Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Trustworthy Global Computing

TGC 2013: Trustworthy Global Computing pp 64–79Cite as

Security Correctness for Secure Nested Transactions

Extended Abstract

  • Conference paper
  • First Online:

  • 494 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 8358))

Abstract

Secure nested transactions have been introduced as a synthesis of two long-standing lines of research in computer security: security correctness for multilevel databases, and language-based security. The motivation is to consider information flow control for certain classes of concurrent applications. This article describes a noninterference result for secure nested transactions, based on observational equivalence. A semantics for secure nested transactions is provided based on an extension of the pi-calculus with nested transactions, the \(\mathbf {Tau}_{\mathbf {One}}\) calculus. A novelty of this semantics is a constrained labelled transition system, where local transition rules place logical constraints on the global state of the transactional context. This context is described by a notion of logs, an abstraction for factoring transactional state out of the usual description of concurrent processes. An advantage of this approach is that it allows the consideration of security properties such as noninterference independently of transactional properties such as serializability.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Even if lock-based concurrency control is replaced by some other notion, such as optimistic concurrency control, we will still require messages from low to high processes to be handled in a special, linear fashion. Therefore we will still need a construct similar to these messages, whether we call them locks or something else.

References

  1. Piazza, C., Bossi, A., Rossi, S.: Compositional information flow security for concurrent programs. J. Comput. Secur. 15(3), 373–416 (2007)

    Google Scholar 

  2. Atluri, V., Jajodia, S., George, B.: Multilevel Secure Transaction Processing. Kluwer Academic, Boston (1999)

    Google Scholar 

  3. Bertino, E., Catania, B., Ferrari, E.: A nested transaction model for multilevel secure database management systems. ACM Trans. Inf. Syst. Secur. 4, 321–370 (2001)

    Article  Google Scholar 

  4. Boudol, G., Castellani, I.: Noninterference for concurrent programs and thread systems. Theor. Comput. Sci. 281(1–2), 109–130 (2002)

    Article  MATH  MathSciNet  Google Scholar 

  5. Crafa, S., Rossi, S.: A theory of noninterference for the \(\pi \)-calculus. In: De Nicola, R., Sangiorgi, D. (eds.) TGC 2005. LNCS, vol. 3705, pp. 2–18. Springer, Heidelberg (2005)

    Google Scholar 

  6. Denning, D.E., Denning, P.J.: Certifications of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)

    Article  MATH  Google Scholar 

  7. Duggan, D., Wu, Y.: Transactional correctness for secure nested transactions. In: Bruni, R., Sassone, V. (eds.) TGC 2011. LNCS, vol. 7173, pp. 179–196. Springer, Heidelberg (2012)

    Google Scholar 

  8. Duggan, D., Wu, Y.: Security correctness for secure nested transactions. Technical Report 2013–4, Stevens Institute of Technology. http://www.jeddak.org/Results/Stevens-CS-TR-2013-4.pdf (2013)

  9. Focardi, R., Gorrieri, R.: Classification of security properties (part i: information flow). In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 331–396. Springer, Heidelberg (2001)

    Google Scholar 

  10. Focardi, R., Rossi, S.: Information flow security in dynamic contexts. In: Computer Security Foundations Workshop, pp. 307–319. IEEE Press (2002)

    Google Scholar 

  11. Hennessy, M.: The security picalculus and non-interference. J. Logic Algebraic Program. 63, 3–34 (2004)

    Article  MathSciNet  Google Scholar 

  12. Hennessy, M., Riely, J.: Information flow vs resource access in the asynchronous pi-calculus. TOPLAS 24(5), 566–591 (2002)

    Article  Google Scholar 

  13. Honda, K., Vasconcelos, V.T., Yoshida, N.: Secure information flow as typed process behaviour. In: Smolka, G. (ed.) ESOP 2000. LNCS, vol. 1782, pp. 180–199. Springer, Heidelberg (2000)

    Google Scholar 

  14. Honda, K., Yoshida, N.: A uniform type structure for secure information flow. In: POPL, pp. 81–92. ACM (2002)

    Google Scholar 

  15. Kobayashi, N.: Type-based information flow analysis for the pi-calculus. Acta Inf. (2003)

    Google Scholar 

  16. Moss, E.B.: Nested transactions: an approach to reliable distributed computing. Ph.D. thesis, Massachusetts Institute of Technology, Cambridge, MA, USA (1981)

    Google Scholar 

  17. Pottier, F.: A simple view of type-secure information flow in the pi-calculus. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop, pp. 320–330 (2002)

    Google Scholar 

  18. Ryan, P.Y.A., Schneider, S.A.: Process algebra and non-interference. In: CSFW ’99: Proceedings of the 12th IEEE Workshop on Computer Security Foundations, p. 214. IEEE Computer Society, Washington, DC (1999)

    Google Scholar 

  19. Sabelfeld, A.: Semantic models for the security of sequential and concurrent programs. Ph.D. thesis, Chalmers University of Technology and Gothenburg University, Gothenburg, Sweden, May 2001

    Google Scholar 

  20. Sabelfeld, A., Mantel, H.: Static confidentiality enforcement for distributed programs. In: Hermenegildo, M., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 376–394. Springer, Heidelberg (2002)

    Google Scholar 

  21. Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5–19 (2003)

    Article  Google Scholar 

  22. Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: Proceedings of ACM Symposium on Principles of Programming Languages, pp. 19–21 (1998)

    Google Scholar 

  23. Stefan, D., Russo, A., Buiras, P., Levy, A., Mitchell, J.C., Mazières, D.: Addressing covert termination and timing channels in concurrent information flow systems. In: Proceedings of ACM International Conference on Functional Programming. Association for Computing Machinery (2012)

    Google Scholar 

  24. Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. J. Comput. Secur. 4(3), 167–187 (1996)

    Google Scholar 

  25. Zdancewic, S., Myers, A.C.: Observational determinism for concurrent program security. In: Proceedings of the 16th IEEE Computer Security Foundations Workshop, pp. 29–43 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Stevens Institute of Technology, Hoboken, NJ, 07030, USA

    Dominic Duggan

  2. Tencent, Kejizhongyi Avenue, Hi-tech Park, Nanshan District, Shenzhen, China

    Ye Wu

  3. Baidu Inc, 23F, MaoYe Time Square, Nanshan District, Shenzhen , 518000, China

    Ye Wu

Authors
  1. Dominic Duggan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ye Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dominic Duggan .

Editor information

Editors and Affiliations

  1. Microsoft Research, Mountain View, California, USA

    Martín Abadi

  2. IMT Institute for Advanced Studies, Lucca, Italy

    Alberto Lluch Lafuente

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Duggan, D., Wu, Y. (2014). Security Correctness for Secure Nested Transactions. In: Abadi, M., Lluch Lafuente, A. (eds) Trustworthy Global Computing. TGC 2013. Lecture Notes in Computer Science(), vol 8358. Springer, Cham. https://doi.org/10.1007/978-3-319-05119-2_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-05119-2_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-05118-5

  • Online ISBN: 978-3-319-05119-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation