Confidential concurrency control for secure transaction management in database systems : C3

Abstract

While a concurrency controller in multilevel secure database system synchronizes transactions cleared at different confidentiality levels, it should cope with the problem of covert channel. In this thesis, we propose a new concurrency control scheme for secure transaction management, named Confidential Concurrency Control scheme (C3) that founds on multiversion-based scheme. C3 maintains elaborated information about ordering relationships among transactions in a way of actively investigating and renewing the ordering relationships whenever it receives an operation. By utilizing the elaborated information, it becomes capable of aborting transactions selectively whose non-interfered executions definitely violate one-copy serializability. It can provide more recent data version to read request than the other multiversion-based secure concurrency control schemes in that it decides to select second-best version for read in only case that there is a high potential of confidentiality violation. It therefore comes to reduce the aborts and provide data versions with improved trustworthiness. By virtue of the elaborated information, moreover, C3 is able to delete unworthy versions and unworthy transactions, so that it lightens the burdens of maintaining multiple versions and accumulated transaction ordering relationships. For the aborts that are inevitable for preserving one-copy serializability, C3 preserves confidentiality by deriving the conflicts to be occurred between transactions of the same confidentiality level.