Using Two-Phase Commit for Crash Recovery in Federated Multilevel Secure Database Management Systems

  • Sushil Jajodia
  • Catherine McCollum
Part of the Dependable Computing and Fault-Tolerant Systems book series (DEPENDABLECOMP, volume 8)


In a federated database management system, a collection of autonomous database management systems (DBMSs) agree to cooperate to make data available for sharing and to process distributed retrieval and update queries. Distributed transactions can access data across multiple DBMSs. Securing such an environment requires a method that coordinates processing of these distributed requests to provide distributed transaction atomicity without security compromise. An open question is how much of its scheduling process an individual DBMS must expose to the federation in order to allow sufficient coordination of distributed transactions. In this paper, we address the application of the two-phase commit protocol, which is emerging as the dominant method of providing transaction atomicity for crash recovery in the conventional (single-level) distributed DBMS area, to the federated multilevel secure (MLS) DBMS environment. We discuss the limits of its applicability and identify the conditions that must be satisfied by the individual DBMSs in order to participate in the federation.


Data Element Security Model Database Management System Signalling Channel Federate System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    P. Ammann, S. Jajodia. A Timestamp Ordering Algorithm for Secure, Single-Version, Multi-Level Databases. In: Database Security, V: Status and Prospects, C. Landwehr, S. Jajodia eds., North-Holland, 1992, pp. 191-202.Google Scholar
  2. [2]
    D. E. Bell, L. J. LaPadula. Secure Computer System: Unified Exposition and Multics Interpretation. Technical Report MTR-2997, MITRE Corp., Bedford, MA, July 1975.Google Scholar
  3. [3]
    P. A. Bernstein, V. Hadzilacos, N. Goodman. Concurrency Control and Recovery in Database Systems. Addison-Wesley, 1987.Google Scholar
  4. [4]
    S. Ceri, G. Pelagatti. Distributed Databases; Principles and Systems. McGraw-Hill, 1984.Google Scholar
  5. [5]
    O. Costich. Transaction Processing Using an Untrusted Scheduler in a Multilevel Database with Replicated Architecture. In: Database Security, V: Status and Prospects, C. Landwehr, S. Jajodia eds., North-Holland, 1992, pp. 173-190.Google Scholar
  6. [6]
    D. E. Denning. Cryptography and Data Security. Addison-Wesley, 1981.Google Scholar
  7. [7]
    H. Garcia-Molina, R. K. Abbott. Reliable Distributed Database Management. Proc. of the IEEE, Vol. 75, No. 5, May 1987, pp. 601–620.CrossRefGoogle Scholar
  8. [8]
    J. N. Gray. Notes on Database Operating Systems. Operating Systems: An Advanced Course, Lecture Notes in Computer Science, Vol. 60, Springer-Verlag, 1978, pp. 394–481.Google Scholar
  9. [9]
    Informal discussion with Paula Hawthorn. November 1991.Google Scholar
  10. [10]
    D. Heimbigner, D. McLeod. A Federated Architecture for Information Management. ACM Transactions on Office Information Systems, Vol. 3, No. 3, July 1985, pp. 253–278.CrossRefGoogle Scholar
  11. [11]
    S. Jajodia, B. Kogan. Transaction Processing in Multilevel-Secure Databases Using Replicated Architecture. Proc. IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1990, pp. 360-368.Google Scholar
  12. [12]
    B. Lampson, H. Sturgis. Crash Recovery in a Distributed Data Storage System. Technical Report, Computer Science Laboratory, Xerox, Palo Alto Research Center, Palo Alto, CA, 1976.Google Scholar
  13. [13]
    G. H. MacEwen. Effects of Distributed System Technology on Database Security: A Survey. In: Database Security: Status and Prospects, C.E. Landwehr ed., North-Holland, 1988, pp. 253-261.Google Scholar
  14. [14]
    C. D. McCollum, L. Notargiacomo. Distributed Concurrency Control with Optional Data Replication. In: Database Security, V: Status and Prospects, C. Landwehr, S. Jajodia eds., North-Holland, 1992, pp. 149-172.Google Scholar
  15. [15]
    J. McHugh, B. M. Thuraisingham. Multilevel Security Issues in Distributed Database Management Systems. Computers and Security, Vol. 7, No. 4, August, 1988, pp. 387–396.CrossRefGoogle Scholar
  16. [16]
    C. Mohan, B. Lindsay, R. Obermarck. Transaction Management in the R* Distributed Database Management System. ACM Transactions on Database Systems, Vol. 11, No. 4, December 1986, pp. 378–396.CrossRefGoogle Scholar
  17. [17]
    M. T. Özsu, P. Valduriez. Principles of Distributed Database Systems. Prentice-Hall, 1991.Google Scholar
  18. [18]
    D. Skeen. Nonblocking Commit Protocols. Proc. ACM SIGMOD International Conference on Management of Data, Ann Arbor, Michigan, 1981, pp. 133-147.Google Scholar

Copyright information

© Springer-Verlag Wien 1993

Authors and Affiliations

  • Sushil Jajodia
    • 1
  • Catherine McCollum
    • 1
  1. 1.The MITRE CorporationMcLeanUSA

Personalised recommendations