Embed Size (px)
Citation preview
Secure Transaction Processing in MLS/DDBMS
Navdeep Kaura Rajwinder Singh, Manoj Misra and A K Sarje
aDepartment of Electronics and Computer Engineering,Indian Institute of Technology Roorkee, Roorkee , India
Transaction processing in multilevel secure database systems is not easily achieved by the conventional tech-niques, as they cause covert channels. Transactions processing, in these systems requires modification of traditionalconcurrency control and commit protocols. These modifications are necessary because preserving the usual trans-action properties when transactions are executing at different security levels often conflicts with the enforcementof the security policy. To prevent covert channels, concurrency control protocol for multilevel secure databaseshould ensure that transactions at low security level are never delayed by high security level transactions in theevent of a data conflict. This may sometimes force high security level transactions to indefinite delays or abortedrepeatedly due to the requests from low security level, making the protocol unfair towards high security leveltransactions. This paper proposes a secure multiversion concurrency control protocol that is not only free fromcovert channels but also do so without starving high security level transactions. Accordingly 2PC commit protocolis also modified.
1. Introduction
In many applications such as military, govern-ment agencies, hospitals, multiple users share thesame database, and some of the users can have re-stricted access (read/write) to information fromthe database. Many of these applications are in-herently distributed in nature. Hence, it is neces-sary to provide security for distributed databases.One common technique for supporting the secu-rity can be a multilevel security (MLS). The basicmodel of MLS was introduced by Bell and La-Padula . The Bell-LaPadula model [1] is statedin terms of objects and subjects. In a multilevelsecure distributed database model a security levelis assigned to each transaction (subject) and dataitem (object). A security level for a transactionrepresents its clearance level and the security levelfor a data represents its classification level. Clas-sifications and clearances are collectively knownas security levels and are partially ordered . AnMLS distributed database management system(MLS/DDBMS) can be shared by users at dif-ferent clearance levels and contains distributeddatabase consisting of data at different classifica-tion levels. The sensitive data in MLS/DDBMS isprotected by controlling the access to data based
on the security level of users submitting the trans-actions and the security level of data. The Bell-LaPadula model prevents direct flow of informa-tion from a security level (high) to another non-dominated security level (low). However, it isnot sufficient to guard against illegal informationflows through covert channels [2].Applications interact with the database systemthrough transactions. A transaction consists of asequence of read and writes operations performedon data items. In a typical database system,several transactions execute concurrently in or-der to achieve high throughput and fast responsetime. When transactions execute concurrentlyand share data items, conflicts among them areoften unavoidable. Concurrency control protocolis used to manage the concurrent execution of op-erations by rejecting or delaying the conflictingoperations such that consistency is maintained[7],[8],[9],[10]. In MLS/DBMSs this can leadto covert channels [2]. For this reason concur-rency control protocols such as Two Phase Lock-ing, Timestamp Ordering, multiversion lockingand multiversion timestamp etc. used in conven-tional databases are inadequate for MLS/DBMS.A MLS/DBMS, besides ensuring serializability,
63
International Journal of Information Processing, 2(3), 63 - 76, 2008ISSN : 0973 - 8215I. K. International Publishing House Pvt. Ltd., New Delhi, India
74 Navdeep Kaur et al.,
how parallel transaction execution affects the rel-ative response time of concurrency control proto-cols. The parameter values are the same as thoseused in previous experiment except TransType,which of course is ”parallel” for this experiment.Figure 5, 6, 7 present the results of this experi-ment.Figure 5 depicts the average response times ofSMVL and compared with SMVTO as a functionof overall transaction arrival rate per site. In Fig-ure 6 and 7 we present the average transactionsresponse times per-security level of SMVTO andSMVL protocols as a function of overall transac-tion arrival rate per site respectively. From fig-ures we see that the observations made in the pre-vious experiment for sequential transactions holdtrue, to a large extent, for parallel transactionsalso. The impact of distribution on the perfor-mance of the system is quite significant. Thisis because the parallel execution of the cohortsof a transaction reduces the response time of thetransaction when the resources are not saturated,as in this experiment
Figure 5. Overall Response Time
6. Conclusions
In this paper, we proposed a secure multiversionconcurrency control protocol for multilevel secure
Figure 6. Per-Security Level Response Time
Figure 7. Per-Security Level Response Time
Secure Transaction Processing in MLS/DDBMS 75
distributed database systems. It ensures one-copy serializability and eliminates covert channelsand starvation of high security level transactions.V-locks are used to ensure one-copy serializabilityof transaction. Proposed protocol sometimes pro-vide a data version that is not the most recent toavoid abortion and re-execution of high securitylevel transactions. Experiments show that thatthe proposed concurrency control protocol pro-vides better performance compared with SMVTOconcurrency control protocol.
REFERENCES
1. Bell D E, LaPadula L J, Secure Com-puter Systems: Unified Exposition andMultics Interpretation. The MITRE
Corp., 1976.2. Keefe T F, Sai W T, Srivastva J, Multi-
version Concuurency control for Multi-level Secure Database System. Proceed-
ing of the 10th IEEE Symposium on Re-
search in Security and Privacy, 1990.3. Atluri V, Jajodia S, Keefe T F, Mc-
Collum C, Mukkamala R, MultilevelSecure Transaction Processing: Sta-tus and Prospects Proceeding WG11.3
Working Group on Database Security,Como, Italy, pages 79-98, 1996.
4. Maimone W T, Greeberg I B, SingleLevel Multiversion Schedulers for Mul-tilevel Secure Database Systems. Pro-
ceeding of Sixth Annual Computer se-
curity Application, Ariz, pages 137-174,1990.
5. Atluri V, Jajodia S, Bertino E, Al-ternative Correctness Criteria for Con-current Execution of Transactions inMLS Databases, IEEE Transactions
on Knowledge and Data Engineering,8(5):839-854, 1996.
6. Keefe T F, Tsai W T, Srivastava J,Database Concurrency Control in Mul-tilevel Secure Database ManagementSystems, IEEE Transactions on knowl-
edge and Data Engineering, 5(6):1039-1055, 1993.
7. Bernstein A, Goodman N, Concur-
rency Control in Distributed DatabaseSystems, ACM Computer Survey,13(2):185-221, 1981.
8. Bernstein A, Hadzilacos V, GoodmanN, Concurrency Control and Recoveryin Database Systems, Addison-Wesley,1987.
9. Ceri S, Pelagatti G, DistributedDatabases Principles and Systems,McGraw-Hill Book Company, NewYork, 1987.
10. Kung. H. T., Robinson, J. T., ”Opti-mistic Methods for Concurrency Con-trol , ACM Trans. Database System(1981) Vol. 6, 212-226.
11. Ray I, Mancini L V, Jajodia S, BertinoE, ASEP: A Secure and Flexible Com-mit Protocol for MLS DistributedDatabase Systems, IEEE Transactions
on Knowledge and Data Engineering,12(6), 2000.
12. Kaur N, Sarje A K, Misra M, Per-formance Evaluation of Secure Concur-rency Control Algorithm for MultilevelSecure Distributed Database systems,Proceeding of Intl. Conf. on Informa-
tion Technology, Las Vegas, Nevada,USA, 2005.
13. Atluri V, Jajodia S, Bertino E, Trans-action Processing in Multilevel SecureDatabases using Kernelized Architec-ture: Challenges and Solutions, IEEE
Transaction on Knowledge and Data
Engineering 9(5), 1997.14. Bernstein P and Goodman N, Multi-
version Concurrency Control Control-Theory and Algorithms, ACM Transac-
tion on Database Systems, 8(4):465-483,1983.
15. Kim H T, Kim M H, Starvation-Free Se-cure Multiversion Concurrency Control,Information Processing Letters, 65:247-253, 1998.
16. Carey M, Conflict Detection Tradeoffsfor Replicated Data, ACM Transactions
on Database Systems, 16(34), 1991.17. Carey M, Franklin M, Zaharioudakis
M, Fine Grained Sharing in a Page-
76 Navdeep Kaur et al.,
Server OODBMS, Proceedings of the
ACM SIGMOD, 1994.18. Lomet D, Salzberg B, Rollback
Databases, Digital Equipment Cor-poration Cambridge Research Lab,Technical Report, CRL-92-1. January1992.
Navdeep Kaur received her M.Tech degree inComputer Science and Engineering from Ku-rukshetra University, Kurukshetra, India . She iscurrently doing research on Distributed DatabaseSecurity for her Ph.D degree from I.I.T Roorkee,Roorkee, India. Besides this, her research inter-ests are in computing distributed databases.
Rajwinder Singh received the M.Tech (Com-puter Science and Engg) degree from Kuruk-shetra University, India in 1998. He is currentlypursuing the Ph.D degree in the Dept. of Elec-tronics and Computer Engineering, Indian Insti-tute of Technology Roorkee, Roorkee, India. .His current research interests include Security,Mobile Computing Distributed Database.
Dr. Manoj Misra did PhD from Universityof Newcastle Upon Tyne, UK in 1997 on Perfor-mance Modeling of Data Replication Protocols.Presently he is working as Professor in Electron-ics & Computer Engineering Department, IITRoorkee. He also Co-coordinator of InformationSuper Highway Center, IIT Roorkee thatC pro-vides state of the art infrastructure for voice,video, and data communication within and out-side the IIT for education, research and training.Before joining IIT Roorkee, he worked at Hin-dustan Aeronatics Ltd, Bharat Heavy ElectricalsLinited and Computer Maintenance Co. Ltd. DrMisra have published more than 50 papers in In-ternational Journals and Conferences and visitedcountries like UK, USA, France and China.
Dr. A. K. Sarje took his B.E., M.E., and Ph.D.degrees from Indian Institute of Science, Banga-lore in 1970, 1972 and 1976 resp. He served as lec-
turer at Birla Institute of Technology & Science,Pilani, before joining the dept. of Elec. & Comp.Engg., Indian Institute of Technology Roorkee.He became professor of Comp. Engg. In 1987.Dr. Sarje has produced several Ph.D’s in the areaof computers. He has published a large numberof research papers in many international journals.He has also served as referee for many reputedjournals. His areas of research interest includelogic design, multiprocessors, distributed system,network Csecurity, computer graphics and imageprocessing.
