• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.1
• /
• pp.15-28
• /
• 1999

In Multilevel Secure Database Management System(MLS/DBMS), we assume that system has a security clearance level for each user and a classification level for each data item in system and the objective of these systems is to protect secure information from unauthorized user. Many algorithms which have been researched have focus on removing covert channel by modifying conventional lock-based algorithm or timestamp-based algorithm. but there is high-level starvation problem that high level transaction is aborted by low level transaction repeatedly. In order to solve this problem, we propose an algorithm to reduce high-level starvation using dynamic adjustment of serialization order, which is basically using orange lock. Because our algorithm is based on a single version unlike conventional secure algorithms which are performed on multiversion, it can get high degree of concurrency control. we also show that it guarantees the serializability of concurrent execution, and satisfies secure properties of MLS/DBMS.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.3
• /
• pp.879-890
• /
• 2000

Designing a multilevel database application is a complex process, and the entities and their associated security levels must be represented using an appropriate model unambiguously. It is also important to capture the semantics of a multilevel databse application as accurate and complete as possible. Owing to the focus of the IDEA Methodology for designing the non-secure database applications on the data-intensive systems, the Object Model describes the static structure of the objects in an application and their relationships. That is, the Object Model in the IDEA Methodology is an extended Entity-Relationship model giving a static description of objects. The IDEA Methodology has not been developed the multilevel secure database applications, but by using an existing methodology we could take advantage of the various techniques that have already been developed for that methodology. That is, this way is easier to design the multilevel secure schema than to develop a new model from scratch. This paper adds the security features 새？ Object Model in the IDEA Methodology, and presents the transformation from this model to a multilevel secure object oriented schema. This schema will be the preliminary work which can be the general scheme for the automatic mapping to the various commercial multilevel secure database management system such as Informix-Online/Secure, Trusted ORACLE, and Sybase Secure SQL Server.

• Proceedings of the IEEK Conference
• /
• 2000.07b
• /
• pp.735-738
• /
• 2000

The most important issue in database security is correct concurrency control under the restrictive security policy. The goal of secure transaction management is to keep security and provide many concurrent users with the high availability of database. In this paper, we consider the security environment of multidatabase system with replicated data. The read-from relationship in the existed serializability is improper in security environment. So, we define new read-from relationship and propose new secure 1-copy quasi-seriailzability by utilizing this relationship and display some examples. This security environment requires both the existed local autonomy and the security autonomy as newly defined restriction. To solve covert channel problem is the most difficult issue in developing secure scheduling scheme. The proposed secure 1-copy quasi-serializability is very proper for global transactions in that this serializability not violates security autonomy and prevents covert channel between global transactions.