An advanced transaction model with application to multilevel secure systems.

摘要

Transactions represent an important programming paradigm that aids the programmer in designing an distributed application in a simple and modular way. Transaction processing however, is not easily achieved in multilevel secure systems. To implement transaction processing in multilevel secure systems requires a careful re-visitation of the architectural components, techniques and algorithms used in the standard non-secure environment. This is because conventional transaction management techniques suffer from covert channels which can be exploited by sophisticated intruders to gain illegal access to data.;Quite a few works have been suggested in the literature that deal with secure transaction processing. The solutions they provide are often elegant, but leave much to be desired. Almost all suffer from some kind of starvation problems. And all treat the transaction mechanism as a black box; the transaction programmer is never given control over the transaction mechanism.;We look into nontraditional ways of transaction processing and make the following contributions to the area of multilevel secure systems.;First, we propose the multiform transaction model as uniform framework for designing a wide range of extended transactions including centralized and distributed multilevel secure transactions. The programmer is no longer limited by the constraints of the classical flat transaction model for designing advanced applications that require cooperative work among separate transactions.;Second, we propose an advanced secure concurrency control protocol based on locking for managing the execution of concurrent multilevel secure transactions. This protocol is free from the covert channel problem of the classical two-phase locking protocols. It offers flexibility to the programmer to achieve serializability and weaker correctness notions, depending on the application. The protocol supports partial rollback, exception handling and forward recovery and allows the sophisticated programmer to trade off starvation of multilevel secure transactions to their isolation. We provide extensions to the protocol to support multigranularity locking and multiversion data.;Third, we propose ASEP, an advanced secure early prepare commit protocol, that complements our secure concurrency control protocol. ASEP exploits the ability of the underlying multiform transaction framework to support various transaction completion dependencies, to implement the secure dependency among subtransactions of a distributed multilevel secure transaction. Further, ASEP supports the advanced features of the concurrency control protocol--viz., partial rollback, forward recovery and exception handling. This enables ASEP to trade off starvation of distributed multilevel secure transactions to their atomicity and to implement other types of secure dependencies among the subtransactions. (Abstract shortened by UMI.)