• The KIPS Transactions:PartD
• /
• v.8D no.1
• /
• pp.24-31
• /
• 2001

In this paper, we present an advanced transaction scheduling protocol to improve the degree of concurrency and satisfy the security requirements for multilevel secure database. We adapted two-phase locking protocol, namely traditional syntax-oriented serializability notions, to multilevel secure database. Altruistic locking, as an advanced protocol, has attempted to reduce delay effect associated with lock release moment by use of the idea of donation. An improved form of altruism has also been deployed for extended altruistic locking OffiLl. This is in a way that scope of data to be early released is enlarged to include even data initially not intended to be donated. We also adapted XAL to multilevel secure database and we first of all investigated limitations inherent in both altruistic schemes from the perspective of alleviating starvation occasions for transactions in particular of short-lived nature for multilevel secure database. Our protocol is based on extended altruistic locking for multilevel secure database (XAL/MLS), but a new method, namely two-way donation locking for multilevel secure database (2DL!/-MLS), is additionally used in order to satisfy security requirements and concurrency. The efficiency of the proposed protocol was verified by experimental results.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.5 s.37
• /
• pp.57-64
• /
• 2005

While the secure concurrency control schemes in multilevel secure database management systems synchronize transactions cleared at different security level they must consider the problem covert channel. although previous works achieve the confidentiality successfully, they overlook the integrity or the availability. For being evaluated as highly secure database systems , the multilevel secure database management systems must achieve the confidentiality, integrity, and the availability that are the well-known major security aspects. By use of verified transactions ordering relationship, in this Paper, we Propose a new secure concurrency control scheme that is capable of increasing the degree of fairness among transactions cleared at different security levels.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.3
• /
• pp.879-890
• /
• 2000

Designing a multilevel database application is a complex process, and the entities and their associated security levels must be represented using an appropriate model unambiguously. It is also important to capture the semantics of a multilevel databse application as accurate and complete as possible. Owing to the focus of the IDEA Methodology for designing the non-secure database applications on the data-intensive systems, the Object Model describes the static structure of the objects in an application and their relationships. That is, the Object Model in the IDEA Methodology is an extended Entity-Relationship model giving a static description of objects. The IDEA Methodology has not been developed the multilevel secure database applications, but by using an existing methodology we could take advantage of the various techniques that have already been developed for that methodology. That is, this way is easier to design the multilevel secure schema than to develop a new model from scratch. This paper adds the security features 새？ Object Model in the IDEA Methodology, and presents the transformation from this model to a multilevel secure object oriented schema. This schema will be the preliminary work which can be the general scheme for the automatic mapping to the various commercial multilevel secure database management system such as Informix-Online/Secure, Trusted ORACLE, and Sybase Secure SQL Server.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.1
• /
• pp.15-28
• /
• 1999

In Multilevel Secure Database Management System(MLS/DBMS), we assume that system has a security clearance level for each user and a classification level for each data item in system and the objective of these systems is to protect secure information from unauthorized user. Many algorithms which have been researched have focus on removing covert channel by modifying conventional lock-based algorithm or timestamp-based algorithm. but there is high-level starvation problem that high level transaction is aborted by low level transaction repeatedly. In order to solve this problem, we propose an algorithm to reduce high-level starvation using dynamic adjustment of serialization order, which is basically using orange lock. Because our algorithm is based on a single version unlike conventional secure algorithms which are performed on multiversion, it can get high degree of concurrency control. we also show that it guarantees the serializability of concurrent execution, and satisfies secure properties of MLS/DBMS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.1
• /
• pp.43-54
• /
• 2001

In this paper we study the use of polyinstantiation for spatial data, for the purpose of solving cover in topology channel in multilevel secure spatial database systems. Spatial database system with topological structure has a number of spatial analysis function using spatial data and neighbored one\`s each other. But. it has problems that information flow is occurred by topological relationship in spatial database systems. Geographic Information System(CIS) must be needed mandatory access control because there ,are many information flow through positioning information And topological relationship between spatial objects. Moreover, most GIS applications also graphe user interface(GUI). In addressing these problems, we design the MLS/SRDM(Multi Level Security/Spatial Relational Data Model) and propose polyinstantiation for spatial data for solving information flow that occurred by toplogical relationship of spatial data.

• Journal of KIISE:Databases
• /
• v.30 no.2
• /
• pp.209-224
• /
• 2003

Recent development of electronic commerce enables the use of Electronic Stock Trading Systems(ESTS) to be expanded. In ESTS, information with various sensitivity levels is shared by multiple users with mutually different clearance levels. Therefore, it is necessary to use Multilevel Secure Database Management Systems(MLS/DBMSs) in controlling concurrent execution among multiple transactions. In ESTS, not only analytical OLAP transactions, but also mission critical OLTP transactions are executed concurrently, which causes it difficult to adapt traditional secure transaction management schemes to ESTS environments. In this paper, we propose Secure One Snapshot(SOS) protocol that is devised for Secure Transaction Management in ESTS. By maintaining additional one snapshot as well as working database SOS blocks covert-channel efficiently, enables various real-time transaction management schemes to be adapted with ease, and reduces the length of waiting queue being managed to maintain freshness of data by utilizing the characteristics of less strict correctness criteria. In this paper, we introduce the process of SOS protocol with some examples, and then analyze correctness of devised protocol.

• The KIPS Transactions:PartD
• /
• v.9D no.2
• /
• pp.235-242
• /
• 2002

We propose an advanced transaction scheduling protocol for concurrency control of multilevel secure databases in wireless mobile network environment. Wireless communication is characterized by frequent spurious disconnections. So short-lived transaction must quickly access database without any delay by long-lived one. We adapted two-phase locking protocol, namely traditional syntax-oriented serializability notions, to multilevel secure databases in wireless mobile network environment. Altruistic locking, as an advanced protocol, has attempted to reduce delay effect associated with lock release moment by use of the idea of donation. An improved form of a1truism has also been deployed for extended a1truistic locking. This is in a way that scope of data to he early released is enlarged to include even data initially not intended to be donated. Our protocol is based on extended altruistic locking, but a new method, namely bi-directional donation locking for multilevel secure databases (MLBiDL), is additionally used in order to satisfy security requirements and concurrency. We showed the Simulation experiments that MLBiDL outperforms the other locking protocols in terms of the degree of throughput and average waiting time.

• Proceedings of the IEEK Conference
• /
• 2000.07b
• /
• pp.735-738
• /
• 2000

The most important issue in database security is correct concurrency control under the restrictive security policy. The goal of secure transaction management is to keep security and provide many concurrent users with the high availability of database. In this paper, we consider the security environment of multidatabase system with replicated data. The read-from relationship in the existed serializability is improper in security environment. So, we define new read-from relationship and propose new secure 1-copy quasi-seriailzability by utilizing this relationship and display some examples. This security environment requires both the existed local autonomy and the security autonomy as newly defined restriction. To solve covert channel problem is the most difficult issue in developing secure scheduling scheme. The proposed secure 1-copy quasi-serializability is very proper for global transactions in that this serializability not violates security autonomy and prevents covert channel between global transactions.

• The Transactions of the Korea Information Processing Society
• /
• v.2 no.5
• /
• pp.645-654
• /
• 1995

A distributed DBMS integrates local schemas that are independently designed, maintained, and managed by different users at each site providing a global virtual schema. This global schema supports users at a specific site to transparently utilize local database at different sites. The security features of the local schema should also not be changed in the global schema integrating security features of each local schema. Researches on the integration of security features into local schema in distributed DBMS environment, however, are very rate. This pater using the multilevel secure object-oriented database model(as the model for the definition of a local schema in distributed environment) which is an extension of the object-oriented models. It also suggests eight integration methods that can maintain the security features of local schemas. The eight methods are classified by the object classes and by relationships among them.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1995.11a
• /
• pp.69-78
• /
• 1995

다단계 보안을 지원하는 데이타베이스 시스템은 상이한 보안 등급을 갖는 데이타와 상이한 접근 권한을 갖는 사용자를 동시에 지원하는 데이타베이스 시스템이다. 본 논문에서는 다단계 보안 관계 데이타베이스 관리 시스템을 구현하기 위하여 주요 시스템 설계 전략을 분석하고, 이를 기초로 정보보안베이스 분할 및 계층화, 균형 보증 방식에 의한 보안 커널 구성, 다단계 보안 기반으로써의 뷰의 사용 등을 설계 전략으로 채택한다. 계층 구조에 의한 다단계 보안 데이타베이스 시스템의 설계는 기존 보안기술의 사용을 가능하게 하여 최소한의 개발 노력으로 시스템을 구현할 수 있도록 한다. 최상위 계층의 다단계 질의 처리기는 사용자에 의한 다단계 릴레이션의 정의 및 다단계 질의어의 처리를 위한 전처리기로 써 표준 관계 데이타베이스 관리 시스템과의 인터페이스를 담당한다.