Abstract
Since 1990, transaction processing in multilevel secure database management systems (DBMSs) has been receiving a great deal of attention from the database research community. Transaction processing in these systems requires modification of conventional scheduling algorithms and commit protocols. These modifications are necessary because preserving the usual transaction properties when transactions are executing at different security levels often conflicts with the enforcement of the security policy. Considerable effort has been devoted to the development of efficient, secure algorithms for the major types of secure DBMS architectures: kernelized, replicated, and distributed. An additional problem that arises uniquely in multilevel secure DBMSs is that of secure, correct execution when data at multiple security levels must be written within one transaction. Significant progress has been made in a number of these areas, and a few of the techniques have been incorporated into commercial trusted DBMS products. However, there are many open problems remain to be explored. This paper reviews the achievements to date in transaction processing for multilevel secure DBMSs. The paper provides an overview of transaction processing needs and solutions in conventional DBMSs as background, explains the constraints introduced by multilevel security, and then describes the results of research in multilevel secure transaction processing. Research results and limitations in concurrency control, multilevel transaction management, and secure commit protocols are summarized. Finally, important new areas are identified for secure transaction processing research.
Chapter PDF
Similar content being viewed by others
Keywords
References
Air Force Studies Board (1983), Multilevel Data Management Security, National Research Council, National Academy Press, Washington, DC.
Ammann, P., Jaeckle, F. & Jajodia, S. (1992), A two snapshot algorithm for concurrency control in secure multi-level databases, in ‘Proc. Symp. on Research in Security and Privacy’, Oakland, CA, pp. 204–215.
Ammann, P. & Jajodia, S. (1993), ‘Distributed timestamp generation in planar lattice networks’, ACM Trans. on Computer Systems 11 (3), 205–225.
Ammann, P. & Jajodia, S. (1994a), An efficient multiversion algorithm for secure servicing of transaction reads, in ‘Proc. of the 1st ACM conference on Computer and Communication Security’, Fairfax, VA, pp. 118–125.
Ammann, P. & Jajodia, S. (1994b), Planar lattice security structures for multilevel replicated database, in T. F. Keefe & C. E. Landwehr, eds, ‘Database Security VII: Status and Prospects’, North-Holland, Amsterdam, pp. 125–134.
Ammann, P., Jajodia, S. & Frankl, P. (1996), ‘Globally consistent event ordering in one-directional distributed environments’, IEEE Transactions on Parallel and Distributed Systems 7(6), 665–670.
Ammann, P., Jajodia, S. & Ray, I. (1996), Ensuring atomicity of multilevel transactions, in ‘Proc. IEEE Symp. on Security and Privacy’, Oakland, CA, pp. 74–84.
Atluri, V., Bertino, E. & Jajodia, S. (1995), Degrees of isolation, concurrency control Protocols, and commit Protocols, in M. Morgenstern, J. Biskup & C. E. Landwehr, eds, ‘Database Security, VII: Status and Prospects’, North Holland, pp. 259–274.
Atluri, V. & Huang, W.-K. (1996), An extended petri net model for supporting workflows in a multilevel secure environment, in ‘Proc. of the 10th IFIP WG 11.3 Workshop on Database Security’, pp. 199–216.
Bell, E. & LaPadula, L. J. (1975), Secure computer systems: Unified exposition and multics interpretations, Technical Report MTR-2997, The Mitre Corporation, Burlington Road, Bedford, MA 01730, USA.
Bernstein, P. A., Hadzilacos, V. & Goodman, N. (1987), Concurrency Control and Recovery in Database Systems. Addison-Wesley, Reading, MA.
Bertino, E., Jajodia, S., Mancini, L. & Ray, I. (1996), ‘Advanced transaction Processing in multilevel secure file stores’, Accepted for publication in IEEE Transactions on Knowledge and Data Engineering.
Blaustein, B. T., Jajodia, S., McCollum, C. D. & Notargiacomo, L. (1993), A model of atomicity for multilevel transactions, in ‘Proc. IEEE Symposium on Security and Privacy’, Oakland, California, pp. 120–134.
Bober, P. & Carey, M. (1994), Indexing alternatives for multiversion locking, in ‘Proc. Int’l. Conf. on Extending Database Technology’, pp. 145–158.
Costich, O. (1992), Transaction Processing using an untrusted scheduler in a multilevel database with replicated architecture, in C. Landwehr & S. Jajodia, eds, ‘Database Security V: Status and Prospects’, North-Holland, Amsterdam, pp. 173–190.
Denning, D. E. (1982), Cryptography and Data Security, Addison-Wesley, Reading, MA.
Denning, D. E., Lunt, T., Schell, R., Shockley, W. & Heckman, M. (1988), The Seaview security model, in ‘Proc. IEEE Symp. on Security and Privacy’, Oakland, CA, pp. 218–233.
Gray, J. & Reuter, A. (1993), Transaction Processing: Concepts and Techniques, Morgan Kaufmann, San Mateo, California.
Informix (1993a), Informix-OnLine/Secure Administrator’s Guide, Informix Software, Inc., Menlo Park, CA.
Informix (1993b), Informix-OnLine/Secure Security Features User’s Guide, Informix Software, Inc., Menlo Park, CA.
Jajodia, S. & Atluri, V. (1992), Alternative correctness criteria for concurrent execution of transactions in multilevel secure databases, in ‘Proc. IEEE Symposium on Security and Privacy’, Oakland, California, pp. 216–224.
Jajodia, S. & Kogan, B. (1990), Integrating an object-oriented data model with multilevel security, in ‘Proc. IEEE Symposium on Security and Privacy’, Oakland, California, pp. 76–85.
Jajodia, S. & McCollum, C. (1993), Using two-phase commit for crash recovery in federated multilevel secure database management systems, in C. E. Landwehr, B. Randell & L. Simoncini, eds, ‘Dependable Computing and Fault Tolerant Systems, Vol. 8’, Springer-Verlag, New York, pp. 365–381.
Jajodia, S., McCollum, C. D. & Blaustein, B. T. (1994), Integrating concurrency control and commit algorithms in distributed multilevel secure databases, in T. F. Keefe & C. E. Landwehr, eds, ‘Database Security, VII: Status and Prospects’, North-Holland, Amsterdam, pp. 109–121.
Jajodia, S. & Mukkamala, R. (1992), Effects of seaview decomposition of multilevel relations on database performance, in C. E. Landwehr & S. Jajodia, eds, ‘Database Security V: Status and Prospects’, North-Holland, Amsterdam, pp. 203–225.
Jajodia, S. & Sandhu, R. (1991), A novel decomposition of multilevel relations into single-level relations, in ‘Proc. IEEE Symp. on Security and Privacy’, Oakland, California, pp. 300–313.
Jajodia, S., Smith, K. P., Blaustein, B. T. & Notargiacomo, L. (1996), Securely executing multilevel transactions, in S. K. Katsikas & D. Gritzalis, eds, ‘Information Systems Security’, Chapman & Hall, London, pp. 259–270.
Kang, I. E. & Keefe, T. F. (1992), On transaction Processing for multilevel-secure replicated databases, in ‘Proc. of the European Symposium on Research in Computer Security’, pp. 329–347.
Kang, I. E. & Keefe, T. F. (1995), ‘Transaction management for multilevel secure replicated databases’, Journal of Computer Security 3, 115–145.
Kang, M., Froscher, J. & Mukkamala, R. (1994), Architectural impact on performance of a multilevel database system, in ‘Proc. 10th Annual IEEE Computer Security Applications Conf.’, pp. 76–85.
Keefe, T. F. & Tsai, W. T. (1990), Multiversion concurrency control for multilevel secure database systems, in ‘Proc. IEEE Symposium on Security and Privacy’, Oakland, California, pp. 369–383.
Keefe, T. F., Tsai, W. T. & Srivastava, J. (1993), ‘Database concurrency control in multilevel secure database management systems’, IEEE Trans. on Knowledge and Data Engineering 5(6), 1039–1055.
Lamport, L. (1977), ‘Concurrent reading and writing’, Comm. of ACM 20 (11), 806–811.
Maimone, W. T. & Greenberg, I. B. (1990), Single-level multiversion schedulers for multilevel secure database systems, in ‘Proc. 6th Annual Computer Security Applications Conf.’, Tucson, Arizona, pp. 137–147.
Mathur, A. G. & Keefe, T. F. (1993), The concurrency control and recovery Problem for multilevel update transactions in mls systems, in ‘Proc. IEEE Computer Security Foundations Workshop’, Franconia, NH, pp. 10–23.
McDermott, J., Jajodia, S. & Sandhu, R. (1991), A single-level scheduler for replicated architecture for multilevel secure databases, in ‘Proc. 7th Annual Computer Security Applications Conf.’, San Antonio, Texas, pp. 2–11.
McDermott, J. & Mukkamala, R. (1994), Performance analysis of transaction management algorithm for the sintra replicated-architecture database system, in T. F. Keefe & C. E. Landwehr, eds, ‘Database Security VII: Status and Prospects’, North-Holland, Amsterdam, pp. 215–234.
Meadows, C. & Jajodia, S. (1988), Integrity versus security in multi-level secure databases, in C. E. Landwehr, ed., ‘Database Security, Status and Prospects’, North-Holland, pp. 89–101.
Mukkainala, R. & Jajodia, S. (1994), A performance comparison of two decomposition techniques for multilevel database systems, in T. F. Keefe & C. E. Landwehr, eds, ‘Database Security VII: Status and Prospects’, North-Holland, Amsterdam, pp. 199–214.
Oracle (1992), Trusted Oracle Administrator’s Guide, Oracle Corp., Redwood City, CA.
Pal, S. (1996), A locking Protocol for multilevel secure databases Providing support for long transactions, in D. L. Spooner, S. A. Demurjian & J. E. Dobson, eds, ‘Database Security IX: Status and Prospects’, Chapman & Hall, London, pp. 183–198.
Ray, I., Bertino, E., Jajodia, S. & Mancini, L. (1996), An advanced commit Protocol for mls distributed database systems, in ‘Proc. Third ACM Conference on Computer and Communications Security’, New Delhi, India, pp. 119–128.
Reed, D. P. & Kanodia, R. K. (1979), ‘Synchronization with eventcounts and sequencers’, Comm. of ACM 22 (5), 115–123.
Schaefer, M. (1974), Quasi-synchronization of readers and writers in a secure multi-level environment, Technical Report TM-5407/003, System Development Corp.
Shasha, D. & Goodman, N. (1988), ‘Concurrent search structure algorithms’, ACM Trans. on Database Systems 13 (1), 53–90.
Smith, K. P., Blaustein, B. T., Jajodia, S. & Notargiacomo, L. (1996), ‘Correctness criteria for multilevel transactions’, IEEE Trans. on Knowledge and Data Engineering 8 (1), 32–35.
Stamos, J. W. & Cristian, F. (1993), ‘Coordinator log transaction execution Protocol’, Distributed and Parallel Databases 1, 383–408.
Sybase (1993), Sybase Secure SQL Server Security Administrator’s Guide, Sybase, Inc., Emeryville, CA.
Warner, A. & Keefe, T. ( 1995 ), Version pool management in a multilevel secure multiversion transaction manager, in ‘Proc. IEEE Symposium on Security and Privacy’, Oakland, California, pp. 169–182.
Warner, A., Li, Q., Keefe, T. & Pal, S. (1996), The impact of multilevel security on database buffer management, in ‘Proc. of the European Symposium on Research in Computer Security’, pp. 266–289.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1997 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Atluri, V., Jajodia, S., Keefe, T.F., McCollum, C., Mukkamala, R. (1997). Multilevel Secure Transaction Processing: Status and Prospects. In: Samarati, P., Sandhu, R.S. (eds) Database Security. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35167-4_6
Download citation
DOI: https://doi.org/10.1007/978-0-387-35167-4_6
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2900-8
Online ISBN: 978-0-387-35167-4
eBook Packages: Springer Book Archive