Multilevel Secure Transaction Processing: Status and Prospects

Since 1990, transaction processing in multilevel secure database management systems (DBMSs) has been receiving a great deal of attention from the database research community. Transaction processing in these systems requires modification of conventional scheduling algorithms and commit protocols. These modifications are necessary because preserving the usual transaction properties when transactions are executing at different security levels often conflicts with the enforcement of the security policy. Considerable effort has been devoted to the development of efficient, secure algorithms for the major types of secure DBMS architectures: kernelized, replicated, and distributed. An additional problem that arises uniquely in multilevel secure DBMSs is that of secure, correct execution when data at multiple security levels must be written within one transaction. Significant progress has been made in a number of these areas, and a few of the techniques have been incorporated into commercial trusted DBMS products. However, there are many open problems remain to be explored. This paper reviews the achievements to date in transaction processing for multilevel secure DBMSs. The paper provides an overview of transaction processing needs and solutions in conventional DBMSs as background, explains the constraints introduced by multilevel security, and then describes the results of research in multilevel secure transaction processing. Research results and limitations in concurrency control, multilevel transaction management, and secure commit protocols are summarized. Finally, important new areas are identified for secure transaction processing research.

[1]  Dorothy E. Denning,et al.  The SeaView security model , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[2]  Sushil Jajodia,et al.  Integrating Concurrency Control and Commit Algorithms in Distributed Multilevel Secure Databases , 1993, Database Security.

[3]  Andreas Reuter,et al.  Transaction Processing: Concepts and Techniques , 1992 .

[4]  Sushil Jajodia,et al.  Integrating an object-oriented data model with multilevel security , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Elisa Bertino,et al.  Alternative Correctness Criteria for Concurrent Execution of Transactions in Multilevel Secure Databases , 1996, IEEE Trans. Knowl. Data Eng..

[6]  Sushil Jajodia,et al.  A two snapshot algorithm for concurrency control in multi-level secure databases , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  Shankar Pal,et al.  A Locking Protocol for MLS Databases Providing Support For Long Transactions , 1995, DBSec.

[8]  Thomas F. Keefe,et al.  Version pool management in a multilevel secure multiversion transaction manager , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[9]  Leslie Lamport,et al.  Concurrent reading and writing , 1977, Commun. ACM.

[10]  Sushil Jajodia,et al.  A Performance Comparison of two Decomposition Techniques for Multilevel Secure Database Systems , 1993, DBSec.

[11]  Elisa Bertino,et al.  Degrees of Isolation, Concurrency Control Protocols, and Commit Protocols , 1994, DBSec.

[12]  Sushil Jajodia,et al.  Distributed timestamp generation in planar lattice networks , 1993, TOCS.

[13]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[14]  Dennis Shasha,et al.  Concurrent search structure algorithms , 1988, TODS.

[15]  Wei-Tek Tsai,et al.  Multiversion concurrency control for multilevel secure database systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[16]  Thomas F. Keefe,et al.  The concurrency control and recovery problem for multilevel update transactions in MLS systems , 1993, [1993] Proceedings Computer Security Foundations Workshop VI.

[17]  Ravi Mukkamala,et al.  Performance Analysis of Transaction Management Algorithms for the SINTRA Replicated-Architecture Database System , 1993, Database Security.

[18]  Thomas F. Keefe,et al.  Transaction Management for Multilevel Secure Replicated Databases , 1995, J. Comput. Secur..

[19]  S. Jajodia,et al.  A model of atomicity for multilevel transactions , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[20]  Michael J. Franklin,et al.  Concurrency Control and Recovery , 2014, Encyclopedia of Database Systems.

[21]  Sushil Jajodia,et al.  Integrity Versus Security in Multi-Level Secure Databases , 1988, DBSec.

[22]  David P. Reed,et al.  Synchronization with eventcounts and sequencers , 1979, CACM.

[23]  Sushil Jajodia,et al.  Using Two-Phase Commit for Crash Recovery in Federated Multilevel Secure Database Management Systems , 1993 .

[24]  Qiang Li,et al.  The Impact of Multilevel Security on Database Buffer Management , 1996, ESORICS.

[25]  Oliver Costich Transaction Processing Using an Untrusted Scheduler in a Multilevel Database with Replicated Architecture , 1991, DBSec.

[26]  Barbara T. Blaustein,et al.  Securely executing multilevel transactions , 1996, SEC.

[27]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[28]  Elisa Bertino,et al.  An advanced commit protocol for MLS distributed database systems , 1996, CCS '96.

[29]  Elisa Bertino,et al.  Advanced Transaction Processing in Multilevel Secure File Stores , 1998, IEEE Trans. Knowl. Data Eng..

[30]  Sushil Jajodia,et al.  Planar Lattice Security Structures for Multilevel Replicated Databases , 1993, DBSec.

[31]  Sushil Jajodia,et al.  Alternative correctness criteria for concurrent execution of transactions in multilevel secure databases , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[32]  Ira B. Greenberg,et al.  Single-level multiversion schedulers for multilevel secure database systems , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[33]  Paul M. Bober,et al.  Indexing Alternatives for Multiversion Locking , 1994, EDBT.

[34]  Sushil Jajodia,et al.  An efficient multiversion algorithm for secure servicing of transaction reads , 1994, CCS '94.

[35]  Sushil Jajodia,et al.  Effects of SeaView Decomposition of Multilevel Relations on Database Performance , 1991, DBSec.

[36]  Sushil Jajodia,et al.  Ensuring atomicity of multilevel transactions , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[37]  Ravi Mukkamala,et al.  Architectural impact on performance of a multilevel database system , 1994, Tenth Annual Computer Security Applications Conference.

[38]  Sushil Jajodia,et al.  A single-level scheduler for the replicated architecture for multilevel-secure databases , 1991, Proceedings Seventh Annual Computer Security Applications Conference.

[39]  Thomas F. Keefe,et al.  On Transaction Processing for Multilevel Secure Replicated Databases , 1992, ESORICS.

[40]  Jaideep Srivastava,et al.  Database Concurrency Control in Multilevel Secure Database Management Systems , 1993, IEEE Trans. Knowl. Data Eng..

[41]  Vijayalakshmi Atluri,et al.  An Extended Petri Net Model for Supporting Workflows in a Multilevel Secure Environment , 1996, DBSec.

[42]  Sushil Jajodia,et al.  Correctness Criteria for Multilevel Secure Transactions , 1996, IEEE Trans. Knowl. Data Eng..

[43]  Sushil Jajodia,et al.  A novel decomposition of multilevel relations into single-level relations , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[44]  Sushil Jajodia,et al.  Globally Consistent Event Ordering in One-Directional Distributed Environments , 1996, IEEE Trans. Parallel Distributed Syst..

[45]  Jean Ferrié,et al.  Integrating Concurrency Control into an Object-Oriented Database System , 1990, Building an Object-Oriented Database System, The Story of O2.