Advanced transaction processing in multilevel secure file stores

The concurrency control requirements for transaction processing in a multilevel secure file system are different from those in conventional transaction processing systems. In particular, there is the need to coordinate transactions at different security levels avoiding both potential timing covert channels and the starvation of transactions at higher security levels. Suppose a transaction at a lower security level attempts to write a data item that is being read by a transaction at a higher security level. On the one hand, a timing covert channel arises if the transaction at the lower security level is either delayed or aborted by the scheduler. On the other hand, the transaction at the high security level may be subjected to an indefinite delay if it is forced to abort repeatedly. This paper extends the classical two-phase locking mechanism to multilevel secure file systems. The scheme presented here prevents potential timing covert channels and avoids the abort of higher level transactions nonetheless guaranteeing serializability. The programmer is provided with a powerful set of linguistic constructs that supports exception handling, partial rollback, and forward recovery. The proper use of these constructs can prevent the indefinite delay in completion of a higher level transaction, and allows the programmer to trade off starvation with transaction isolation     

ASEP: a secure and flexible commit protocol for MLS distributeddatabase systems

The classical Early Prepare (EP) commit protocol, used in many commercial systems, is not suitable for use in multi-level secure (MLS) distributed database systems that employ a locking protocol for concurrency control. This is because EP requires that read locks are not released by a participant during their window of uncertainty; however, it is not possible for a locking protocol to provide this guarantee in a MLS system (since the read lock of a higher-level transaction on a lower-level data object must be released whenever a lower-level transaction wants to write the same data). The only available work in the literature, namely the Secure Early Prepare (SEP) protocol, overcomes this difficulty by aborting those distributed transactions that release their low-level read locks prematurely. We see this approach as being too restrictive. One of the major benefits of distributed processing is its robustness to failures, and SEP fails to take advantage of this. In this paper, we propose the Advanced Secure Early Prepare (ASEP) commit protocol to solve the above problem, together with a number of language primitives that can be used as system calls in distributed transactions. These primitives permit features like partial rollback and forward recovery to be incorporated within the transaction model, and allow a distributed transaction to proceed even when a participant has released its low-level read locks prematurely. This not only offers flexibility, but can also be used, if desired, by a sophisticated programmer to trade off consistency for atomicity of the distributed transaction     

Transaction processing in multilevel secure databases withkernelized architecture: Challenges and solutions

Multilevel security poses many challenging problems for transaction processing. The challenges are due to the conflicting requirements imposed by confidentiality, integrity, and availability-the three components of security. We identify these requirements on transaction processing in Multilevel Secure (MLS) database management systems (DBMSs) and survey the efforts of a number of researchers to meet these requirements. While our emphasis is primarily on centralized systems based on kernelized architecture, we briefly overview the research in the distributed MLS DBMSs as well     

Database concurrency control in multilevel secure databasemanagement systems

Concurrent execution of transactions in database management systems (DBMSs) may lead to contention for access to data, which in a multilevel secure DBMS (MLS/DBMS) may lead to insecurity. Security issues involved in database concurrency control for MLS/DBMSs are examined, and it is shown how a scheduler can affect security. Data conflict security, (DC-security), a property that implies a system is free of covert channels due to contention for access to data, is introduced. A definition of DC-security based on noninterference is presented. Two properties that constitute a necessary condition for DC-security are introduced along with two simpler necessary conditions. A class of schedulers called output-state-equivalent is identified for which another criterion implies DC-security. The criterion considers separately the behavior of the scheduler in response to those inputs that cause rollback and those that do not. The security properties of several existing scheduling protocols are characterized. Many are found to be insecure     

Design of LDV: a multilevel secure relational database managementsystem

The authors describe the design of a secure database system,LDV (Lock Data Views), that builds upon the classical security policies for operating systems. LDV is hosted on the LOgical Coprocessing Kernel (LOCK) Trusted Computing Base (TCB). LDVs security policy builds on the security policy of LOCK. Its design is based on three assured pipelines for the query, update, and metadata management operations. The authors describe the security policy of LDV, its system architecture, the designs of the query processor, the update processor, the metadata manager, and the operating system issues. LDVs solutions to the inference and aggregation problems are also described     

A belief-consistent multilevel secure relational data model

Multilevel relations, based on the current multilevel secure (MLS) relational data models, can present a user with information that is difficult to interpret and may display an inconsistent outlook about the views of other users. Such ambiguity is due to the lack of a comprehensive method for asserting and interpreting beliefs about information at lower security levels. In this paper we present a belief-consistent MLS relational database model which provides an unambiguous interpretation of all visible information and gives the user access to the beliefs of users at lower security levels, neither of which was possible in any of the existing models. We identify different beliefs that can be held by users at higher security levels about information at lower security levels, and introduce a mechanism for asserting beliefs about all accessible tuples. This mechanism provides every user with an unambiguous interpretation of all viewable information and presents a consistent account of the views at all levels visible to the user. In order to implement this assertion mechanism, new database operations, such as verify true and verify false, are presented. We specify the constraints for the write operations, such as update and delete, that maintain belief consistency and redefine the relational algebra operations, such as select, project, union, difference and join.     

Threat modeling of a mobile device management system for secure smart work

To enhance the security of mobile devices, enterprises are developing and adopting mobile device management systems. However, if a mobile device management system is exploited, mobile devices and the data they contain will be compromised. Therefore, it is important to perform extensive threat modeling to develop realistic and meaningful security requirements and functionalities. In this paper, we analyze some current threat modeling methodologies, propose a new threat modeling methodology and present all possible threats against a mobile device management system by analyzing and identifying threat agents, assets, and adverse actions. This work will be used for developing security requirements such as a protection profile and design a secure system.     

分布式约束管理系统的设计与实现

介绍了一种并行工程中分布式的束管理系统的设计与实现的方法,该系统采用束满足问题的求解算法作为核心,可以求解约束网络中连续变量的可行值域,采用C/S结构及分布式数据库产品,具有分布式的特点,以支持IPT地理位置的分布特点,它可及时地发现冲突针对冲突信息,可从冲突仲裁系统的实例库中获得可行的解决方案,最后通过一个转向架设计的应用实例说明了该系统的有效性。     

Anticipation based on constraint processing in a multi-agent context

Anticipation is a general concept used and applied in various domains. Many studies in the field of artificial intelligence have investigated the capacity for anticipation. In this article, we focus on the use of anticipation in multi-agent coordination, particularly preventive anticipation which consists of anticipating undesirable future situations in order to avoid them. We propose to use constraint processing to formalize preventive anticipation in the context of multi-agent coordination. The resulting algorithm allows any action that may induce an undesirable future state to be detected upstream of any multi-agent coordination process. Our proposed method is instantiated in a road traffic simulation tool. For the specific question of simulating traffic at road junctions, our results show that taking anticipation into account allows globally realistic behaviors to be reproduced without provoking gridlock between the simulated vehicles.     

S-Shark安全工作流管理系统设计与实现*

以工作流信息模型安全机制不足为研究对象,通过模型扩展的方法,建立一种安全工作流访问控制模型ETRBAC。该模型在典型T-RBAC模型基础上,提出了职责分离约束和基数约束等问题的解决方案。结合优秀开源工作流管理系统Shark,设计并实现了ETRBAC模型中的相关安全机制,形成S-Shark(secure-Shark)工作流管理系统。S-Shark具有安全性、易用性和可扩展性等优势。     

多级分布式网络安全管理系统研究

对多级分布式的大型网络进行集中安全管理,可以有效提高网络的安全防御能力和安全管理效率,成为网络安全研究的一个迫切问题。阐述一种多级分布式安全管理系统(MD-SMSMultilevelandDistributedSecurityManagementSystem),首先描述其体系结构,然后讨论设备建模和应急处理等问题,最后以Worm_Sasser蠕虫为例,分析其网络协同防御能力。     

A semantic framework of the multilevel secure relational model

A multilevel relational database represents information in a multilevel state of the world, which is the knowledge of the truth value of a statement with respect to a level in a security lattice. The authors develop a semantic framework of the multilevel secure relational model with tuple-level labelling, which formalizes the notion of validity in multilevel relational databases. They also identify the multilevel security properties that precisely characterize the validity of multilevel relational databases, which can be maintained efficiently. Finally, they give an update semantics of the multilevel secure relational model that preserves both integrity and secrecy     

A smart grid incorporated with ML and IoT for a secure management system

The economy, national safety, and health care are tremendously dependent on the faithful supply of power. The communication technology integration and sensors in power systems have been authorized as a smart grid (SG) that is revolutionizing the model of power generation, distribution, monitoring, and control. To know the Smart Grid compatibility, many problems are required to be directed. The safety of the smart grid is the most challenging function and very crucial difficulties. This paper proposed, a safe demand-side management machine deploying machine learning for the Internet of Things authorized phase is recommended. The propounded demand-side management (DSM) machine protects the effective energy use based on their preferences. A particular flexibility sample was proposed to manage incursion into the smart grid. Anelastic agent prognosticates swindling companies, the ML classifiers are utilized. Promoted power management and intermediate control companies are recommended for processing power data to improve energy usage. The proposed project's effective simulation is implemented to examine the efficiency. The outcome of the analysis discloses that the planned demand-side management (DSM) machine is less susceptible to the incursion and it is sufficient to decrease the smart grid's energy consumption.     

Security enhancement for anonymous secure e-voting over a network

An electronic voting system makes it possible for the voters to cast their ballots over the computer network. Hence, voters can participate in elections without having to go to the polling places, which is more convenient and efficient. To design a practical voting scheme, Mu and Varadharajan have recently proposed an anonymous secure electronic voting scheme to be applied over the network. It does not only protect voters' privacy and prevent double voting, but also suits large-scale elections. However, the scheme has a weakness in security; that is, some voters may still double vote without being detected and may even reveal information they should not. In this paper, we shall show this weakness and improve the scheme to increase the protection against fraudulence.     

Open-loop non-iterative co-ordination in a multilevel system

Many systems have a hierarchical structure: computer networks, ecological systems, the economy of the European Union. The reason for studying hierarchical systems was that direct computation of optimal control solutions for large-scale systems is a rather difficult and time-consuming job. The hierarchical multilevel theory intends to resolve the discrepancy between the complex requirements of the control process and the restrictions on computer power. Decomposition and co-ordination are tools which are applicable in the hierarchical multilevel theory.     

Alternative correctness criteria for concurrent execution oftransactions in multilevel secure databases

Investigates issues related to transaction concurrency control in multilevel secure databases. This paper demonstrates how the conflicts between the correctness requirements and the secrecy requirements can be reconciled by proposing two different solutions. It first explores the correctness criteria that are weaker than one-copy serializability. Each of these weaker criteria, though not as strict as one-copy serializability, is required to preserve database consistency in some meaningful way, and moreover, its implementation does not require the scheduler to be trusted. It proposes three different, increasingly stricter notions of serializability (level-wise serializability, one-item read serializability and pair-wise serializability) that can serve as substitutes for one-copy serializability. The paper then investigates secure concurrency control protocols that generate one-copy serializable histories and presents a multiversion timestamping protocol that has several very desirable properties: it is secure, produces multiversion histories that are equivalent to serial one-copy histories in which transactions are placed in a timestamp order, eliminates starvation and can be implemented using single-level untrusted schedulers     

移动自组网中多级安全事务的并发控制

为满足移动自组网(MANETS)多级事务处理的安全性和并发性要求,将多版本两段锁协议运用到MANETS多级事务中。该协议有效地解决了由于竞争产生的错误的事务调度以及安全问题。模拟仿真结果表明,多版本两段锁协议在延迟截至时间率和重启动率方面比单一的多版本协议或者单一的两段锁协议都要低。     

Production management as a constraint satisfaction problem

Production management problems can be quite straightforwardly presented as constraint satisfaction problems, where values for some variables are searched for under a set of constraints. A combination of an operation and a resource is usually interpreted as the variable, and a time window is usually interpreted as the value to be searched for. This convention is challenged. A case is considered where the most appropriate interpretation treats the combination of a resource and a time window as the variable, and an operation as the value. A third possible interpretation is also briefly covered, where the combination of an operation and a time window is the variable, and the resource is the value.     

A multilevel approach to pattern processing

This paper presents a methodology for describing multilevel pattern processing systems. It is suggested that any pattern processor can be adequately described in terms of multiple hierarchies of two types of fundamental mechanism: (1) a process which performs the pattern recognition functions of analysis and synthesis and (2) a process which performs the syntactic functions of parsing and generation. A computer implementation of these principles is outlined which enables a range of systems to be configured. Examples of speech and non-speech pattern processing are presented.     

移动环境中多级网络安全切换策略设计

将异构移动网络抽象成多级网络模型,将多级安全引入切换过程,设计了基于MLS（Multilevel Security）的安全切换策略。该策略针对用户连续切换产生的信息泄露问题,规定保证安全等级不降低的约束条件,保证切换过程中用户与网络的安全,并且与其他方案相比,能够提供更全面的安全保护。经形式化证明,该策略是安全的。