Multilevel Secure Transaction Processing: Status and Prospects

Atluri, Vijayalakshmi; Jajodia, Sushil; Keefe, T.F.; McCollum, Catherine D.; Mukkamala, Ravi

doi:10.1007/978-0-387-35167-4_6

Cited by 22 publications

(9 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In both 2PL and TO algorithms, whenever there is contention for the same data item by transactions executing at different security levels, a lower level transaction may be either delayed or suspended to ensure correct execution. In such a scenario, two colluding transactions executing at high and low security levels can establish an information flow channel from a high security level to a low security level by accessing the selected data item according to some agreed-upon code [12].…”

Section: Multilevel Secure Transaction Processingmentioning

confidence: 99%

A Multi-Purpose Implementation of Mandatory Access Control in Relational Database Management Systems

RJAIBI¹,

BIRD²

2004

Proceedings 2004 VLDB Conference

View full text Add to dashboard Cite

Mandatory Access Control (MAC) implementations in Relational Database Management Systems (RDBMS) have focused solely on Multilevel Security (MLS). MLS has posed a number of challenging problems to the database research community, and there has been an abundance of research work to address those problems. Unfortunately, the use of MLS RDBMS has been restricted to a few government organizations where MLS is of paramount importance such as the intelligence community and the Department of Defense. The implication of this is that the investment of building an MLS RDBMS cannot be leveraged to serve the needs of application domains where there is a desire to control access to objects based on the label associated with that object and the label associated with the subject accessing that object, but where the label access rules and the label structure do not necessarily match the MLS two security rules and the MLS label structure. This paper introduces a flexible and generic implementation of MAC in RDBMS that can be used to address the requirements from a variety of application domains, as well as to allow an RDBMS to efficiently take part in an end-to-end MAC enterprise solution. The paper also discusses the extensions made to the SQL compiler component of an RDBMS to incorporate the label

show abstract

Section: Multilevel Secure Transaction Processingmentioning

confidence: 99%

A Multi-Purpose Implementation of Mandatory Access Control in Relational Database Management Systems

RJAIBI¹,

BIRD²

2004

Proceedings 2004 VLDB Conference

View full text Add to dashboard Cite

show abstract

“…Other secure schedulers such as secure represents its classification level. An MLS distributed database optimistic scheduler and secure timestamp ordering also management system (MLS/DDBMS) can be shared by users at exhibit this problem [3]. …”

mentioning

confidence: 99%

Design And Analysis Of Secure Scheduler For MLS Distributed Database Systems

Kaur

Saini

Singh

2009

2009 IEEE International Advance Computing Conference

View full text Add to dashboard Cite

Multilevel security requirements introduce a newA database scheduler is an integral part of a database dimension to traditional database schedulers as they cause covert system that is responsible for concurrency control functions. channels. To prevent covert channels, scheduler for multilevel The objective of concurrency control is to allow concurrent secure database should ensure that transactions at low security execution of transactions without violating the consistency of level are never delayed by high security level transactions in the the database [7]. Various schedulers for concurrency control event of a data conflict. This may subjected to an indefinite delay have been proposed [7,8,9,10]. Among them two phase if it is forced to abort repeatedly to high security level locking [7] is the one most commonly adopted in the design of transactions and making the secure scheduler unfair towards commercial products. However, conventional two-phase high security level transactions [12]. This paper proposes secure locking scheduler is not suitable for MLS/DDBMS, because database scheduler that is based on both optimistic and locking techniques (SO2PL) for multilevel secure distributed database they channel the uexpeed commniction path called systems. The proposed database scheduler is free from covert covert channel [2] between transactions having different channels without starving the high security level transactions. security levels that have shared access to data item in the Through a simulation study we evaluate the performance of the database. In order for an MLS/DDBMS to be correct, it has to So2PL and compare it with S2PL scheduler. satisfy two more requirements in addition to data consistency. One is the elimination of covert channels [2] and the other is Keywords-distributed database, scheduler,Multilevel DDBMS, the prevention of the starvations of high security level Secure optimistic two phase locking transactions.Several schedulers for centralized MLS/DBMS that are free I. INTRODUCTION from covert channels have been proposed in the literature [3,13]. Most of these schedulers prevent covert channels byIn many applications such as military, government providing a higher priority to low transaction whenever a data agencies, hospitals, multiple users share the same database, and conflict occurs between a high and a low security transaction. some of the users can have restricted access (read/write) to A secure locking based scheduler called S2PL modified the information from the database. Many ofthese applications are 2PL scheduler to covert channel free scheduler. In this inherently distributed in nature. Hence, it is necessary to scheduler, when a low security level transaction requests for a provide security for distributed databases. One common lock on a data item that is currently held by a high security technique for supporting the security can be a multilevel level transaction, the high security level transaction is aborted security (MLS).The basic model of MLS was introduced by to release the loc...

show abstract

“…Conventional concurrency control algorithms such as two-phase locking are not suitable for multilevel secure databases based on kernelized architecture, because they introduce a timing channel between transactions of different security levels that have shared access to objects in the database [3]. For example, under two-phase locking, a low transaction is delayed when it requests access to a data item that is locked by a high transaction.…”

Section: Introductionmentioning

confidence: 98%

“…In addition, this concurrency control algorithm makes the database vulnerable to denial of service attacks. Secure versions of other concurrency control algorithms such as optimistic concurrency control and timestamp ordering also exhibit this problem [3].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A fair locking protocol for multilevel secure databases

Jajodia

Mancini²,

Setia³

Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238)

View full text Add to dashboard Cite

Most concurrency control algorithms for multilevel secure databases based on kernelized architecture prevent covert channels between transactions at different security levels by preempting the high security transaction in the event of a data conflict with a lower security transaction. In environments with moderate to high levels of contention between low and high security transactions, this can lead to poor performance and even starvation of high security transactions. In this paper, we examine this problem of unfairness in concurrency control mechanisms for secure databases. Based on an analysis of the performance of a secure version of twophase locking, we propose three different modifications to the protocol that address the problem of starvation of high security transactions. Through a detailed simulation study, we examine the fairness and performance of these approaches for a variety of workloads.

show abstract

Multilevel Secure Transaction Processing: Status and Prospects

Cited by 22 publications

References 14 publications

A Multi-Purpose Implementation of Mandatory Access Control in Relational Database Management Systems

A Multi-Purpose Implementation of Mandatory Access Control in Relational Database Management Systems

Design And Analysis Of Secure Scheduler For MLS Distributed Database Systems

A fair locking protocol for multilevel secure databases

Contact Info

Product

Resources

About