Supporting security requirements in multilevel real-time databases

R. David, S.H. Son, R. Mukkamala
Proceedings 1995 IEEE Symposium on Security and Privacy  
Database systems for real-time applications must satisfy timing constraints associated with transactions, in addition to maintaining data consistency. In addition to real-time requirements, security is usually required in many applications. Multilevel security requirements introduce a new dimension to transaction processing in real-time database systems. In this paper, we argue that due to the con icting goals of each requirement, trade-o s need to be made between security and timeliness. We
more » ... de ne capacity, a measure of the degree to which security is being satis ed by a system. A secure two-phase locking protocol is then described and a scheme is proposed to allow partial violations of security for improved timeliness. The capacity of the resultant covert channel is derived and a feedback control scheme is proposed that does not allow the capacity to exceed a speci ed upper bound.
doi:10.1109/secpri.1995.398933 dblp:conf/sp/DavidSM95 fatcat:q46kj3dai5bvho3dplyvsu2cxe