Secure transaction processing in firm real-time database systems

Abstract

Many real-time database applications arise in safety-critical installations and military systems where enforcing security is crucial to the success of the enterprise. A secure real-time database system has to simultaneously satisfy who requirements guarantee data security and minimize the number of missed transaction deadlines. We investigate here the performance implications, in terms of missed deadlines, of guaranteeing security in a real-time database system. In particular, we focus on the concurrency control aspects of this issue. Our main contributions are the following: First, we identify which among the previously proposed real-time concurrency control protocols are capable of providing protection against both direct and indirect (covert channels) means of unauthorized access to data. Second, using a detailed simulation model of a firm-deadline real-time database system, we profile the real-time performance of a representative set of these secure concurrency control protocols. Our experiments show that a prioritized optimistic concurrency control protocol. OPT-WAIT, provides the best overall performance. Third, we propose and evaluate a novel dual approach to secure transaction concurrency control that allows the real-time database system to simultaneously use different concurrency control mechanisms for guaranteeing security and for improving real-time performance. By appropriately choosing these different mechanisms, we have been able to design hybrid concurrency control algorithms that provide even better performance than OPT-WAIT.