ADVANCED TRANSACTION PROCESSING IN MULTILEVEL SECURE FILE STORES

The concurrency control requirements for transaction processing in a m ultilevel secure file system are different from those in conventional transaction processing systems. In particular, there is the need to co ordinate transactions at different security levels avoiding both poten tial timing covert channels and the starvation of transactions at high er security levels. Suppose a transaction at a lower security level at tempts to write a data item that is being read by a transaction at a h igher security level. On the one hand, a timing covert channel arises if the transaction at the lower security level is either delayed or ab orted by the scheduler. On the other hand, the transaction at the high security level may be subjected to an indefinite delay if it is force d to abort repeatedly. This paper extends the classical two-phase lock ing mechanism to multilevel secure file systems. The scheme presented here prevents potential timing covert channels and avoids the abort of higher level transactions nonetheless guaranteeing serializability. T he programmer is provided with a powerful set of linguistic constructs that supports exception handling, partial rollback, and forward recov ery. The proper use of these constructs can prevent the indefinite del ay in completion of a higher level transaction, and allows the program mer to trade off starvation with transaction isolation.