A covert timing channel-free optimistic concurrency control scheme for multilevel secure database management systems

Abstract

This paper presents a set of multilevel-secure optimistic concurrency control (MLS/OCC) scheme that has several desirable properties: If lower-level transactions were somehow allowed to continue with its execution in spite of the conflict of high-level transactions, covert timing channel-freeness would be satisfied. This sort of optimistic approach for conflict insensitiveness and the properties of non-blocking and deadlock freedom make the optimistic concurrency control scheme especially attractive to multilevel-secure transaction processing. Unlike pessimistic approaches, the MLS/OCC scheme never delays or rejects an operation submitted by a lower-level transaction which is passed the mandatory access control. Instead, the read and write operations are processed freely without updating the actual database. Therefore, it is reasonable to assert that MLS/OCC scheme is allowed to avoid the abort of lower-level transactions in order to close covert timing channel, nevertheless guaranteeing conflict-preserving serializability. The basic refinement philosophy for the solution on starvation problem is an incorporation of multiple versions of low-level data into MLS/OCC. This kind of intelligent channel-free concurrency control scheme satisfies the B3 or higher level of the US TCSEC requirements. © Springer-Verlag Berlin Heidelberg 2005.