Skip to main content
SpringerLink
Log in

Secure Concurrency Control in Firm Real-Time Database Systems

  • Chapter
Security of Data and Transaction Processing

Abstract

Many real-time database applications arise in electronic financial services, safety-critical installations and military systems where enforcing security is crucial to the success of the enterprise. For real-time database systems supporting applications with firm deadlines, we investigate here the performance implications, in terms of killed transactions, of guaranteeing multilevel secrecy. In particular, we focus on the concurrency control (CC) aspects of this issue.

Our main contributions are the following: First, we identify which among the previously proposed real-time CC protocols are capable of providing covert-channel-free security. Second, using a detailed simulation model, we profile the real-time performance of a representative set of these secure CC protocols for a variety of security-classified workloads and system configurations. Our experiments show that a prioritized optimistic CC protocol, OPT-WAIT, provides the best overall performance. Third, we propose and evaluate a novel “dual-CC” approach that allows the real-time database system to simultaneously use different CC mechanisms for guaranteeing security and for improving real-time performance. By appropriately choosing these different mechanisms, concurrency control protocols that provide even better performance than OPT-WAIT are designed. Finally, we propose and evaluate GUARD, an adaptive admission-control policy designed to provide fairness with respect to the distribution of killed transactions across security levels. Our experiments show that GUARD efficiently provides close to ideal fairness for real-time applications that can tolerate covert channel bandwidths of upto one bit per second.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. R. Abbott and H. Garcia-Molina, “Scheduling real-time transactions: A performance evaluation,” ACM Trans. on Database Systems, vol. 17, no. 3, pp. 513–560, September 1992.

    Article  Google Scholar 

  2. M. Abrams, S. Jajodia, and H. Podell, Information Security, IEEE Computer Society Press, 1995.

    Google Scholar 

  3. R. Agrawal, M. Carey, and M. Livny, “Concurrency control performance modeling: Alternatives and implications,” ACM Trans. on Database Systems, vol. 12, no. 4, December 1987.

    Google Scholar 

  4. D. Agrawal, A. El Abbadi, and R. Jeffers, “Using delayed commitment in locking protocols for real-time databases,” in Proc. of ACM SIGMOD Conf., June 1992.

    Google Scholar 

  5. P. Amman, F. Jaeckle, and S. Jajodia, “A two-snapshot algorithm for concurrency control in secure multilevel databases,” in Proc. of IEEE Symp. on Security and Privacy, 1992.

    Google Scholar 

  6. V. Atluri, S. Jajodia, T. Keefe, C. McCollum, and R. Mukkamala, “Multilevel secure transaction processing: Status and prospects,” in Database Security, X: Status and Prospects, P. Samarati and R. Sandhu (Eds.), Chapman & Hall, 1997.

    Google Scholar 

  7. S. Castano, M. Fugini, G. Martella, and P. Samarati, Database Security, Addison-Wesley, 1995.

    Google Scholar 

  8. A. Datta, S. Mukherjee, P. Konana, I. Viguier, and A. Bajaj, “Multiclass transaction scheduling and overload management in firm real-time database systems,” Information Systems, vol. 21, no. 1, March 1996.

    Google Scholar 

  9. R. David, “Secure concurrency control,” Master’s thesis, Univ. of Virginia, May 1993.

    Google Scholar 

  10. R. David, S. Son, and R. Mukkamala, “Supporting security requirements in multilevel real-time databases,” in Proc. of IEEE Symp. on Security and Privacy, May 1995.

    Google Scholar 

  11. “DOD Trusted Computer System Evaluation Criteria,” Department of Defense Standard, DoD 5200.28-STD, December 1985.

    Google Scholar 

  12. K. Eswaran, J. Gray, R. Lorie, and I. Traiger, “The notions of consistency and predicate locks in a database system,” Comm. of ACM, vol. 19, no. 11, pp. 624–633, November 1976.

    Article  MathSciNet  MATH  Google Scholar 

  13. D. Georgakopoulous, M. Rusinkiewicz, and A. Sheth, “On serializability of multidatabase transactions through forced local conflicts,” in Proc. of 7th IEEE Intl. Conf. on Data Engineering, 1991.

    Google Scholar 

  14. B. George, “Secure real-time transaction processing,” Ph.D. thesis, Indian Institute of Science, December 1998.

    Google Scholar 

  15. J. Goguen and J. Meseguer, “Security policy and security models,” in Proc. of IEEE Symp. on Security and Privacy, 1982.

    Google Scholar 

  16. I. Greenberg, P. Boucher, R. Clark, E. Jensen, T. Lunt, P. Neuman, and D. Wells, “The secure alpha study (final summary report),” Tech. Report ELIN A012, SRI International, June 1993.

    Google Scholar 

  17. J. Haritsa, “Performance analysis of real-time database systems,” in Proc. of 10th IEEE Intl. Conf. on Data Engineering, February 1994.

    Google Scholar 

  18. J. Haritsa, M. Carey, and M. Livny, “On being optimistic about real-time constraints,” in Proc. of 9th ACM Symp. on Principles of Database Systems, April 1990.

    Google Scholar 

  19. J. Haritsa, M. Carey, and M. Livny, “Data access scheduling in firm real-time database systems,” Intl. Journal of Real-Time Systems, vol. 4, no. 3, 1992.

    Google Scholar 

  20. J. Haritsa, M. Livny, and M. Carey, “Earliest deadline scheduling for real-time database systems,” Proc. of 12th IEEE Real-Time Systems Symp., December 1991.

    Google Scholar 

  21. M. Kang and I. Moskowitz, “A pump for rapid, reliable, secure communication,” in Proc. 1st ACM Conf. on Computer and Communications Security, November 1994.

    Google Scholar 

  22. T. Keefe, W. Tsai, and J. Srivastava, “Multilevel secure database concurrency control,” in Proc. of 6th IEEE Intl. Conf. on Data Engineering, February 1990.

    Google Scholar 

  23. W. Lampson, “A note on the confinement problem,” Comm. of ACM, vol. 16, no. 10, pp. 613–615, October 1973.

    Article  Google Scholar 

  24. L. La Padula and D. Bell, “Secure computer systems: Unified exposition and multics interpretation,” The Mitre Corp., March 1976.

    Google Scholar 

  25. A.M. Law and C.S. Larney, Introduction to simulation using SIMSCRIPT II.5, CACI Products Company, La Jolla, Calif., 1984.

    Google Scholar 

  26. S.J. Leffler, M.K. McKusick, M.T. Karels, and J.S. Quarterman, The Design and Implementation of 4.3 BSD UNIX Operating System, Addison-Wesley, 1989.

    Google Scholar 

  27. Y. Lin and S. Son, “Concurrency control in real-time database systems by dynamic adjustment of serialization order,” in Proc. of 11th IEEE Real-Time Systems Symp., December 1990.

    Google Scholar 

  28. C.L. Liu and J.W. Layland, “Scheduling algorithms for multiprogramming in a hard real-time environment,” Journal of the ACM, vol. 20, no. 1, 1973.

    Google Scholar 

  29. R. Mukkamala and S. Son, “A secure concurrency control protocol for real-time databases,” in Proc. of Annual IFIP WG 11.3 Conference of Database Security, August 1995.

    Google Scholar 

  30. J. Robinson, “Design of concurrency control protocols for transaction processing systems,” Ph.D. thesis, Computer Sciences Dept., Carnegie Mellon University, 1982.

    Google Scholar 

  31. L. Sha, R. Rajkumar, and J. Lehoczky, “Priority inheritance protocols: An approach to real-time synchronization,” Tech. Rep. CMU-CS-87-181, Depts. of CS, ECE and Statistics, Carnegie Mellon University, 1987.

    Google Scholar 

  32. C. Shannon, “A mathematical theory of communications,” Bell Syst. Tech. J., vol. 27, no. 4, pp. 623–656, October 1948.

    MathSciNet  Google Scholar 

  33. S. Son and R. David, “Design and analysis of a secure two-phase locking protocol,” in Proc. of Intl. Computer Software and Applications Conf., November 1994.

    Google Scholar 

  34. S. Son, R. David, and B. Thuraisingham, “An adaptive policy for improved timeliness in secure database systems,” in Proc. of Annual IFIP WG 11.3 Conference of Database Security, August 1995.

    Google Scholar 

  35. S. Son, R. David, and B. Thuraisingham, “Improving timeliness in real-time secure database systems,” SIGMOD Record (Special Issue on Real-Time Database Systems), vol. 25, no. 1, pp. 29–33, March 1996.

    Google Scholar 

  36. S. Son and B. Thuraisingham, “Towards a multilevel secure database management system for real-time applications,” in Proc. of IEEE Workshop on Real-Time Applications, May 1993.

    Google Scholar 

  37. S. Thomas, S. Seshadri, and J. Haritsa, “Integrating standard transactions in real-time database systems,” Information Systems, vol. 21, no. 1, March 1996.

    Google Scholar 

  38. B. Thuraisingham and H. Ko, “Concurrency control in trusted database management systems: A survey,” SIGMOD Record, vol. 22, no. 4, December 1993.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Database Systems Lab, Indian Institute of Science, Bangalore, 560012, India

    Binto George & Jayant R. Haritsa

Authors
  1. Binto George
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jayant R. Haritsa
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Rutgers University, USA

    Vijay Atluri

  2. SRI International, USA

    Pierangela Samarati

Rights and permissions

Reprints and permissions

Copyright information

© 2000 Springer Science+Business Media New York

About this chapter

Cite this chapter

George, B., Haritsa, J.R. (2000). Secure Concurrency Control in Firm Real-Time Database Systems. In: Atluri, V., Samarati, P. (eds) Security of Data and Transaction Processing. Springer, Boston, MA. https://doi.org/10.1007/978-1-4615-4461-6_3

Download citation

  • DOI: https://doi.org/10.1007/978-1-4615-4461-6_3

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-1-4613-7009-3

  • Online ISBN: 978-1-4615-4461-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation