Abstract
Transaction-processing systems (TPS) are becoming increasingly more available as commercial products. However, the approaches to the issues associated with using TPS in multilevel secure environments are still in the research stage. In this article, we address the issues of multilevel security in distributed transaction-processing systems. A distributed transaction-processing system (DTPS) is a collection of a finite number of centralized transaction-processing systems connected by a computer network. Each of these transaction- processing systems is controlled by a software layer and can be accessed both remotely and locally. Properties of a DTPS, such as data replication, may have a substantial effect on the security of the system. The security policies and integrity constraints adopted at each site may result in global security having inconsistent states. We address the issues of achieving a multilevel secure DTPS, and discuss the security constraints and data replication. In this work, we address the issues of achieving a multilevel secure DTPSs system and discuss the security constraints and the replication of data items. The next section provides some background. Then, next, an overview of a distributed transaction-processing system is presented. In the fourth section, security-related issues are discussed. In the fifth section, a multilevel secure distributed transactionprocessing system is presented. Then, in the next section, future trends are presented. The final section concludes the article.
TopOverview Of Distributed Transaction-Processing Systems
A DTPS consists of a set of preexisting local TPSs {LTPSi | 1 d•i d” m}, distributed among several interconnected sites. Each LTPSi is a software layer on a set of data items Di. Figure 1 depicts the architecture of a DTPS.
Figure 1. Distributed transaction-processing system
Key Terms in this Chapter
Subject: This corresponds to a user or, more correctly, to a process that is running on behalf of a user
Multilevel Secure Transaction-Processing System: This is a system whereby database users are assigned classification levels, and data items are assigned sensitivity levels
Covert Channel: This is a channel that is not meant to route information, but nevertheless does
Two-Phase Commit (2PC): This is an atomic commitment protocol that behaves as follows: The coordinator asks the participants to vote on commitment
if any votes No: the coordinator informs all participants to Abort
if all participants voted Yes: then the coordinator informs all participants to Commit