Kernelized Database Systems Security

There are two main types of security in database systems: discretionary security and mandatory security. Discretionary security restricts access to data items at the discretion of the owner. Most commercial database management systems (DBMS) employ some form of discretionary security by controlling access privileges and modes of data users (Griffiths & Wade, 1976). Discretionary security is not adequate in a multilevel secure environment, however, because it does not prevent Trojan horse attacks and provides a low level of assurance. Mandatory security, on the other hand, restricts access of data items to cleared database users. It is widely exploited in military applications and provides a high assurance. Numerous commercial and military applications require a multilevel secure database management system (MLS/DBMS). In a MLS/DBMS, database users are assigned classification levels and data items are assigned sensitivity levels. Usually, three architectures are used to provide security in MLS/DBMS. These architectures are the integrity lock or spray paint architecture, the data distribution architecture, and the kernelized architecture. The integrity lock and the data distribution architectures are outside the scope of this work. We focus only on the kernelized architecture. In the kernelized architecture, data are physically stored in separate databases or containers according to sensitivity level. A multilevel relation is thus divided into single-level relations, each stored in a separate container. All containers are under the control of the common DBMS. The security of the system is largely dependent on the security of the operating system. Hence, the DBMS security is only as good as the underlying operating system. However, it is the responsibility of the MLS/ DBMS to ensure that users can access only those data items for which they have been granted clearance. The advantages of this architecture are that it is fairly secure and the kernel needed to implement it if relatively small. However, there are also several disadvantages. One major disadvantage is performance overhead associated with managing and executing multilevel transactions. In this article, we present an efficient model for concurrency control in kernelized databases. We show that the model is correct, secure, and provides a solution to the concurrency control problem. BACKGROUND