCS.

[20]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[21]  Meichun Hsu,et al.  Partitioned two-phase locking , 1986, TODS.