This Article 
 Bibliographic References 
 Add to: 
Advanced Transaction Processing in Multilevel Secure File Stores
January/February 1998 (vol. 10 no. 1)
pp. 120-135

Abstract—The concurrency control requirements for transaction processing in a multilevel secure file system are different from those in conventional transaction processing systems. In particular, there is the need to coordinate transactions at different security levels avoiding both potential timing covert channels and the starvation of transactions at higher security levels. Suppose a transaction at a lower security level attempts to write a data item that is being read by a transaction at a higher security level. On the one hand, a timing covert channel arises if the transaction at the lower security level is either delayed or aborted by the scheduler. On the other hand, the transaction at the high security level may be subjected to an indefinite delay if it is forced to abort repeatedly. This paper extends the classical two-phase locking mechanism to multilevel secure file systems. The scheme presented here prevents potential timing covert channels and avoids the abort of higher level transactions nonetheless guaranteeing serializability. The programmer is provided with a powerful set of linguistic constructs that supports exception handling, partial rollback, and forward recovery. The proper use of these constructs can prevent the indefinite delay in completion of a higher level transaction, and allows the programmer to trade off starvation with transaction isolation.

[1] Camelot and Avalon: A Distributed Transaction Facility, J.L. Eppinger, L.B. Mummert, and A.Z. Spector, eds., San Mateo, Calif.: Morgan Kaufman, 1991.
[2] S.K. Shrivastava and D.L. McCue, "Structuring Fault-Tolerant Object Systems for Modularity in a Distributed Environment," IEEE Trans. Parallel and Disributed Systems, vol. 5, no. 4, pp. 421-432, 1994.
[3] D.E. Bell and L.J. LaPadula, "Secure Computer Systems: Unified Exposition and Multics Interpretation," Technical Report MTR-2997, Mitre Corp., Bedford, Mass., Mar. 1976.
[4] B.W. Lampson, “A Note on the Confinement Problem,” Comm. ACM, vol. 16, no. 10, pp. 613–615, 1973.
[5] D.E.R. Denning, Cryptography and Data Security. Addison-Wesley, 1983.
[6] T.F. Keefe, W.T. Tsai, and J. Srivastava, “Multilevel Secure Database Concurrency Control,” Proc. Sixth Int'l Conf. Data Eng., pp. 337–344, 1990.
[7] L. Lamport, "Concurrent Reading and Writing," Comm. ACM, vol. 20, no. 11, pp. 806-811, Nov. 1997.
[8] D.P. Reed and R.K. Kanodia, "Synchronization with Eventcounts and Sequencers," Comm. ACM, vol. 22, no. 2, pp. 115-123, Feb. 1979.
[9] M. Schaefer, "Quasi-Synchronization of Readers and Writers in a Secure Multi-Level Environment," Technical Report TM-5407/003, Systems Development Corp., Sept. 1974.
[10] P. Ammann and S. Jajodia, "A Timestamp Ordering Algorithm for Secure, Single-Version, Multi-Level Databases," Database Security, V: Status and Prospects, C.E. Landwehr, ed., pp. 23-25,Amsterdam: NorthHolland, 1992.
[11] Oracle Corp., Trusted Oracle Administrator's Guide,Redwood City, Calif., 1992.
[12] S. Jajodia and V. Atluri, “Alternative Correctness Criteria for Concurrent Execution of Transactions in Multilevel Secure Databases,” Proc. IEEE Symp. Security and Privacy, pp. 216–224, 1992.
[13] Informix Software Inc., Informix-OnLine/Secure Administrator's Guide,Menlo Park, Calif, Apr. 1993.
[14] Informix Software Inc., Informix-OnLine/Secure Security Features User's Guide,Menlo Park, Calif, Apr. 1993.
[15] F. Cristian, "Exception Handling and Software Fault Tolerance," IEEE Trans. Computers, vol. 31, no. 6, pp. 531-540, June 1982.
[16] J. Gray and A. Reuter, Transaction Processing: Concepts and Techniques, Morgan Kauffman, 1993.
[17] M.A. Schaffer and G. Walsh, "LOCK/ix: On Implementing Unix on the LOCK TCB," Proc. 11th Nat'l Computer Security Conf., pp. 17-20, Oct. 1988.
[18] C.E. Irvine, T.B. Achesonk, and M.F. Thompson, "Building Trust Into a Multilevel File System," Proc. 13th Nat'l Computer Security Conf.,Washington, D.C., 1990.
[19] C.E. Irvine, "A Multilevel File System for High Assurance," Proc. IEEE Symp. Security and Privacy,Oakland, Calif., May 1995.
[20] P. Bernstein, V. Hadzilacos, and N. Goodman, Concurrency Control and Recovery in Database Systems. Addison-Wesley, 1987.
[21] E. Bertino, S. Jajodia, L. Mancini, and I. Ray, "Advanced Transaction Processing in Multilevel Secure File Stores," Technical Report ISSE-TR-95-113, ISSE Department, George Mason Univ., Fairfax, Va., 1995.

Index Terms:
Data management system, file system management, transaction processing, concurrency control, two-phase locking, exception handling, security kernel, mandatory access control, covert channels.
Elisa Bertino, Sushil Jajodia, Luigi Mancini, Indrajit Ray, "Advanced Transaction Processing in Multilevel Secure File Stores," IEEE Transactions on Knowledge and Data Engineering, vol. 10, no. 1, pp. 120-135, Jan.-Feb. 1998, doi:10.1109/69.667095
Usage of this product signifies your acceptance of the Terms of Use.