research-article

Correctness Criteria for Multilevel Secure Transactions

Authors:

Kenneth P. Smith,

Barbara T. Blaustein,

Sushil Jajodia,

LouAnna NotargiacomoAuthors Info & Claims

IEEE Transactions on Knowledge and Data Engineering, Volume 8, Issue 1

Pages 32 - 45

https://doi.org/10.1109/69.485627

Published: 01 February 1996 Publication History

Abstract

The benefits of distributed systems and shared database resources are widely recognized, but they often cannot be exploited by users who must protect their data by using label-based access controls. In particular, users of label-based data need to read and write data at different security levels within a single database transaction, which is not currently possible without violating multilevel security constraints. This paper presents a formal model of multilevel transactions which provide this capability. We define four ACIS (atomicity, consistency, isolation, and security) correctness properties of multilevel transactions. While atomicity, consistency and isolation are mutually achievable in standard single-site and distributed transactions, we show that the security requirements of multilevel transactions conflict with some of these goals. This forces trade-offs to be made among the ACIS correctness properties, and we define appropriate partial correctness properties. Due to such trade-offs, an important problem is to design multilevel transaction execution protocols which achieve the greatest possible degree of correctness. These protocols must provide a variety of approaches to making trade-offs according to the differing priorities of various users. We present three transaction execution protocols which achieve a high degree of correctness. These protocols exemplify the correctness trade-offs proven in the paper, and offer realistic implementation options.

References

[1]

D.E. Bell and L.J. LaPadula, "Secure computer system: Unified exposition and multics interpretation," Technical Report MTR-2997, Mitre Corp., Bedford, Mass., July 1975.

[2]

P.A. Bernstein, V. Hadzilacos and N. Goodman, Concurrency Control and Recovery in Database Systems, Addison-Wesley, 1987.

Digital Library

[3]

B.T. Blaustein, S. Jajodia, V.E. Jones, C.J. McCollum, L. Notargiacomo, K.P. Smith and A.S. Rosenthal, MUSET Multilevel Secure Distributed Database Management System, MTR 93W0000236, Mitre Corp., McLean, Va., Dec. 1993.

[4]

B.T. Blaustein, S. Jajodia, C.J. McCollum and L. Notargiacomo, "A model of atomicity for multilevel transactions," Proc. IEEE Symp. Research in Security and Privacy, Oakland, Calif., pp. 120-134, May 1993.

Digital Library

[5]

O. Costich, "Transaction processing using an untrusted scheduler in a multilevel database with replicated architecture," Database Security, V: Status and Prospects, C.E. Landwehr and S. Jajodia, eds., North-Holland, pp. 173-190, 1992.

Digital Library

[6]

O. Costich and J. McDermott, "A multilevel transaction problem for multilevel secure database systems and its solution for the replicated architecture," Proc. IEEE Symp. Research in Security and Privacy, Oakland, Calif., pp. 192-203, May 1992.

Digital Library

[7]

O. Costich and S. Jajodia, "Maintaining multilevel transaction atomicity in MLS database systems with kernelized architecture," Database Security VI: Status and Prospects, B.M. Thuraisingham and C.E. Landwehr, eds., North-Holland, pp. 249-265, 1993.

Digital Library

[8]

A. Goguen and J. Meseguer, "Security policies and security models," Proc. 1982 Symp. Security and Privacy, Oakland, Calif., Apr. 1982.

[9]

J. Gray and A. Reuter, Transaction Processing: Concepts and Techniques. Morgan Kaufmann, 1993.

Digital Library

[10]

INFORMIX Guide to SQL, Apr. 1993.

Digital Library

[11]

S. Jajodia and B. Kogan, "Transaction processing in multi-level-secure databases using replicated architecture," Proc. IEEE Symp. Research in Security and Privacy, Oakland, Calif., pp. 360-368, May 1990.

[12]

S. Jajodia and V. Atluri, "Alternative correctness criteria for concurrent execution of transactions in multilevel secure databases," Proc. IEEE Symp. Research in Security and Privacy, Oakland, Calif., pp. 216-224, May 1992.

Digital Library

[13]

T.F. Keefe and W.T. Tsai, "Multilevel concurrency control for multilevel secure database systems," Proc. IEEE Symp. Research in Security and Privacy, Oakland, Calif., pp. 369-383, May 1990.

[14]

W. Maimone and I. Greenberg, "Single-level multiversion schedules for multilevel secure database systems," Proc. Sixth Ann. Computer Security Applications Conf. Tucson, Ariz., pp. 137-147, Dec. 1990.

[15]

ORACLE 7 Server: SQL Language Reference Manual, Dec. 1992.

[16]

K.P. Smith, "Execution reordering for multilevel secure rules," Proc. Fourth Int'l Workshop Research Issues in Data Engineering: Active Database Systems (RIDE-ADS 94), pp. 98-104, Houston, Feb. 1994.

[17]

K.P. Smith, B.T. Blaustein, M.S. Collins, V. Doshi, S. Jajodia and L. Notargiacomo, MUSET MLS Distributed DBMS Design Report, MTR 95W0000004, Mitre Corp., McLean, Va., Jan. 1995.

[18]

Sybase Secure SQL Server Reference Manual, Dec. 1993.

Cited By

Pandey SShanker URanu SGanguly NRamakrishnan RSarawagi SRoy S(2018)Priority inversion in DRTDBSProceedings of the ACM India Joint International Conference on Data Science and Management of Data10.1145/3152494.3167976(305-309)Online publication date: 11-Jan-2018
https://dl.acm.org/doi/10.1145/3152494.3167976
Sheff IMagrino TLiu JMyers Avan Renesse RWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)Safe Serializable Secure SchedulingProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978415(229-241)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978415
Jukic NNestorov SVrbsky S(2003)Closing the key loophole in MLS databasesACM SIGMOD Record10.1145/776985.77698732:2(15-20)Online publication date: 1-Jun-2003
https://dl.acm.org/doi/10.1145/776985.776987
Show More Cited By

Index Terms

Correctness Criteria for Multilevel Secure Transactions

Recommendations

Alternative Correctness Criteria for Concurrent Execution of Transactions in Multilevel Secure Databases

This paper investigates issues related to transaction concurrency control in multilevel secure databases. It demonstrates how the conflicts between the correctness requirements and the secrecy requirements can be reconciled by proposing two different ...
Distributed lock management for mobile transactions
ICDCS '95: Proceedings of the 15th International Conference on Distributed Computing Systems

Abstract: We present a new lock management scheme which allows a read unlock for an item to be executed at any copy site of that item; the site may be different from the copy site on which the read lock is set. The scheme utilizes the replicated copies ...
Securely executing multilevel transactions
Information systems security

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE Transactions on Knowledge and Data Engineering

IEEE Transactions on Knowledge and Data Engineering Volume 8, Issue 1

February 1996

192 pages

ISSN:1041-4347

Issue’s Table of Contents

Copyright © Copyright © 1996 IEEE. All Rights Reserved.

Publisher

IEEE Educational Activities Department

United States

Publication History

Published: 01 February 1996

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 28 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Pandey SShanker URanu SGanguly NRamakrishnan RSarawagi SRoy S(2018)Priority inversion in DRTDBSProceedings of the ACM India Joint International Conference on Data Science and Management of Data10.1145/3152494.3167976(305-309)Online publication date: 11-Jan-2018
https://dl.acm.org/doi/10.1145/3152494.3167976
Sheff IMagrino TLiu JMyers Avan Renesse RWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)Safe Serializable Secure SchedulingProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978415(229-241)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978415
Jukic NNestorov SVrbsky S(2003)Closing the key loophole in MLS databasesACM SIGMOD Record10.1145/776985.77698732:2(15-20)Online publication date: 1-Jun-2003
https://dl.acm.org/doi/10.1145/776985.776987
Ray IAmmann PJajodia S(1998)A semantic-based transaction processing model for multilevel transactions[1]An earlier version of this paper appeared in IEEE Symposium on Security and Privacy, Oakland, CA, May 1996, pp. 74-84.Journal of Computer Security10.5555/1298081.12980836:3(181-217)Online publication date: 1-Aug-1998
https://dl.acm.org/doi/10.5555/1298081.1298083
Rosenthal ASeligman LMcCollum CBlaustein BThuraisingham BLafferty E(1995)Data management research at the MITRE CorporationACM SIGMOD Record10.1145/211990.21202024:3(77-82)Online publication date: 1-Sep-1995
https://dl.acm.org/doi/10.1145/211990.212020

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents