This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Integrating Security and Real-Time Requirements Using Covert Channel Capacity
November/December 2000 (vol. 12 no. 6)
pp. 865-879

Abstract—Database systems for real-time applications must satisfy timing constraints associated with transactions in addition to maintaining data consistency. In addition to real-time requirements, security is usually required in many applications. Multilevel security requirements introduce a new dimension to transaction processing in real-time database systems. In this paper, we argue that, due to the conflicting goals of each requirement, trade-offs need to be made between security and timeliness. We first define mutual information, a measure of the degree to which security is being satisfied by a system. A secure two-phase locking protocol is then described and a scheme is proposed to allow partial violations of security for improved timeliness. Analytical expressions for the mutual information of the resultant covert channel are derived and a feedback control scheme is proposed that does not allow the mutual information to exceed a specified upper bound. Results showing the efficacy of the scheme obtained through simulation experiments are also discussed.

[1] R.K. Abbott and H. Garcia-Molina, “Scheduling Real-Time Transactions: A Performance Evaluation,” ACM Trans. Database Systems, vol. 17, no. 3, pp. 513–560, Sept. 1992.
[2] Q. Ahmed and S. Vrbsky, “Maintaining Security in Firm Real-Time Database Systems,” Proc. 14th Ann. Computer Security Applications Conf., 1998.
[3] D.E. Bell and L.J. LaPadula, “Secure Computer Systems: Unified Exposition and Multics Interpretation,” The Mitre Corp, 1976.
[4] P. Bernstein, V. Hadzilacos, and N. Goodman, Concurrency Control and Recovery in Database Systems. Addison-Wesley, 1987.
[5] P. Boucher et al., “Toward a Multilevel-Secure, Best-Effort, Real-Time Scheduler,” Proc. Fourth IFIP Working Conf. Dependable Computing for Critical Applications, Jan. 1994.
[6] R. David and S.H. Son, “A Secure Two Phase Locking Protocol,” Proc. 12th Symp. Reliable Distributed Systems, pp. 126–135, Oct. 1993.
[7] B. George and J. Haritsa, “Secure Transaction Processing in Firm Real-Time Database Systems,” Proc. ACM SIGMOD Conf., May 1997.
[8] J.A. Goguen and J. Meseguer, “Security Policy and Security Models,” Proc. IEEE Symp. Security and Privacy, pp. 11–20, 1982.
[9] J. Gray, ”On Introducing Noise into the Bus-Contention Channel,” Proc. IEEE Symp. Security and Privacy, pp. 90–98, 1993.
[10] I. Greenberg et al., The Secure Alpha Study—Final Summary Report. CS Lab, SRI Int'l, 1993.
[11] W.-M. Hu, “Reducing Timing Channels with Fuzzy Time,” Proc. IEEE Symp. Security and Privacy, pp. 8–20, 1991.
[12] S. Jajodia and V. Atluri, “Alternative Correctness Criteria for Concurrent Execution of Transactions in Multilevel Secure Databases,” Proc. IEEE Symp. Security and Privacy, pp. 216–224, 1992.
[13] T.F. Keefe, W.T. Tsai, and J. Srivastava, “Multilevel Secure Database Concurrency Control,” Proc. Sixth Int'l Conf. Data Eng., pp. 337–344, 1990.
[14] B.W. Lampson, “A Note on the Confinement Problem,” Comm. ACM, vol. 16, no. 10, pp. 613–615, 1973.
[15] J. Lee and S.H. Son, “Concurrency Control Algorithms for Real-Time Database Systems,” Performance of Concurrency Control Mechanisms in Centralized Database Systems, V. Kumar, ed., pp. 429–460, Prentice Hall, 1995.
[16] J.K. Millen, “Finite-State Noiseless Covert Channels,” Proc. Second Computer Security Foundations Workshop, pp. 81–86, 1989.
[17] I.S. Moskowitz and A.R. Miller, “The Channel Capacity of a Certain Noisy Timing Channel,” IEEE Trans. Information Theory, vol. 38, no. 4, pp. 1,339–1,344, July 1992.
[18] I.S. Moskowitz and M.H. Kang, “Covert Channels—Here to Stay?” Proc. Ninth Ann. Conf. Safety, Reliability, Fault Tolerance, Concurrency, and Real Time Security (COMPASS '94), pp. 235–243, 1994.
[19] I. Mostowitz, S. Greenwald, and M. Kang, “An Analysis of Timed Z-Channel,” Proc. IEEE Symp. Security and Privacy, pp. 2–11, 1996.
[20] R. Mukkamala and S.H. Son, “A Secure Concurrency Control Protocol for Real-Time Databases,” Proc. Database Security IX: Status and Prospects, D.L. Spooner, ed., pp. 215–230, 1996.
[21] C. Park, S. Park, and S.H. Son, ”Priority-Driven Secure Multiversion Locking Protocol for Real-Time Secure Database Systems,” Proc. Database Security XI: Status and Prospects, T.Y. Lin and S. Qian, eds., pp. 229–244, 1998.
[22] L. Sha, R. Rajkumar, and J.P. Lehoczky, “Priority Inheritance Protocol: An Approach to Real-Time Synchronization,” technical report, Computer Science Dept., Carnegie-Mellon Univ., 1987.
[23] C.E. Shannon and W. Weaver, The Mathematical Theory of Communication. Urbana, IL, Univ. of Illinois Press, 1949.
[24] S.H. Son, J. Lee, and Y. Lin, “Hybrid Protocols Using Dynamic Adjustment of Serialization Order for Real-Time Concurrency Control,” Real-Time Systems J., vol. 4, no. 3, pp. 269–276, 1992.
[25] S.H. Son and B. Thuraisingham, “Towards a Multilevel Secure Database Management System for Real-Time Applications,” Proc. IEEE Workshop Real-Time Applications, pp. 131–135, May 1993.
[26] S.H. Son and R. David, “Design and Analysis of a Secure Two-Phase Locking Protocol,” Proc. 18th Int'l Computer Software and Applications Conf. (COMPSAC '94), pp. 374–379, 1994.
[27] S.H. Son, R. David, and C. Chaney, “Design and Analysis of an Adaptive Policy for Secure Real-Time Locking Protocol,” J. Information Sciences, vol. 99,nos. 1–2, pp. 101–135, June 1997.
[28] S.H. Son, C. Chaney, and N. Thomlinson, “Partial Security Policies to Support Timeliness in Secure Real-Time Databases,” Proc. IEEE Symp. Security and Privacy, pp. 136–147, 1998.
[29] B. Timmerman, “A Security Model for Dynamic Adaptive Traffic Masking,” Proc. New Security Paradigms Workshop, pp. 1–25, Sept. 1997.
[30] J. Wray, “An Analysis of Covert Timing Channels,” Proc. IEEE Symp. Security and Privacy, pp. 2–7, 1991.
[31] M. Zurko and R. Simon, “User-Centered Security,” Proc. New Security Paradigms Workshop, pp. 27–33, 1996.

Index Terms:
Concurrency control, covert channel analysis, database systems, locking protocols, multilevel security, real-time systems.
Citation:
Sang H. Son, Ravi Mukkamala, Rasikan David, "Integrating Security and Real-Time Requirements Using Covert Channel Capacity," IEEE Transactions on Knowledge and Data Engineering, vol. 12, no. 6, pp. 865-879, Nov.-Dec. 2000, doi:10.1109/69.895799
Usage of this product signifies your acceptance of the Terms of Use.