Synonyms
Cloud Computing; Database Security; Data Confidentiality; Privacy; Multilevel Secure Database Management System; Transaction Processing
Definition
Secure transaction processing refers to execution of transactions that cannot be exploited to cause security breaches.
Historical Background
Research in making transaction processing secure has progressed along different directions. Early research in this area was geared toward military applications. Such applications are characterized by having a set of security levels which are partially ordered using the dominance relation. Information is transmitted through read and write operations on data items belonging to the various levels. Information is allowed to flow from a dominated level to a dominating level but all other flows are illegal. Traditional concurrency control and recovery algorithms cause illegal information flow. Most research in this area involved providing new architectures, concurrency control, and recovery...
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsRecommended Reading
Ahmed Q, Vrbsky S. Maintaining security in firm real-time database systems. In: Proceedings of the 14th Annual Computer Security Applications Conference; 1998.
Ammann P, Jaeckle F, Jajodia S. A two-snapshot algorithm for concurrency control in secure multi-level databases. In: Proceedings of the IEEE Symposium on Security and Privacy; 1992. p. 204–15.
Ammann P, Jajodia S. Distributed timestamp generation in planar lattice networks. ACM Trans Comput Syst. 1993;11(3):205–25.
Ammann P, Jajodia S. An efficient multiversion algorithm for secure servicing of transaction reads. In: Proceedings of the 1st ACM Conference on Computer and Communication Security; 1994. p. 118–25.
Ammann P, Jajodia S, Frankl P. Globally consistent event ordering in one-directional distributed environments. IEEE Trans Parallel Distrib Syst. 1996;7(6):665–70.
Ammann P, Jajodia S, Liu P. Recovery from malicious transactions. IEEE Trans Knowl Data Eng. 2002;14(5):1167–85.
Ammann P, Jajodia S, McCollum C, Blaustein B. Surviving information warfare attacks on databases. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy; 1997.
Atluri V, Bertino E, Jajodia S. Degrees of isolation, concurrency control protocols, and commit protocols. In: Proceedings of the IFIP WG11.3 Working Conference on Database Security; 1995. p. 259–74.
Atluri V, Huang W-K. Enforcing mandatory and discretionary security in workflow management systems. J Comput Secur. 1997;5(4):303–40.
Atluri V, Huang W-K, Bertino E. A semantic-based execution model for multilevel secure workflows. J Comput Secur. 2000;8(1):3–42.
Atluri V, Jajodia S, Keefe TF, McCollum C, Mukkamala R. Multilevel secure transaction processing: status and prospects. In: Proceedings of the 10th IFIP WG11.3 Working Conference on Database Security. Como; 1996.
Bell DE, LaPadula LJ. Secure computer system: unified exposition and multics interpretation. Technical Report MTR-2997, MITRE Corporation, Bedford; 1975.
Biswas D, Vidyasankar K. Secure cloud transactions. Comput Syst Sci Eng. 2013;28(6):439–48.
Blaustein BT, Jajodia S, McCollum CD, Notargiacomo L. A model of atomicity for multilevel transactions. In: Proceedings of the IEEE Symposium on Research in Security and Privacy; 1993. p. 120–34.
Costich O. Transaction processing using an untrusted scheduler in a multilevel database with replicated architecture. In: Proceedings of the IFIP WG11.3 Working Conference on Database Security; 1992. p. 173–90.
Curino C, Jones EPC, Popa RA, Malviya N, Wu E, Madden S, Balakrishnan H, Zeldovich N. Relational cloud: a database service for the cloud. In: Proceedings of the 5th Biennial Conference on Innovative Data Systems Research; 2011. p. 235–40.
George B, Haritsa JR. Secure concurrency control in firm real-time database systems. Distrib Parallel Databases. 2000;8(1):41–83.
Iskander MK, Wilkinson DW, Lee AJ, Chrysanthis PK. Enforcing policy and data consistency of cloud transactions. In: Proceedings of the 31st International Conference on Distributed Computing Systems Workshops; 2011. p. 253–62. IEEE.
Jajodia S, Atluri V. Alternative correctness criteria for concurrent execution of transactions in multilevel secure databases. In: Proceedings of the IEEE Symposium on Security and Privacy; 1992. p. 216–24.
Jajodia S, Kogan B. Integrating an object-oriented data model with multilevel security. In: Proceedings of the IEEE Symposium on Security and Privacy; 1990. p. 76–85.
Kang IE, Keefe TF. Transaction management for multilevel secure replicated databases. J Comput Secur. 1995;3(2/3):115–45.
Kang K, Son SH, Stankovic J. STAR: secure real-time transaction processing with timeliness guarantees. In: Proceedings of the 23rd IEEE Real-time Systems Symposium; 2002.
Keefe TF, Tsai WT. Multiversion concurrency control for multilevel secure databases. In: Proceedings of the IEEE Symposium on Security and Privacy; 1990. p. 369–83
Lala C, Panda B. Evaluating damage from cyber attacks: a model and analysis. IEEE Trans Syst Man Cybern Part A. 2001;31(4):300–10.
Lamport L. Concurrent reading and writing. Commun ACM. 1977;20(11):806–11.
Liu P, Hao X. Efficient damage assessment and repair in resilient distributed database systems. In: Proceedings of the 15th IFIP WG11.3 Working Conference on Data and Application Security; 2001. p. 75–89.
Liu P, Jajodia S. Multi-phase damage confinement in database systems for intrusion tolerance. In: Proceedings of the 14th IEEE Computer Security Foundations Workshop; 2001.
Maimone WT, Greenberg IB. Single-level multiversion schedulers for multilevel secure database systems. In: Proceedings of the 6th Annual Computer Security Applications Conference; 1990. p. 137–47.
McDermott J, Jajodia S, Sandhu R. A single-level scheduler for replicated architecture for multilevel secure databases. In: Proceedings of the 7th Annual Computer Security Applications Conference; 1991. p. 2–11.
OASIS. Web services security: SOAP message security, 2; 2006.
OASIS.WS-SecureConversation, 3; 2007.
OASIS.Web services atomic transaction, 2; 2009.
OASIS. WS-Trust, 4; 2012.
Pal S. A locking protocol for multilevel secure databases providing support for long transactions. In: Proceedings of the 10th IFIP WG11.3 Working Conference on Database Security; 1996. p. 183–98.
Panda B, Giordano J. Reconstructing the database after electronic attacks. In: Proceedings of the 12th IFIP WG11.3 International Working Conference on Database Security; 1998.
Panda B, Haque KA. Extended data dependency approach: a robust way of rebuilding database. In: Proceedings of the 2002 ACM Symposium on Applied Computing; 2002.
Park C, Park S, Son SH. Multiversion locking protocol with freezing for secure real-time database systems. IEEE Trans Knowl Data Eng. 2002;14(5):1141–54.
Popa RA, Redfield C, Zeldovich N, Balakrishnan H. Cryptdb: protecting confidentiality with encrypted query processing. In: Proceedings of the 12rd ACM Symposium on Operating Systems Principles; 2011. p. 85–100. ACM
Ray I, Ammann P, Jajodia S. A semantic-based transaction processing model for multi-level transactions. J Comput Secur. 1998;6(3):181–217.
Ray I, Bertino E, Jajodia S, Mancini L. An advanced commit protocol for MLS distributed database systems. In: Proceedings of the 3rd ACM Conference on Computer and Communications Security; 1996. p. 119–28.
Ray I, McConnell RM, Lunacek M, Kumar V. Reducing damage assessment latency in survivable databases. In: Proceedings of the 21st British National Conference on Databases; 2004.
Reed DP, Kanodia RK. Synchronizations with event counts and sequencers. Commun ACM. 1979;22(5):115–23.
Schaefer M. Quasi-synchronization of readers and writers in a multi-level environment. Technical Report TM-5407/003, System Development Corporation; 1974.
Smith KP, Blaustein BT, Jajodia S, Notargiacomo L. Correctness criteria for multilevel secure transactions. IEEE Trans Knowl Data Eng. 1996;8(1):32.
Son SH, Mukkamala R, David R. Integrating security and real-time requirements using covert channel capacity. IEEE Trans Knowl Data Eng. 2000;12(6):865–79.
Tan CC, Liu Q, Wu J. Secure locking for untrusted clouds. In: Proceedings of the IEEE International Conference on Cloud Computing; 2011. p. 131–8.
Williams P, Sion R, Shasha D. The blind stone tablet: outsourcing durability to untrusted parties. In: Proceedings of the Network Distributed System Security Symposium; 2009.
Wu J. Distributed system design. Boca Raton: CRC Press; 1998.
Yu M, Liu P, Zang W. Multi-version attack recovery for workflow systems. In: Proceedings of the 9th Annual Computer Security Applications Conference; 2003. p. 142–51
Zhu Y, Xin T, Ray I. Recovering from malicious attacks in workflow systems. In: Proceedings of the 16th International Conference on Database and Expert Systems; 2005.
Zuo Y, Panda B. Damage discovery in distributed database systems. In: Proceedings of the 18th IFIP WG11.3 Working Conference on Data and Applications Security; 2004.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Science+Business Media, LLC, part of Springer Nature
About this entry
Cite this entry
Ray, I., Buddhika, T. (2018). Secure Transaction Processing. In: Liu, L., Özsu, M.T. (eds) Encyclopedia of Database Systems. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-8265-9_331
Download citation
DOI: https://doi.org/10.1007/978-1-4614-8265-9_331
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-8266-6
Online ISBN: 978-1-4614-8265-9
eBook Packages: Computer ScienceReference Module Computer Science and Engineering