Fourth European Symposium on Research in Computer Security (ESORICS 96)
Secure Concurrency Control in MLS Databases with Two Versions of Data
Luigi V. Mancini, Ray Indrajit
Keywords :
Abstract : In multilevel secure database systems, higher lever transactions are either delayed or aborted when they read longer lever data, due to lock conflicts with updating longer lever transactions. Multiversion data has been suggested in the literature as a way to prevent longer reading transaction from getting delayed or aborted. In these multiversion protocols transactions that read longer lever data are provided older versions of the data and thus low reading and writing operations are allowed to proceed concurrently. However almost all of these algorithme suffer from shortcomings - either they require a potentially unbounded number of versions to be maintained in the system, or they enforce a time limit in which higher lever transactions have to complete. Maintaining multiple committed versions adds additional overhead to the system. Moreover, these algorithme always provide older copies of data for reading by higher lever transactions which may not be acceptable for certain applications. We propose a secure concurrency control algorithm that is based on a locking strategy and that requires only two versions - one committed and one non-committed version - of data. All read operations, high or low, are performed on the previous committed version while the write operation proceeds on the uncommitted version. Thus no read operation is ever given an outdated copy. Moreover, extra overhead for version management is fesser than the other protocole because almost all transaction management systems maintains a before-image of data for recovery purposes and our scheme takes advantage of this before-image value.
(Pages 304-323)