Binto George

Secure transaction processing in firm real-time database systems

Many real-time database applications arise in safety-critical installations and military systems where enforcing security is crucial to the success of the enterprise. A secure real-time database system has to simultaneously satisfy who requirements guarantee data security and minimize the number of missed transaction deadlines. We investigate here the performance implications, in terms of missed deadlines, of guaranteeing security in a real-time database system. In particular, we focus on the concurrency control aspects of this issue. Our main contributions are the following: First, we identify which among the previously proposed real-time concurrency control protocols are capable of providing protection against both direct and indirect (covert channels) means of unauthorized access to data. Second, using a detailed simulation model of a firm-deadline real-time database system, we profile the real-time performance of a representative set of these secure concurrency control protocols. Our experiments show that a prioritized optimistic concurrency control protocol. OPT-WAIT, provides the best overall performance. Third, we propose and evaluate a novel dual approach to secure transaction concurrency control that allows the real-time database system to simultaneously use different concurrency control mechanisms for guaranteeing security and for improving real-time performance. By appropriately choosing these different mechanisms, we have been able to design hybrid concurrency control algorithms that provide even better performance than OPT-WAIT.

Secure Concurrency Control in Firm Real-Time Database Systems

Many real-time database applications arise in electronic financial services, safety-critical installations and military systems where enforcing security is crucial to the success of the enterprise. For real-time database systems supporting applications with firm deadlines, we investigate here the performance implications, in terms of killed transactions, of guaranteeing multilevel secrecy. In particular, we focus on the concurrency control (CC) aspects of this issue.Our main contributions are the following: First, we identify which among the previously proposed real-time CC protocols are capable of providing covert-channel-free security. Second, using a detailed simulation model, we profile the real-time performance of a representative set of these secure CC protocols for a variety of security-classified workloads and system configurations. Our experiments show that a prioritized optimistic CC protocol, OPT-WAIT, provides the best overall performance. Third, we propose and evaluate a novel “dual-CC” approach that allows the real-time database system to simultaneously use different CC mechanisms for guaranteeing security and for improving real-time performance. By appropriately choosing these different mechanisms, concurrency control protocols that provide even better performance than OPT-WAIT are designed. Finally, we propose and evaluate GUARD, an adaptive admission-control policy designed to provide fairness with respect to the distribution of killed transactions across security levels. Our experiments show that GUARD efficiently provides close to ideal fairness for real-time applications that can tolerate covert channel bandwidths of upto one bit per second.

Secure Buffering in Firm Real-Time Database Systems

Abstract. Many real-time database applications arise in electronic financial services, safety-critical installations and military systems where enforcing security is crucial to the success of the enterprise. We investigate here the performance implications, in terms of killed transactions, of guaranteeing multi-level secrecy in a real-time database system supporting applications with firm deadlines. In particular, we focus on the buffer management aspects of this issue.Our main contributions are the following. First, we identify the importance and difficulties of providing secure buffer management in the real-time database environment. Second, we present SABRE, a novel buffer management algorithm that provides covert-channel-free security. SABRE employs a fully dynamic one-copy allocation policy for efficient usage of buffer resources. It also incorporates several optimizations for reducing the overall number of killed transactions and for decreasing the unfairness in the distribution of killed transactions across security levels. Third, using a detailed simulation model, the real-time performance of SABRE is evaluated against unsecure conventional and real-time buffer management policies for a variety of security-classified transaction workloads and system configurations. Our experiments show that SABRE provides security with only a modest drop in real-time performance. Finally, we evaluate SABREs performance when augmented with the GUARD adaptive admission control policy. Our experiments show that this combination provides close to ideal fairness for real-time applications that can tolerate covert-channel bandwidths of up to one bit per second (a limit specified in military standards).

A database security course on a shoestring

Database security has paramount importance in industrial, civilian and government domains. Despite its importance, our search reveals that only a small number of database security courses are being offered. In this paper, we share our experience in developing and offering an undergraduate elective course on database security with limited resources. We believe that database security should be considered in its entirety rather than being component specific. Therefore, we emphasize that students develop and implement a database security plan for a typical real world application. In addition to the key theoretical concepts, students obtain hands-on experience with two popular database systems. We encourage students to learn independently making use of the documentation and technical resources freely available on the Internet. This way, our hope is that they will be able to adapt to emerging systems and application scenarios.

A method for incorporating usable security into computer security courses

Since human factor security exploits are on the rise, ensuring Usable Security has become extremely important for the overall security of computer systems. However, traditional undergraduate computer security curriculum focuses heavily on technical aspects of security and generally ignores Usable Security. To address this problem, we developed a new 3P Learning Method that encourages students to view security problems from three different perspectives (i.e. 3P), namely: Defense, Offense, and Use. The 3P Method lets us incorporate Usable Security into the existing curriculum and helps students to consider Usable Security as an integral part of secure system design rather than an optional add-on.

Usable Authentication in EBusiness: Challenges and Opportunities

Abstract The traditional approach of system centered security seems to be inadequate for consumer ebusiness models where the user plays a critical role to ensure computer security. Moreover, human factors are increasingly being exploited for defeating security as evidenced by ever increasing trend in human-centered attacks. Although many of the attacks exploiting human aspects generally do not require high technical skills, their detection and prevention are usually complex. Valid user authentication requires both customer and ebusiness correctly authenticating each other. As would be seen in the paper, usable security plays a crucial role in this mutual authentication process. The paper surveys the major research findings in the area, explores the cotemporary industry practices and discusses some potential future directions.

Improving quality of interference in multilevel secure knowledge-based systems

The issue of providing security to knowledge-based systems has been addressed in the literature. Most of these works aim at protecting secure information from leakage by enforcing security constraints. For security reasons, the knowledge available at high security level is not disclosed to subjects holding lower security clearance levels. The inherent inability of multilevel secure systems to utilize the high security knowledge for inference may lead to poor Quality of Inference at low security levels. The paper explores the issue of improving Quality of Inference without significantly compromising security. We first develop a secure Match-Resolve-Act algorithm. We then illustrate the Quality of Inference issues arising in a secure knowledge based system, and suggest an inter-level inference engine based architecture for improving the Quality of Inference. We also study the impact of inter-level inference on security by applying the Sphere of Inference notion.

Traditional Transaction Processing

The primary purpose of a database management system is to carry out transactions. A transaction is a sequence of database operations either to query or manipulate data in a shared database. The goal of a concurrency control (CC) mechanism is to preserve database integrity, even in the presence of concurrent data accesses by multiple users, by properly synchronizing simultaneous executions of transactions. This goal is best illustrated by a simple example.

Secure Buffer Management

The focus of our previous chapters was on concurrency control related issues arise in MLS DBS environment. In this chapter, we shift our attention to another important transaction processing component, namely, buffer management. Since transactions of various security clearance levels often share the buffer pool, there arise the possibility of exploiting some of the buffer management components for covert signaling. In order to ensure the security of MLS RTDBS, buffer managers should be designed to meet the non-interference [GM82] criteria.

Transaction Processing in Multilevel Secure Databases

In this chapter, we review the research efforts towards developing secure transaction processing algorithms. A secure transaction processing protocol, in addition to complying with the two Bell-LaPadula restrictions, must be free of all covert channels. This requirements prohibits the use of conventional concurrency control and commit protocols since they are susceptible to covert channels.