Transaction processing in multilevel secure databases with kernelized architecture: Challenges and solutions

Multilevel security requirements introduce a newA database scheduler is an integral part of a database dimension to traditional database schedulers as they cause covert system that is responsible for concurrency control functions. channels. To prevent covert channels, scheduler for multilevel The objective of concurrency control is to allow concurrent secure database should ensure that transactions at low security execution of transactions without violating the consistency of level are never delayed by high security level transactions in the the database [7]. Various schedulers for concurrency control event of a data conflict. This may subjected to an indefinite delay have been proposed [7,8,9,10]. Among them two phase if it is forced to abort repeatedly to high security level locking [7] is the one most commonly adopted in the design of transactions and making the secure scheduler unfair towards commercial products. However, conventional two-phase high security level transactions [12]. This paper proposes secure locking scheduler is not suitable for MLS/DDBMS, because database scheduler that is based on both optimistic and locking techniques (SO2PL) for multilevel secure distributed database they channel the uexpeed commniction path called systems. The proposed database scheduler is free from covert covert channel [2] between transactions having different channels without starving the high security level transactions. security levels that have shared access to data item in the Through a simulation study we evaluate the performance of the database. In order for an MLS/DDBMS to be correct, it has to So2PL and compare it with S2PL scheduler. satisfy two more requirements in addition to data consistency. One is the elimination of covert channels [2] and the other is Keywords-distributed database, scheduler,Multilevel DDBMS, the prevention of the starvations of high security level Secure optimistic two phase locking transactions.Several schedulers for centralized MLS/DBMS that are free I. INTRODUCTION from covert channels have been proposed in the literature [3,13]. Most of these schedulers prevent covert channels byIn many applications such as military, government providing a higher priority to low transaction whenever a data agencies, hospitals, multiple users share the same database, and conflict occurs between a high and a low security transaction. some of the users can have restricted access (read/write) to A secure locking based scheduler called S2PL modified the information from the database. Many ofthese applications are 2PL scheduler to covert channel free scheduler. In this inherently distributed in nature. Hence, it is necessary to scheduler, when a low security level transaction requests for a provide security for distributed databases. One common lock on a data item that is currently held by a high security technique for supporting the security can be a multilevel level transaction, the high security level transaction is aborted security (MLS).The basic model of MLS was introduced by to release the loc...

show abstract

“…INTRODUCTION from covert channels have been proposed in the literature [3,13]. Most of these schedulers prevent covert channels by…”

Section: Multilevel Security Requirements Introduce a Newmentioning

confidence: 99%

Design And Analysis Of Secure Scheduler For MLS Distributed Database Systems

Kaur

Saini

Singh

2009

2009 IEEE International Advance Computing Conference

View full text Add to dashboard Cite

show abstract

“…Several approaches have been proposed for centralized secure concurrency control in MLS/DBMSs. Most of these are either extension of the 2PL protocol or of timestamp-based protocols (Atluri, Jajodia & Bertino, 1997). The performance of secure concurrency control algorithms has also been studied (Son &David, 1994 andSohn &Moon, 2000.).…”

Section: Introductionmentioning

confidence: 99%

Secure Concurrency Control Algorithm for Multilevel Secure Distributed Database Systems

Kaur¹,

Singh²,

Sidhu³

2005

Proceedings of the Seventh International Conference on Enterprise Information Systems

View full text Add to dashboard Cite

Majority of the research in multilevel secure database management systems (MLS/DBMS) focuses primarily on centralized database systems. However, with the demand for higher performance and higher availability, database systems have moved from centralized to distributed architectures, and the research in multilevel secure distributed database management systems (MLS/DDBMS) is gaining more and more prominence. Concurrency control is an integral part of database systems. Secure concurrency control algorithms proposed in literature achieve correctness and security at the cost of declined performance of high security level transactions. These algorithms infringe the fairness in processing transactions at different security levels. Though the performance of different concurrency control algorithms have been explored extensively for centralized multilevel secure database management systems but to the best of author's knowledge the relative performance of transactions at different security levels using secure concurrency control algorithm for MLS/DDBMS has not been reported yet. To fill this gap, this paper presents a detailed simulation model of a distributed database system and investigates the performance price paid for maintaining security with concurrency control in a distributed database system. The paper investigates the relative performance of transactions at different security levels.

show abstract

“…It has been found that signaling channels exist in classical transaction processing protocols (described in Chapter 3), especially concurrency control protocols, when a database system using these protocols is extended to a multilevel secure database system [AJB97]. Eliminating such signaling channels is one of the main challenges in developing a multilevel secure database system.…”

Section: * Propertymentioning

confidence: 99%

“…For a multilevel secure (MLS) database system, traditional concurrency control and recovery protocols, however, are usually not enough to satisfy security requirements [AJB97], especially, they can cause signaling channels from high level processes to low level processes. Therefore, secure transaction processing is required.…”

Section: Fix Information Maintenancementioning

confidence: 99%