Skip to main content
SpringerLink
Log in
Book cover

Encyclopedia of Database Systems pp 2540–2546Cite as

Secure Transaction Processing

  • Reference work entry

  • 91 Accesses

Definition

Secure transaction processing refers to execution of transactions that cannot be exploited to cause security breaches.

Historical Background

Research in making transaction processing secure has progressed along different directions. Most of the early research in this area focused in processing multilevel transactions suitable for military applications. Such applications are characterized by having a set of security levels which are partially ordered using the dominance relation. The requirement is that information can flow from a dominated level to a dominating level but all other flows are considered to be illegal. The traditional concurrency control and recovery algorithms cannot be used for processing transactions in military applications because they cause illegal information flow. Most research in this area involved developing architectures, concurrency control and recovery mechanisms to prevent illegal information flow. Subsequently, researchers have also looked into...

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   2,500.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Recommended Reading

  1. Ahmed Q. and Vrbsky S. Maintaining security in firm real-time database systems. In Proc. 14th Annual Computer Security Applications Conference, 1998.

    Google Scholar 

  2. Ammann P., Jaeckle F., and Jajodia S. A two-snapshot algorithm for concurrency control in secure multi-level databases. In Proc. IEEE Symp. on Security and Privacy, 1992, pp. 204–215.

    Google Scholar 

  3. Ammann P. and Jajodia S. Distributed timestamp generation in planar lattice networks. ACM Trans. Comput. Syst., 11(3):205–225, 1993.

    Google Scholar 

  4. Ammann P. and Jajodia S. An efficient multiversion algorithm for secure servicing of transaction reads. In Proc. First ACM Conf. on Computer and Communication Security, 1994, pp. 118–125.

    Google Scholar 

  5. Ammann P., Jajodia S., and Frankl P. Globally consistent event ordering in one-directional distributed environments. IEEE Trans. Parallel Distrib. Syst., 7(6):665–670, 1996.

    Google Scholar 

  6. Ammann P., Jajodia S., and Liu P. Recovery from malicious transactions. IEEE Trans. Knowl. Data Eng., 14:1167–1185, 2002.

    Google Scholar 

  7. Ammann P., Jajodia S., McCollum C., and Blaustein B. Surviving information warfare attacks on databases. In Proc. IEEE Symp. on Security and Privacy, 1997.

    Google Scholar 

  8. Atluri V., Bertino E., and Jajodia S. Degrees of isolation, concurrency control protocols, and commit protocols. In Proc. IFIP WG11.3 Working Conf. on Database Security, 1995, pp. 259–274.

    Google Scholar 

  9. Atluri V. and Huang W.K. Enforcing mandatory and discretionary security in workflow management systems. J. Comput. Secur., 5(4):303–340, 1997.

    Google Scholar 

  10. Atluri V., Huang W.K., and Bertino E. A semantic-based execution model for multilevel secure workflows. J. Comput. Secur., 8(1):3–41, 2000.

    Google Scholar 

  11. Atluri V., Jajodia S., Keefe T.F., McCollum C., and Mukkamala R. Mutilevel secure transaction processing: status and prospects. In Proc. 10th IFIP WG11.3 Working Conf. on Database Security, 1996.

    Google Scholar 

  12. Bell D.E. and LaPadula L.J. Secure computer system: unified exposition and multics interpretation. Tech. Rep. MTR-2997, MITRE Corporation, 1975.

    Google Scholar 

  13. Blaustein B.T., Jajodia S., McCollum C.D., and Notargiacomo L. A model of atomicity for multilevel transactions. In Proc. IEEE Symp. on Research in Security and Privacy, 1993, pp. 120–134.

    Google Scholar 

  14. Costich O. Transaction processing using an untrusted scheduler in a multilevel database with replicated architecture. In Proc. IFIP WG11.3 Working Conf. on Database Security, 1992, pp. 173–190.

    Google Scholar 

  15. George B. and Haritsa J. Secure concurrency control in firm real-time databases. Distrib. Parallel Databases, 5:275–320, 1997.

    Google Scholar 

  16. Jajodia S. and Atluri V. Alternative correctness criteria for concurrent execution of transactions in multilevel secure databases. In Proc. IEEE Symp. on Security and Privacy, 1992, pp. 216–224.

    Google Scholar 

  17. Jajodia S. and Kogan B. Integrating an object-oriented data model with multilevel security. In Proc. IEEE Symp. on Security and Privacy, 1990, pp. 76–85.

    Google Scholar 

  18. Kang I. and Keefe T. Transaction management for multilevel secure replicated databases. J. Comput. Secur., 3:115–145, 1995.

    Google Scholar 

  19. Kang K., Son S., and Stankovic J. STAR: secure real-time transaction processing with timeliness guarantees. In Proc. 23rd IEEE Real-Time Systems Symp., 2002.

    Google Scholar 

  20. Keefe T. and Tsai W. Multiversion concurrency control for multilevel secure databases. In Proc. IEEE Symp. on Security and Privacy, 1990, pp. 369–383.

    Google Scholar 

  21. Lala C. and Panda B. Evaluating damage from cyber attacks: a model and analysis. IEEE Trans. Syst. Man Cybern. A, 31(4):300–310, 2001.

    Google Scholar 

  22. Lamport L. Concurrent reading and writing. Commun. ACM, 20(11):806–811, 1977.

    MATH  MathSciNet  Google Scholar 

  23. Liu P. and Hao X. Efficient damage assessment and repair in resilient distributed database systems. In Proc. 15th IFIP WG11.3 Working Conf. on Data and Application Security, 2001, pp. 75–89.

    Google Scholar 

  24. Liu P. and Jajodia S. Multi-phase damage confinement in database systems for Intrusion Tolerance. In Proc. 14th IEEE Computer Security Foundations Workshop, 2001.

    Google Scholar 

  25. Maimone W. and Greenberg I. Single-level multiversion schedulers for multilevel secure database systems. In Proc. 6th Annual Computer Security Applications Conf., 1990, pp. 137–147.

    Google Scholar 

  26. McDermott J., Jajodia S., and Sandhu R. A single-level scheduler for replicated architecture for multilevel secure databases. In Proc. 7th Annual Computer Security Applications Conf., 1991, pp. 2–11.

    Google Scholar 

  27. Pal S. A locking protocol for multilevel secure databases providing support for long transactions. In Proc. 10th IFIP WG11.3 Working Conf. on Database Security, 1996, pp. 183–198.

    Google Scholar 

  28. Panda B. and Giordano J. Reconstructing the database after electronic attacks. In Proc. 12th IFIP WG11.3 Int. Working Conf. on Database Security, 1998.

    Google Scholar 

  29. Panda B. and Haque K.A. Extended data dependency approach: a robust way of rebuilding database. In Proc. 2002 ACM Symp. on Applied Computing, 2002.

    Google Scholar 

  30. Park C., Park S., and Son S. Multiversion locking protocol with freezing for secure real-time database systems. IEEE Trans. Knowl. Data Eng., 14(5):1141–1154, 2002.

    Google Scholar 

  31. Ray I., Ammann P., and Jajodia S. A semantic-based model for multi-level transactions. J. Comput. Secur., 6(3):181–217, 1998.

    Google Scholar 

  32. Ray I., Bertino E., Jajodia S., and Mancini L. An advanced commit protocol for MLS distributed database systems. In Proc. 3rd ACM Conf. on Computer and Communications Security, 1996, pp. 119–128.

    Google Scholar 

  33. Ray I., McConnell R., Lunacek M., and Kumar V. Reducing damage assessment latency in survivable databases. In Proc. 21st British National Conf. on Databases, 2004.

    Google Scholar 

  34. Reed D. and Kanodia R. Synchronizations with event counts and sequencers. Commun. ACM, 22(5):115–123, 1979.

    MATH  Google Scholar 

  35. Schaefer M. Quasi-synchronization of readers and writers in a multi-level environment. Tech. Rep. TM-5407/003, System Development Corporation, 1974.

    Google Scholar 

  36. Smith K.P., Blaustein B.T., Jajodia S., and Notargiacomo L. Correctness criteria for multilevel secure transactions. IEEE Trans. Knowl. Data Eng., 8(1):32–45, 1996.

    Google Scholar 

  37. Son S., Mukkamala R., and David R. Integrating security and real-time requirements using covert channel capacity. IEEE Trans. Knowl. Data Eng., 12(6):865–879, 2000.

    Google Scholar 

  38. Yu M., Liu P., and Zang W. Multi-version attack recovery for workflow systems. In Proc. 19th Annual Computer Security Applications Conf., 2003, pp. 142–151.

    Google Scholar 

  39. Zhu Y., Xin T., and Ray I. Recovering from malicious attacks in workflow systems. In Proc. 16th Int. Conf. Database and Expert Syst. Appl., 2005.

    Google Scholar 

  40. Zuo Y. and Panda B. Damage discovery in distributed database systems. In Proc. 18th IFIP WG11.3 Working Conf. on Data and Applications Security, 2004.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Colorado State University, Fort Collins, CO, USA

    Indrakshi Ray

Authors
  1. Indrakshi Ray
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. College of Computing, Georgia Institute of Technology, 266 Ferst Drive, 30332-0765, Atlanta, GA, USA

    LING LIU (Professor) (Professor)

  2. Database Research Group David R. Cheriton School of Computer Science, University of Waterloo, 200 University Avenue West, N2L 3G1, Waterloo, ON, Canada

    M. TAMER ÖZSU (Professor and Director, University Research Chair) (Professor and Director, University Research Chair)

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer Science+Business Media, LLC

About this entry

Cite this entry

Ray, I. (2009). Secure Transaction Processing. In: LIU, L., ÖZSU, M.T. (eds) Encyclopedia of Database Systems. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-39940-9_331

Download citation

Publish with us

Policies and ethics

Search

Navigation