Abstract
Many real-time database applications arise in electronic financial services, safety-critical installations and military systems where enforcing security is crucial to the success of the enterprise. For real-time database systems supporting applications with firm deadlines, we investigate here the performance implications, in terms of killed transactions, of guaranteeing multilevel secrecy. In particular, we focus on the concurrency control (CC) aspects of this issue.
Our main contributions are the following: First, we identify which among the previously proposed real-time CC protocols are capable of providing covert-channel-free security. Second, using a detailed simulation model, we profile the real-time performance of a representative set of these secure CC protocols for a variety of security-classified workloads and system configurations. Our experiments show that a prioritized optimistic CC protocol, OPT-WAIT, provides the best overall performance. Third, we propose and evaluate a novel “dual-CC” approach that allows the real-time database system to simultaneously use different CC mechanisms for guaranteeing security and for improving real-time performance. By appropriately choosing these different mechanisms, concurrency control protocols that provide even better performance than OPT-WAIT are designed. Finally, we propose and evaluate GUARD, an adaptive admission-control policy designed to provide fairness with respect to the distribution of killed transactions across security levels. Our experiments show that GUARD efficiently provides close to ideal fairness for real-time applications that can tolerate covert channel bandwidths of upto one bit per second.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
R. Abbott and H. Garcia-Molina, “Scheduling real-time transactions: Aperformance evaluation,” ACM Trans. on Database Systems, vol. 17, no. 3, pp. 513-560, September 1992.
M. Abrams, S. Jajodia, and H. Podell, Information Security, IEEE Computer Society Press, 1995.
R. Agrawal, M. Carey, and M. Livny, “Concurrency control performance modeling: Alternatives and implications,” ACM Trans. on Database Systems, vol. 12, no. 4, December 1987.
D. Agrawal, A. El Abbadi, and R. Jeffers, “Using delayed commitment in locking protocols for real-time databases,” in Proc. of ACM SIGMOD Conf., June 1992.
P. Amman, F. Jaeckle, and S. Jajodia, “A two-snapshot algorithm for concurrency control in secure multilevel databases,” in Proc. of IEEE Symp. on Security and Privacy, 1992.
V. Atluri, S. Jajodia, T. Keefe, C. McCollum, and R. Mukkamala, “Multilevel secure transaction processing: Status and prospects,” in Database Security, X: Status and Prospects, P. Samarati and R. Sandhu (Eds.), Chapman & Hall, 1997.
S. Castano, M. Fugini, G. Martella, and P. Samarati, Database Security, Addison-Wesley, 1995.
A. Datta, S. Mukherjee, P. Konana, I. Viguier, and A. Bajaj, “Multiclass transaction scheduling and overload management in firm real-time database systems,” Information Systems, vol. 21, no. 1, March 1996.
R. David, “Secure concurrency control,” Master's thesis, Univ. of Virginia, May 1993.
R. David, S. Son, and R. Mukkamala, “Supporting security requirements in multilevel real-time databases,” in Proc. of IEEE Symp. on Security and Privacy, May 1995.
“DOD Trusted Computer System Evaluation Criteria,” Department of Defense Standard, DoD 5200.28-STD, December 1985.
K. Eswaran, J. Gray, R. Lorie, and I. Traiger, “The notions of consistency and predicate locks in a database system,” Comm. of ACM, vol. 19, no. 11, pp. 624-633, November 1976.
D. Georgakopoulous, M. Rusinkiewicz, and A. Sheth, “On serializability of multidatabase transactions through forced local conflicts,” in Proc. of 7th IEEE Intl. Conf. on Data Engineering, 1991.
B. George, “Secure real-time transaction processing,” Ph.D. thesis, Indian Institute of Science, December 1998.
J. Goguen and J. Meseguer, “Security policy and security models,” in Proc. of IEEE Symp. on Security and Privacy, 1982.
I. Greenberg, P. Boucher, R. Clark, E. Jensen, T. Lunt, P. Neuman, and D. Wells, “The secure alpha study (final summary report),” Tech. Report ELIN A012, SRI International, June 1993.
J. Haritsa, “Performance analysis of real-time database systems,” in Proc. of 10th IEEE Intl. Conf. on Data Engineering, February 1994.
J. Haritsa, M. Carey, and M. Livny, “On being optimistic about real-time constraints,” in Proc. of 9th ACM Symp. on Principles of Database Systems, April 1990.
J. Haritsa, M. Carey, and M. Livny, “Data access scheduling in firm real-time database systems,” Intl. Journal of Real-Time Systems, vol. 4, no. 3, 1992.
J. Haritsa, M. Livny, and M. Carey, “Earliest deadline scheduling for real-time database systems,” Proc. Of 12th IEEE Real-Time Systems Symp., December 1991.
M. Kang and I. Moskowitz, “A pump for rapid, reliable, secure communication,” in Proc. 1st ACM Conf. on Computer and Communications Security, November 1994.
T. Keefe, W. Tsai, and J. Srivastava, “Multilevel secure database concurrency control,” in Proc. of 6th IEEE Intl. Conf. on Data Engineering, February 1990.
W. Lampson, “A note on the confinement problem,” Comm. of ACM, vol. 16, no. 10, pp. 613-615, October 1973.
L. LaPadula and D. Bell, “Secure computer systems: Unified exposition and multics interpretation,” The Mitre Corp., March 1976.
A.M. Law and C.S. Larney, Introduction to simulation using SIMSCRIPT II.5, CACI Products Company, La Jolla, Calif., 1984.
S.J. Leffler, M.K. McKusick, M.T. Karels, and J.S. Quarterman, The Design and Implementation of 4.3 BSD UNIX Operating System, Addison-Wesley, 1989.
Y. Lin and S. Son, “Concurrency control in real-time database systems by dynamic adjustment of serialization order,” in Proc. of 11th IEEE Real-Time Systems Symp., December 1990.
C.L. Liu and J.W. Layland, “Scheduling algorithms for multiprogramming in a hard real-time environment,” Journal of the ACM, vol. 20, no. 1, 1973.
R. Mukkamala and S. Son, “Asecure concurrency control protocol for real-time databases,” in Proc. of Annual IFIP WG 11.3 Conference of Database Security, August 1995.
J. Robinson, “Design of concurrency control protocols for transaction processing systems,” Ph.D. thesis, Computer Sciences Dept., Carnegie Mellon University, 1982.
L. Sha, R. Rajkumar, and J. Lehoczky, “Priority inheritance protocols: An approach to real-time synchronization,” Tech. Rep. CMU-CS-87-181, Depts. of CS, ECE and Statistics, Carnegie Mellon University, 1987.
C. Shannon, “A mathematical theory of communications,” Bell Syst. Tech. J., vol. 27, no. 4, pp. 623-656, October 1948.
S. Son and R. David, “Design and analysis of a secure two-phase locking protocol,” in Proc. of Intl. Computer Software and Applications Conf., November 1994.
S. Son, R. David, and B. Thuraisingham, “An adaptive policy for improved timeliness in secure database systems,” in Proc. of Annual IFIP WG 11.3 Conference of Database Security, August 1995.
S. Son, R. David, and B. Thuraisingham, “Improving timeliness in real-time secure database systems,” SIGMOD Record (Special Issue on Real-Time Database Systems), vol. 25, no. 1, pp. 29-33, March 1996.
S. Son and B. Thuraisingham, “Towards a multilevel secure database management system for real-time applications,” in Proc. of IEEE Workshop on Real-Time Applications, May 1993.
S. Thomas, S. Seshadri, and J. Haritsa, “Integrating standard transactions in real-time database systems,” Information Systems, vol. 21, no. 1, March 1996.
B. Thuraisingham and H. Ko, “Concurrency control in trusted database management systems: A survey,” SIGMOD Record, vol. 22, no. 4, December 1993.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
George, B., Haritsa, J.R. Secure Concurrency Control in Firm Real-Time Database Systems. Distributed and Parallel Databases 8, 41–83 (2000). https://doi.org/10.1023/A:1008783216944
Issue Date:
DOI: https://doi.org/10.1023/A:1008783216944