Secure transaction management and query processing in multilevel secure database systems

In a multilevel secure database system, every data item is assigned a classification level and each user that accesses the data has a clearance level. Users can read data items that exist at a lower level and write at their own level. In such systems multilevel databases may be partitioned and stored as single-level databases. To construct a multilevel relation, repeated joins of different single level base relations are taken, thus resulting in delayed query response time. However, trying t o accelerate transactions might establish covert channels which can send high level sensitive information to low level users. This paper describes secure algorithms for both concurrency control and query processing in such systems and shows how these two techniques could be integrated together to give best performance. The data structures, needed in these algorithms, are based on bit vector techniques developed in [13], and [14]. Our method accelerates both read-only (queries) and read-write transactions in a secure and correct manner.

[1]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[2]  Dorothy E. Denning,et al.  A Multilevel Relational Data Model , 1987, 1987 IEEE Symposium on Security and Privacy.

[3]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[4]  William Perrizo,et al.  Domain Vector Accelerator for Relational Operations , 1991, ICDE.

[5]  Teresa F. Lunt,et al.  Toward a multilevel relational data language , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[6]  Brajendra Panda,et al.  Query processing in multilevel secure database systems , 1993 .

[7]  Wei-Tek Tsai,et al.  Multiversion concurrency control for multilevel secure database systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  Dorothy E. Denning,et al.  The SeaView security model , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[9]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[10]  Elisa Bertino,et al.  Alternative Correctness Criteria for Concurrent Execution of Transactions in Multilevel Secure Databases , 1996, IEEE Trans. Knowl. Data Eng..

[11]  Ramzi Ahmed Haraty Transaction management in multilevel secure database systems , 1992 .

[12]  Ira B. Greenberg,et al.  Single-level multiversion schedulers for multilevel secure database systems , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[13]  William Perrizo Request order linked list (ROLL): a concurrency control object for centralized and distributed database systems , 1991, [1991] Proceedings. Seventh International Conference on Data Engineering.

[14]  William Perrizo,et al.  Domain vector accelerator (DVA): A query accelerator for relational operations , 1991, [1991] Proceedings. Seventh International Conference on Data Engineering.

[15]  Brajendra Panda,et al.  Maintaining Surrogate Data for Query Acceleration in Multilevel Secure Database Systems , 1995, CISMOD.

[16]  W.T. Tsai,et al.  Secure query processing using AI techniques , 1988, [1988] Proceedings of the Twenty-First Annual Hawaii International Conference on System Sciences. Volume II: Software track.