A temporal authorization model
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
A discretionary access control model with temporal authorizations
NSPW '94 Proceedings of the 1994 workshop on New security paradigms
| Hi-index | 0.00 |
Although high assurance multilevel secure (MLS)database management systems (DBMSS) are slowlybecoming commercially available, these systems areyet to offer a concurrency control protocol that isfree of signaling channels and guarantees serializability(one-copy serializability if multiple versions arekept in the database). Some database vendors havestarted using in their products concurrency controlprotocols that are easy to implement and give goodperformance, even though they do not satisfy the usualserializability requirements. For example, the concurrencycontrol protocol that has been implementedin the commercially available Trusted Oracle MLSDBMS generates histories that are level-wise serializable.While level-wise serializabilityy has many desirableproperties, it suffers from the inconsistent retrievalproblems which may seriously harm databaseintegrity.In this paper, we show that it is possible to meetstricter correctness criteria (such as pair-wise serializabilityand one-copy serializability) using Trusted Oracle,provided we have the knowledge of the updatetransactions that will be executed in the system. Weperform a static analysis of the read- and write-sets ofthese transactions and: based on this analysis, we controlthe order of submission of the transactions to thescheduler in such a way that the resultant history ensureshigher correctness level. It is important to notethat rather than taking the usual approach of modifyingthe underlying concurrency control protocol suchthat it meets the stricter correctness requirements, weachieve our goal without modifying the Trusted Oracleconcurrency control algorithm in any way. Thisis because the code that implements the concurrencycontrol is large and complicated and! Moreover, thesource code for the DBMS is not available since it isprovided by the vendors in compiled form to the users.Therefore? it is neither advisable nor possible to makemodifications to the concurrency control protocol.