Advertisement

Secure Concurrency Control in Firm Real-Time Database Systems

Chapter

Abstract

Many real-time database applications arise in electronic financial services, safety-critical installations and military systems where enforcing security is crucial to the success of the enterprise. For real-time database systems supporting applications with firm deadlines, we investigate here the performance implications, in terms of killed transactions, of guaranteeing multilevel secrecy. In particular, we focus on the concurrency control (CC) aspects of this issue.

Our main contributions are the following: First, we identify which among the previously proposed real-time CC protocols are capable of providing covert-channel-free security. Second, using a detailed simulation model, we profile the real-time performance of a representative set of these secure CC protocols for a variety of security-classified workloads and system configurations. Our experiments show that a prioritized optimistic CC protocol, OPT-WAIT, provides the best overall performance. Third, we propose and evaluate a novel “dual-CC” approach that allows the real-time database system to simultaneously use different CC mechanisms for guaranteeing security and for improving real-time performance. By appropriately choosing these different mechanisms, concurrency control protocols that provide even better performance than OPT-WAIT are designed. Finally, we propose and evaluate GUARD, an adaptive admission-control policy designed to provide fairness with respect to the distribution of killed transactions across security levels. Our experiments show that GUARD efficiently provides close to ideal fairness for real-time applications that can tolerate covert channel bandwidths of upto one bit per second.

Key words

real-time database covert channels concurrency control firm deadlines fairness performance evaluation 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    R. Abbott and H. Garcia-Molina, “Scheduling real-time transactions: A performance evaluation,” ACM Trans. on Database Systems, vol. 17, no. 3, pp. 513–560, September 1992.CrossRefGoogle Scholar
  2. 2.
    M. Abrams, S. Jajodia, and H. Podell, Information Security, IEEE Computer Society Press, 1995.Google Scholar
  3. 3.
    R. Agrawal, M. Carey, and M. Livny, “Concurrency control performance modeling: Alternatives and implications,” ACM Trans. on Database Systems, vol. 12, no. 4, December 1987.Google Scholar
  4. 4.
    D. Agrawal, A. El Abbadi, and R. Jeffers, “Using delayed commitment in locking protocols for real-time databases,” in Proc. of ACM SIGMOD Conf., June 1992.Google Scholar
  5. 5.
    P. Amman, F. Jaeckle, and S. Jajodia, “A two-snapshot algorithm for concurrency control in secure multilevel databases,” in Proc. of IEEE Symp. on Security and Privacy, 1992.Google Scholar
  6. 6.
    V. Atluri, S. Jajodia, T. Keefe, C. McCollum, and R. Mukkamala, “Multilevel secure transaction processing: Status and prospects,” in Database Security, X: Status and Prospects, P. Samarati and R. Sandhu (Eds.), Chapman & Hall, 1997.Google Scholar
  7. 7.
    S. Castano, M. Fugini, G. Martella, and P. Samarati, Database Security, Addison-Wesley, 1995.Google Scholar
  8. 8.
    A. Datta, S. Mukherjee, P. Konana, I. Viguier, and A. Bajaj, “Multiclass transaction scheduling and overload management in firm real-time database systems,” Information Systems, vol. 21, no. 1, March 1996.Google Scholar
  9. 9.
    R. David, “Secure concurrency control,” Master’s thesis, Univ. of Virginia, May 1993.Google Scholar
  10. 10.
    R. David, S. Son, and R. Mukkamala, “Supporting security requirements in multilevel real-time databases,” in Proc. of IEEE Symp. on Security and Privacy, May 1995.Google Scholar
  11. 11.
    “DOD Trusted Computer System Evaluation Criteria,” Department of Defense Standard, DoD 5200.28-STD, December 1985.Google Scholar
  12. 12.
    K. Eswaran, J. Gray, R. Lorie, and I. Traiger, “The notions of consistency and predicate locks in a database system,” Comm. of ACM, vol. 19, no. 11, pp. 624–633, November 1976.MathSciNetzbMATHCrossRefGoogle Scholar
  13. 13.
    D. Georgakopoulous, M. Rusinkiewicz, and A. Sheth, “On serializability of multidatabase transactions through forced local conflicts,” in Proc. of 7th IEEE Intl. Conf. on Data Engineering, 1991.Google Scholar
  14. 14.
    B. George, “Secure real-time transaction processing,” Ph.D. thesis, Indian Institute of Science, December 1998.Google Scholar
  15. 15.
    J. Goguen and J. Meseguer, “Security policy and security models,” in Proc. of IEEE Symp. on Security and Privacy, 1982.Google Scholar
  16. 16.
    I. Greenberg, P. Boucher, R. Clark, E. Jensen, T. Lunt, P. Neuman, and D. Wells, “The secure alpha study (final summary report),” Tech. Report ELIN A012, SRI International, June 1993.Google Scholar
  17. 17.
    J. Haritsa, “Performance analysis of real-time database systems,” in Proc. of 10th IEEE Intl. Conf. on Data Engineering, February 1994.Google Scholar
  18. 18.
    J. Haritsa, M. Carey, and M. Livny, “On being optimistic about real-time constraints,” in Proc. of 9th ACM Symp. on Principles of Database Systems, April 1990.Google Scholar
  19. 19.
    J. Haritsa, M. Carey, and M. Livny, “Data access scheduling in firm real-time database systems,” Intl. Journal of Real-Time Systems, vol. 4, no. 3, 1992.Google Scholar
  20. 20.
    J. Haritsa, M. Livny, and M. Carey, “Earliest deadline scheduling for real-time database systems,” Proc. of 12th IEEE Real-Time Systems Symp., December 1991.Google Scholar
  21. 21.
    M. Kang and I. Moskowitz, “A pump for rapid, reliable, secure communication,” in Proc. 1st ACM Conf. on Computer and Communications Security, November 1994.Google Scholar
  22. 22.
    T. Keefe, W. Tsai, and J. Srivastava, “Multilevel secure database concurrency control,” in Proc. of 6th IEEE Intl. Conf. on Data Engineering, February 1990.Google Scholar
  23. 23.
    W. Lampson, “A note on the confinement problem,” Comm. of ACM, vol. 16, no. 10, pp. 613–615, October 1973.CrossRefGoogle Scholar
  24. 24.
    L. La Padula and D. Bell, “Secure computer systems: Unified exposition and multics interpretation,” The Mitre Corp., March 1976.Google Scholar
  25. 25.
    A.M. Law and C.S. Larney, Introduction to simulation using SIMSCRIPT II.5, CACI Products Company, La Jolla, Calif., 1984.Google Scholar
  26. 26.
    S.J. Leffler, M.K. McKusick, M.T. Karels, and J.S. Quarterman, The Design and Implementation of 4.3 BSD UNIX Operating System, Addison-Wesley, 1989.Google Scholar
  27. 27.
    Y. Lin and S. Son, “Concurrency control in real-time database systems by dynamic adjustment of serialization order,” in Proc. of 11th IEEE Real-Time Systems Symp., December 1990.Google Scholar
  28. 28.
    C.L. Liu and J.W. Layland, “Scheduling algorithms for multiprogramming in a hard real-time environment,” Journal of the ACM, vol. 20, no. 1, 1973.Google Scholar
  29. 29.
    R. Mukkamala and S. Son, “A secure concurrency control protocol for real-time databases,” in Proc. of Annual IFIP WG 11.3 Conference of Database Security, August 1995.Google Scholar
  30. 30.
    J. Robinson, “Design of concurrency control protocols for transaction processing systems,” Ph.D. thesis, Computer Sciences Dept., Carnegie Mellon University, 1982.Google Scholar
  31. 31.
    L. Sha, R. Rajkumar, and J. Lehoczky, “Priority inheritance protocols: An approach to real-time synchronization,” Tech. Rep. CMU-CS-87-181, Depts. of CS, ECE and Statistics, Carnegie Mellon University, 1987.Google Scholar
  32. 32.
    C. Shannon, “A mathematical theory of communications,” Bell Syst. Tech. J., vol. 27, no. 4, pp. 623–656, October 1948.MathSciNetGoogle Scholar
  33. 33.
    S. Son and R. David, “Design and analysis of a secure two-phase locking protocol,” in Proc. of Intl. Computer Software and Applications Conf., November 1994.Google Scholar
  34. 34.
    S. Son, R. David, and B. Thuraisingham, “An adaptive policy for improved timeliness in secure database systems,” in Proc. of Annual IFIP WG 11.3 Conference of Database Security, August 1995.Google Scholar
  35. 35.
    S. Son, R. David, and B. Thuraisingham, “Improving timeliness in real-time secure database systems,” SIGMOD Record (Special Issue on Real-Time Database Systems), vol. 25, no. 1, pp. 29–33, March 1996.Google Scholar
  36. 36.
    S. Son and B. Thuraisingham, “Towards a multilevel secure database management system for real-time applications,” in Proc. of IEEE Workshop on Real-Time Applications, May 1993.Google Scholar
  37. 37.
    S. Thomas, S. Seshadri, and J. Haritsa, “Integrating standard transactions in real-time database systems,” Information Systems, vol. 21, no. 1, March 1996.Google Scholar
  38. 38.
    B. Thuraisingham and H. Ko, “Concurrency control in trusted database management systems: A survey,” SIGMOD Record, vol. 22, no. 4, December 1993.Google Scholar

Copyright information

© Springer Science+Business Media New York 2000

Authors and Affiliations

  1. 1.Database Systems Lab, Indian Institute of ScienceBangaloreIndia

Personalised recommendations