This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Database Concurrency Control in Multilevel Secure Database Management Systems
December 1993 (vol. 5 no. 6)
pp. 1039-1055

Concurrent execution of transactions in database management systems (DBMSs) may lead to contention for access to data, which in a multilevel secure DBMS (MLS/DBMS) may lead to insecurity. Security issues involved in database concurrency control for MLS/DBMSs are examined, and it is shown how a scheduler can affect security. Data conflict security, (DC-security), a property that implies a system is free of covert channels due to contention for access to data, is introduced. A definition of DC-security based on noninterference is presented. Two properties that constitute a necessary condition for DC-security are introduced along with two simpler necessary conditions. A class of schedulers called output-state-equivalent is identified for which another criterion implies DC-security. The criterion considers separately the behavior of the scheduler in response to those inputs that cause rollback and those that do not. The security properties of several existing scheduling protocols are characterized. Many are found to be insecure.

[1] D. E. Bell and L. J. LaPadula, "Secure computer systems: Unified exposition and multics interpretations," Tech. Rep. MTR-2997, Mitre Corp., Mar. 1976.
[2] P.A. Bernstein, V. Hadzilacos, and N. Goodman,Concurrency Control and Recovery in Database Systems, Addison-Wesley, Reading, Mass., 1987.
[3] Proc. 1st Workshop Covert Channel Analysis, Cipher Newsletter, (Special Issue), Tech. Comm. Security and Privacy, IEEE Comput. Soc., July 1990.
[4] O. Costich, "Transaction processing using an untrusted scheduler in a multilevel database with replicated architecture," inProc. IFIP WG 11.3, 5th Working Conf. Database Security, Shepherdstown, WV, Nov. 1991.
[5] C. J. Date,An Introduction to Database Systems, vols. 1 and 2. Reading, MA: Addison-Wesley, vol. 1, 1981, vol. 2, 1983.
[6] Department of Defense Computer Security Center, "Department of defense trusted computed system evaluation criteria," DOD 5200.28- STD, Dec. 1985.
[7] A. R. Downing, I. B. Greenberg, and T. F. Lunt, "Issues in distributed database security," inProc. 5th Annu. Comput. Security Applicat. Conf., Tucson, AZ, Dec. 1989, pp. 196-203.
[8] M. Gasser,Building a Secure Computer System. New York: Van Nostrand Reinhold, 1988.
[9] J. A. Goguen and J. Meseguer, "Security policy and security models" inProc. IEEE Symp. Security, Privacy, 1982, pp. 11-20.
[10] J. A. Goguen and J. Meseguer, "Unwinding and inference control," inProc. IEEE Symp. Security, Privacy, 1984, pp. 75-86.
[11] J. T. Haigh and W. D. Young, "Extending the noninterference version of MLS for SAT,"IEEE Trans. Software Eng., vol. SE-13, pp. 141-150, Feb. 1987.
[12] T. J. Haigh, R. A. Kemmerer, J. McHugh, and W. D. Young, "An experience using two covert channel analysis techniques on a real system design,"IEEE Trans. Software Eng., vol. SE-13, Feb. 1987.
[13] J. T. Haigh, P. D. Stachour, P. A. Dwyer, E. Onuegbe, and M. B. Thuraisingham, "Secure distributed data views (LDV): Implementation specification for a database management system," A005: Interim Rep., Honeywell, May 1988.
[14] T. Hinke and M. Schaefer, "Secure data management system," RADC-TR-75-266 Final Rep., Syst. Develop. Corp., Nov. 1975.
[15] S. Jajodia and B. Kogan, "Transaction processing in multilevel-secure database using replicated architecture," inProc. IEEE Symp. Res. Security, Privacy, Oakland, CA, May 1990, pp. 360-368.
[16] T. F. Keefe, W. T. Tsai, and M. B. Thuraisingham, "SODA: A secure object-oriented database system,"Computers&Security, vol. 8, no. 6, pp. 517-533, Oct. 1989.
[17] T. F. Keefe, D. J. Thomsen, W. T. Tsai, and M. Hansch, "Multiparty update conflict: The problem and its solution," inProc. 5th Annu. Comput. Security Applicat. Conf., Tucson, AZ, Dec. 1989, pp. 222-231.
[18] T. F. Keefe and W. T. Tsai, "Multiversion concurrency control for multilevel secure database systems," inProc. 1990 IEEE Symp. Res. Security, Privacy, Oakland CA, May 1990, pp. 369-383.
[19] T. F. Keefe, "Multilevel secure database management systems," Ph.D. dissertation, Univ. Minnesota, Minneapolis, 1990.
[20] H. T. Kung and J. T. Robinson, "On optimistic methods for concurrency control,"ACM Trans. Database Syst., vol. 6, pp. 213-226, June 1981.
[21] C.E. Landwehr, "Formal Models of Computer Security,"ACM Computer Surveys SIGOPS, Sept. 1981, pp. 247-278.
[22] T. F. Lunt, D. E. Denning, R. R. Schell, M. Heckman, and W. R. Shockley, "The Sea View security model,"IEEE Trans. Software Eng., vol. 16, pp. 593-607, June 1990.
[23] W. T. Maimone and I. B. Greenberg, "Single-level multiversion schedulers for multilevel secure database systems," inProc. 6th Annu. Comput. Security Applicat. Conf., Tucson, AZ, Dec. 1990, OD. 137-147.
[24] D. McCullough, "A hookup theorem for multilevel security,"IEEE Trans. Software Eng., vol. 16, pp. 563-568. June 1990.
[25] "Oracle RDBMS: Database administrator's guide version 6.0," Oracle Corp. Belmont, CA, 1989.
[26] C.H. Papadimitriou,The Theory of Database Concurrency Control. Rockville, MD: Computer Science Press, 1986.
[27] D. P. Reed and R. K. Kanodia, "Synchronization with eventcounts and sequences,"Commun. ACM, vol. 22, pp. 115-123, Feb. 1979.
[28] W. R. Shockley, D. Warren, T. C. Cheung, and D. R. Schell, "Secure distributed data views system specification," RADC-TR-89-313, vol. V, Final Tech. Rep., Comput. Sci. Lab., SRI International, Menlo Park, CA, Dec. 1989.
[29] J. D. Ullman,Database and Knowledge-base Systems. Rockville, MD: Computer Science Press, 1988.
[30] L. Vetter, G. Smith, and T. F. Lunt, "TCB subsets: the next step," inProc. 5th Annu. Comput. Security Applicat. Conf., Tucson, AZ, Dec. 1989, pp. 216-221.
[31] J. T. Wittbold and D. M. Johnson, "Information flow in nondeterministic systems, " inProc. 1990 IEEE Symp. Res. Security, Privacy, Oakland, CA, May 1990, pp. 144-161.

Index Terms:
database concurrency control; multilevel secure database management systems; concurrent transaction execution; contention; multilevel secure DBMS; MLS/DBMS; security issues; data conflict security; covert channels; output-state-equivalent; DC-security; rollback; scheduling protocols; concurrency control; distributed databases; scheduling; security of data; transaction processing
Citation:
T.F. Keefe, W.T. Tsai, J. Srivastava, "Database Concurrency Control in Multilevel Secure Database Management Systems," IEEE Transactions on Knowledge and Data Engineering, vol. 5, no. 6, pp. 1039-1055, Dec. 1993, doi:10.1109/69.250090
Usage of this product signifies your acceptance of the Terms of Use.