Concurrency Control in a Secure Database via a Two-Snapshot Algorithm

We offer a concurrency conirol algorithm for replicated, secure, multilevel databases. We compare the algorithm with a multiversion approach and with the typical full-replication approach. In the full-replication approach, each security level maintains a container that holds a complete copy of data at lower security levels. In the approach described here, access to data at lower security levels is through shared, read-only snapshots, where a constant number of snapshots at each level – two, as it turns out – is sufficient. We derive necessary properties for snapshots, give a switching algorithm to assign read-downs to snapshots, specify a snapshot creation algorithm, demonstrate that the approach is free of indirect channels and starvation, and prove one-copy serializability on execution histories. In contrast to some comparable algorithms, our algorithm is correct for any security structure that is a partial order.

[1]  Sushil Jajodia,et al.  Distributed timestamp generation in planar lattice networks , 1993, TOCS.

[2]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[3]  Thomas F. Keefe,et al.  On Transaction Processing for Multilevel Secure Replicated Databases , 1992, ESORICS.

[4]  S. Jajodia,et al.  A model of atomicity for multilevel transactions , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Sushil Jajodia,et al.  Planar Lattice Security Structures for Multilevel Replicated Databases , 1993, DBSec.

[6]  Oliver Costich Transaction Processing Using an Untrusted Scheduler in a Multilevel Database with Replicated Architecture , 1991, DBSec.

[7]  Sushil Jajodia,et al.  Transaction processing in multilevel-secure databases using replicated architecture , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  Jeffrey D. Ullman,et al.  Principles of Database and Knowledge-Base Systems, Volume II , 1988, Principles of computer science series.

[9]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[10]  Wei-Tek Tsai,et al.  Multiversion concurrency control for multilevel secure database systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  Christos H. Papadimitriou,et al.  The serializability of concurrent database updates , 1979, JACM.

[12]  Sushil Jajodia,et al.  Globally Consistent Event Ordering in One-Directional Distributed Environments , 1996, IEEE Trans. Parallel Distributed Syst..

[13]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[14]  Sushil Jajodia,et al.  A two snapshot algorithm for concurrency control in multi-level secure databases , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.