SECURE TRANSACTION PROCESSING IN MULTILEVEL DISTRIBUTED DATABASES

Abstract

Many organizations use database systems to reliably store and retrieve large quantities ofdata ofvarying degrees ofsensitivity or security. Adatabase system that can store and manage data with different security levels that is shared by users having different security levels in a single system is called multilevel secure database system (MLS/DBS). A software system that manages MLS/DBS is called multilevel secure database management system (MLS/DBMS). Many multilevel secure database applications are inherently distributed in nature and use a multilevel secure distributed database management system (MLS/DDBMS). Applications interact with the database system through transactions. Most of the MLS/DDBMS are based on the Bell-LaPadula model. This model prevents the direct unauthorized access to data but is not sufficient to ensure that security is not violated indirectly through covert channels. Therefore, transaction processing in MLS/DDBMSs requires modification oftraditional concurrency control and commit protocols. These modifications are necessary because preserving the usual transaction properties (i.e., ACID properties) when transactions are executing at different security levels often conflicts with the enforcement of the security policy. Traditional concurrency control protocols such as Two-Phase Locking and Timestamp Ordering protocols are not suitable for MLS/DDBMSs, because they can establish unexpected communication paths called covert channels between transactions having different security levels that have shared access to data items in the database. Similarly, integration of some traditional commit protocols with secure concurrency control protocols is not suitable for MLS/DDBMSs, because this does not ensure correctness (e.g, integration of Early Prepare (EP) Commit Protocol with Secure Two Phase Locking (S2PL) Protocol). Security requirements imposed on the concurrency control and commit protocols have a significant impact on their performance because of extra overhead and more restricted access to data as determined by the security policy of the database system. The objective of multilevel secure concurrency control is to ensure serializability without introducing covert channels. In order to meet these two requirements, several multilevel secure concurrency control protocols have been proposed in the literature. In most of these protocols, high security level transactions may be subjected to indefinite delays or may be suspended again and again. This problem is known as starvation. Therefore, the requirement of ensuring serializability while preserving security leads to an additional requirement for multilevel secure concurrency control protocols, that they must also avoid starvation. In our research work, we investigate the problem of how to minimize, transaction response time without compromising security. The main objective of our study is to develop an efficient and fair multilevel secure concurrency control protocol for MLS/DDBMS. First we examine the performance of Secure Two Phase Locking concurrency control protocol for MLS/DDBMS. Though several concurrency control protocols for MLS/DBMSs have been proposed in the literature, most of them are for centralized MLS/DBMS and are either extension of the Two Phase Locking (2PL) or Timestamp based protocols. The performance of some of these protocols has also been studied. Two Phase Locking is the most widely used concurrency control protocol for traditional DDBMSs and has also been extended for MLS/DDBMS as Secure Two Phase Locking (S2PL) Protocol. Though, the performance studies of several concurrency control protocols for traditional DDBMSs has been done but, to the best of our knowledge, the performance study of S2PL for MLS/DDBMSs has not been reported in the literature. We have used a detailed simulation model of multilevel secure distributed database system to investigate the impact of multilevel security requirements on the performance of 2PL protocol. We evaluate the relative performance of Un-Secure (traditional) Two Phase Locking protocol (US2PL, i.e., a transaction can access all data items in the system), Direct Secure Two Phase Locking protocol (DS2PL, i.e., S2PL which satisfies the conditions of Restricted Write Bell-LaPadula model that prevents the direct unauthorized access to data but is not sufficient to prevent indirect unauthorized access to data) and Full Secure Two Phase Locking protocol (FS2PL, i.e., S2PL which prevents both direct and indirect unauthorized access to data). Performance of all protocols was analyzed for a variety of workloads and system configurations. Simulation results show that there is no significant performance cost to be paid for enforcing direct security. in Simulation results also show that FS2PL provides poor performance; in particular the performance ofhigh security level transactions is significantly worse than that ofthe low security level transactions, highlighting the price that has to be paid for ensuring security. To address the issue ofstarvation, we present and evaluate two fairness strategies (LFS and GFS) based on feedback based admission control policy for S2PL protocol for MLS/DDBMS, which ensure fairness for transactions executing at different security levels while guaranteeing orange security. S2PL protocol with these strategies ensures fairness for transactions executing at different security levels. We evaluated the relative performance ofS2PL with both fairness strategies (LFS and GFS), called Orange S2PLLFS (OS2PL-LSF), Orange S2PL-GFS (OS2PL-GFS) concurrency control protocol and without fairness strategy, called Full S2PL (FS2PL) concurrency control protocol for MLS/DDBMS. Simulation results show that our fairness strategies can achieve a significant performance improvement in terms of fairness. In addition, it also shows slight performance improvement, in terms ofoverall response time. Though, OS2PL-LFS protocol provides better fairness than that ofOS2PL-GFS concurrency control protocol, but the overall performance ofOS2PL-LFS is poor. We also designed an efficient multilevel secure concurrency control protocol for MLS/DDBMSs that not only satisfies multilevel security requirements in addition to consistency, but also achieves good performance and fairness. In particular, we present two Secure Multiversion Locking (SMVL) concurrency control protocols for MLS/DDBMS that guarantee Full security, fairness and good performance. Since the proposed protocols use V-Locks in addition to conventional locks, therefore the popular atomic commit protocol, 2PC, cannot be integrated with these protocols in its present form. We modify 2PC to avoid database inconsistencies. We evaluate the performance of the proposed protocols against secure multiversion timestamp ordering protocol (SMVTO) for a variety of transaction workloads and system configurations. The simulation results show that the proposed protocols consistently outperform the SMVTO.