A methodology for ensuring fair allocation of CSOC effort for alert investigation

International Journal of Information Security - A Cyber Security Operations Center (CSOC) often sells services by entering into a service level agreement (SLA) with various customers...     

ASEP: a secure and flexible commit protocol for MLS distributeddatabase systems

The classical Early Prepare (EP) commit protocol, used in many commercial systems, is not suitable for use in multi-level secure (MLS) distributed database systems that employ a locking protocol for concurrency control. This is because EP requires that read locks are not released by a participant during their window of uncertainty; however, it is not possible for a locking protocol to provide this guarantee in a MLS system (since the read lock of a higher-level transaction on a lower-level data object must be released whenever a lower-level transaction wants to write the same data). The only available work in the literature, namely the Secure Early Prepare (SEP) protocol, overcomes this difficulty by aborting those distributed transactions that release their low-level read locks prematurely. We see this approach as being too restrictive. One of the major benefits of distributed processing is its robustness to failures, and SEP fails to take advantage of this. In this paper, we propose the Advanced Secure Early Prepare (ASEP) commit protocol to solve the above problem, together with a number of language primitives that can be used as system calls in distributed transactions. These primitives permit features like partial rollback and forward recovery to be incorporated within the transaction model, and allow a distributed transaction to proceed even when a participant has released its low-level read locks prematurely. This not only offers flexibility, but can also be used, if desired, by a sophisticated programmer to trade off consistency for atomicity of the distributed transaction     

An Algebraic Representation of Calendars

This paper uses an algebraic approach to define temporal granularities and calendars. All the granularities in a calendar are expressed as algebraic expressions based on a single bottom granularity. The operations used in the algebra directly reflect the ways with which people construct new granularities from existing ones, and hence yield more natural and compact granularities definitions. Calendar is formalized on the basis of the algebraic operations, and properties of calendars are studied. As a step towards practical applications, the paper also presents algorithms for granule conversions between granularities in a calendar.     

Flexible Transaction Dependencies in Database Systems

Numerous extended transaction models have been proposed in the literature to overcome the limitations of the traditional transaction model for advanced applications characterized by their long durations, cooperation between activities and access to multiple databases (like CAD/CAM and office automation). However, most of these extended models have been proposed with specific applications in mind and almost always fail to support applications with slightly different requirements.We propose the Multiform Transaction model to overcome this limitation. The multiform transaction model supports a variety of other extended transaction models. A multiform transaction consists of a set of component transactions together with a set of coordinators which specify the transaction completion dependencies among the component transactions. A set of transaction primitives allow the programmer to define custom completion dependencies. We show how a wide range of extended transactions can be implemented as multiform transactions, including sagas, transactional workflows, nested transactions, and contingent transactions. We allow the programmers to define their own primitives—having very well-defined interfaces—so that application specific transaction models like distributed multilevel secure transactions can also be supported.     

Recovery from malicious transactions

Preventive measures sometimes fail to deflect malicious attacks. We adopt an information warfare perspective, which assumes success by the attacker in achieving partial, but not complete, damage. In particular, we work in the database context and consider recovery from malicious but committed transactions. Traditional recovery mechanisms do not address this problem, except for complete rollbacks, which undo the work of benign transactions as well as malicious ones, and compensating transactions, whose utility depends on application semantics. Recovery is complicated by the presence of benign transactions that depend, directly or indirectly, on the malicious transactions. We present algorithms to restore only the damaged part of the database. We identify the information that needs to be maintained for such algorithms. The initial algorithms repair damage to quiescent databases; subsequent algorithms increase availability by allowing new transactions to execute concurrently with the repair process. Also, via a study of benchmarks, we show practical examples of how offline analysis can efficiently provide the necessary data to repair the damage of malicious transactions.     

Advanced transaction processing in multilevel secure file stores

The concurrency control requirements for transaction processing in a multilevel secure file system are different from those in conventional transaction processing systems. In particular, there is the need to coordinate transactions at different security levels avoiding both potential timing covert channels and the starvation of transactions at higher security levels. Suppose a transaction at a lower security level attempts to write a data item that is being read by a transaction at a higher security level. On the one hand, a timing covert channel arises if the transaction at the lower security level is either delayed or aborted by the scheduler. On the other hand, the transaction at the high security level may be subjected to an indefinite delay if it is forced to abort repeatedly. This paper extends the classical two-phase locking mechanism to multilevel secure file systems. The scheme presented here prevents potential timing covert channels and avoids the abort of higher level transactions nonetheless guaranteeing serializability. The programmer is provided with a powerful set of linguistic constructs that supports exception handling, partial rollback, and forward recovery. The proper use of these constructs can prevent the indefinite delay in completion of a higher level transaction, and allows the programmer to trade off starvation with transaction isolation     

Correctness criteria for multilevel secure transactions

The benefits of distributed systems and shared database resources are widely recognized, but they often cannot be exploited by users who must protect their data by using label-based access controls. In particular, users of label-based data need to read and write data at different security levels within a single database transaction, which is not currently possible without violating multilevel security constraints. The paper presents a formal model of multilevel transactions which provide this capability. We define four ACIS (atomicity, consistency, isolation, and security) correctness properties of multilevel transactions. While atomicity, consistency and isolation are mutually achievable in standard single-site and distributed transactions, we show that the security requirements of multilevel transactions conflict with some of these goals. This forces trade-offs to be made among the ACIS correctness properties, and we define appropriate partial correctness properties. Due to such trade-offs, an important problem is to design multilevel transaction execution protocols which achieve the greatest possible degree of correctness. These protocols must provide a variety of approaches to making trade-offs according to the differing priorities of various users. We present three transaction execution protocols which achieve a high degree of correctness. These protocols exemplify the correctness trade-offs proven in the paper, and offer realistic implementation options     

Alternative correctness criteria for concurrent execution oftransactions in multilevel secure databases

Investigates issues related to transaction concurrency control in multilevel secure databases. This paper demonstrates how the conflicts between the correctness requirements and the secrecy requirements can be reconciled by proposing two different solutions. It first explores the correctness criteria that are weaker than one-copy serializability. Each of these weaker criteria, though not as strict as one-copy serializability, is required to preserve database consistency in some meaningful way, and moreover, its implementation does not require the scheduler to be trusted. It proposes three different, increasingly stricter notions of serializability (level-wise serializability, one-item read serializability and pair-wise serializability) that can serve as substitutes for one-copy serializability. The paper then investigates secure concurrency control protocols that generate one-copy serializable histories and presents a multiversion timestamping protocol that has several very desirable properties: it is secure, produces multiversion histories that are equivalent to serial one-copy histories in which transactions are placed in a timestamp order, eliminates starvation and can be implemented using single-level untrusted schedulers