A Semantic-Based Transaction Processing Model for Multilevel Transactions

Multilevel transactions have been proposed for multilevel secure databasess in contrast to most proposals, such transactions allow users to read and write across multiple security levels. The security requirement that no high level operation influence a low level operation often conflicts with the atomicity requirement of the standard transaction processing model. In particular, others have shown that no concurrency control algorithm based on the standard transaction processing model can guarantee both atomicity and security. This conflict motivates us to propose an alternative semantic-based transaction processing model for multilevel transactions. Our model uses the semantics of the application to analyze an application and reason about its behavior. Our notion of correctness is based on semantic correctness instead of serializability as in the standard transaction processing model. Semantic correctness ensures that database consistency is maintained, transactions output consistent data, and all partially executed transactions complete. We show how an example application can be analyzed to assure semantic correctness and how this analysis can be automated. We also propose a simple timestamp-based multiversion concurrency control algorithm for transaction processing on a kernelized architecture. The advantages of our model over the standard transaction processing model are that atomicity can be assessed, and for some applications ensured via off line analysis, more concurrency is achieved, lesser synchronization between security levels is required, and a larger class of multilevel transactions can be processed. The work of Sushil Jajodia and Indrakshi Ray was partially supported by National Security Agency under grants MDA904-96-1-0103 and MDA904-96-1-0104 and by US Air Force/Rome Labs under grant F30602-97-1-0139. The work of Indrakshi Ray was also partially supported by a George Mason University Fellowship Award. The work of Paul Ammann was partially supported by US Air Force/Rome Labs under grants F30602-97-1-0139.

[1]  Joanne M. Atlee,et al.  State-Based Model Checking of Event-Driven System Requirements , 1993, IEEE Trans. Software Eng..

[2]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[3]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[4]  Jeannette M. Wing,et al.  A Case study in Model Checking Software Systems , 1997, Sci. Comput. Program..

[5]  Friedrich W. von Henke,et al.  Formal Verification of Algorithms for Critical Systems , 1993, IEEE Trans. Software Eng..

[6]  S. Jajodia,et al.  A model of atomicity for multilevel transactions , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  Rajeev Rastogi,et al.  Exploiting transaction semantics in multidatabase systems , 1995, Proceedings of 15th International Conference on Distributed Computing Systems.

[8]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[9]  Hector Garcia-Molina,et al.  Using semantic knowledge for transaction processing in a distributed database , 1983, TODS.

[10]  Ambuj K. Singh,et al.  Consistency and orderability: semantics-based correctness criteria for databases , 1993, TODS.

[11]  Henry F. Korth,et al.  Formal aspects of concurrency control in long-duration transaction systems using the NT/PV model , 1994, TODS.

[12]  Joanne M. Atlee,et al.  State-based model checking of event-driven system requirements , 1991 .

[13]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[14]  Edmund M. Clarke,et al.  Verification Tools for Finite-State Concurrent Systems , 1993, REX School/Symposium.

[15]  Sushil Jajodia,et al.  Correctness Criteria for Multilevel Secure Transactions , 1996, IEEE Trans. Knowl. Data Eng..

[16]  Oliver Costich,et al.  A multilevel transaction problem for multilevel secure database systems and its solution for the replicated architecture , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[17]  M. Tamer Özsu,et al.  Using semantic knowledge of transactions to increase concurrency , 1989, TODS.

[18]  Stephen J. Garland,et al.  PVS: A Prototype . . . , 1992 .

[19]  Sushil Jajodia,et al.  Using Formal Methods to Reason about Semantics-Based Decompositions of Transactions , 1995, VLDB.

[20]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[21]  Sushil Jajodia,et al.  Ensuring atomicity of multilevel transactions , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[22]  Sushil Jajodia,et al.  Applying formal methods to semantic-based decomposition of transactions , 1997, TODS.

[23]  Andreas Reuter,et al.  Transaction Processing: Concepts and Techniques , 1992 .