A Model of Atomicity for Multilevel Transactions

Data management applications that use multilevel DBMS capabilities have the requirement to read and write objects at multiple levels within the bounds of a multilevel transaction. Unfortunately, execution of multilevel transactions cannot generally meet both secrecyrequirements and the transaction atomicity requirement used in conventional DBMSS. Aborting or delaying operations occurring at lower security levels based on theresults of write attempts at higher security levels creates information flows that violate multilevel security restrictions. In this paper, we offer a model of multilevel atomicity that defines varying degrees of atomicity and recognizes that lower security level operations within a transaction must be able to commit or abort independently of higher security level operations. We provide execution graphs as a tool for analyzing atomicity requirements inconjunction with internal semantic interdependencies among the operations of a transaction. and prove rules for determining the greatest degree of atomicity that can be attained for a given multilevel transaction. Finally, we present several alternative transaction managementalgorithms that can be used to preserve multilevel atomicity.