Using Two-Phase Commit for Crash Recovery in Federated Multilevel Secure Database Management Systems

Abstract

In a federated database management system, a collection of autonomous database management systems (DBMSs) agree to cooperate to make data available for sharing and to process distributed retrieval and update queries. Distributed transactions can access data across multiple DBMSs. Securing such an environment requires a method that coordinates processing of these distributed requests to provide distributed transaction atomicity without security compromise. An open question is how much of its scheduling process an individual DBMS must expose to the federation in order to allow sufficient coordination of distributed transactions. In this paper, we address the application of the two-phase commit protocol, which is emerging as the dominant method of providing transaction atomicity for crash recovery in the conventional (single-level) distributed DBMS area, to the federated multilevel secure (MLS) DBMS environment. We discuss the limits of its applicability and identify the conditions that must be satisfied by the individual DBMSs in order to participate in the federation.