Re-thinking Kernelized MLS Database Architectures in the Context of Cloud-Scale Data Stores

  • Thuy D. Nguyen
  • Mark Gondree
  • Jean Khosalim
  • Cynthia Irvine
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8978)


We re-evaluate the kernelized, multilevel secure (MLS) relational database design in the context of cloud-scale distributed data stores. The transactional properties and global integrity properties for schema-less, cloud-scale data stores are significantly relaxed in comparison to relational databases. This is a new and interesting setting for mandatory access control policies, and has been unexplored in prior research. We describe the design and implementation of a prototype MLS column-store following the kernelized design pattern. Our prototype is the first cloud-scale data store using an architectural approach for highassurance; it enforces a lattice-based mandatory information flow policy, without any additional trusted components.We highlight several promising avenues for practical systems research in secure, distributed architectures implementing mandatory policies using Java-based untrusted subjects.


Cloud Computing Region Server Hadoop Distribute File System Separation Policy Server Blade 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, J.: Computer security technology planning study. Technical Report ESD-TR-73-51, The Mitre Corporation, Air Force Electronic Systems Division, Hanscom AFB, Bradford, MA (October 1972)Google Scholar
  2. 2.
    Apache Accumulo Project. Apache Accumulo user manual version 1.5 (2014)Google Scholar
  3. 3.
    Apache HBase Project. The Apache HBase reference guide (2014)Google Scholar
  4. 4.
    Back, G., Hsieh, W.C.: The KaffeOS java runtime system. ACM Trans. Program. Lang. Syst. 27(4), 583–630 (2005)CrossRefGoogle Scholar
  5. 5.
    Bates, A., Mood, B., Pletcher, J., Pruse, H., Valafar, M., Butler, K.: Detecting co-residency with active traffic analysis techniques. In: Proc. of the ACM Workshop on Cloud Computing Security, pp. 1–12 (2012)Google Scholar
  6. 6.
    Buxbaum, P.: Clouds at the edge: Army intel program deploys first tactical cloud computing node in Afghanistan. Geospatial Intelligence Forum 11(2), 8–12 (2013)Google Scholar
  7. 7.
    Candea, G., Fox, A.: Crash-only software. In: USENIX Workshop on Hot Topics in Operating Systems, pp. 67–72 (2003)Google Scholar
  8. 8.
    Chang, F., Dean, J., Ghemawat, S., Hsieh, W.C., Wallach, D.A., Burrows, M., Chandra, T., Fikes, A., Gruber, R.E.: Bigtable: A distributed storage system for structured data. ACM Trans. Comput. Syst. 26(2), 4:1–4:26 (2008)Google Scholar
  9. 9.
    Committee on Multilevel Data Management Security. Multilevel data management security. Technical report, Air Force Studies Board (1983)Google Scholar
  10. 10.
    Cooper, B.: YCSB core workloads (2010),
  11. 11.
    Cooper, B.F., Silberstein, A., Tam, E., Ramakrishnan, R., Sears, R.: Benchmarking cloud serving systems with YCSB. In: Proc. of the ACM Symp. on Cloud Computing, pp. 143–154 (2010)Google Scholar
  12. 12.
    Currie, W., Seddon, J.J.: A cross-country study of cloud computing policy and regulation in healthcare. In: Proc. of the 22nd European Conf. on Information Systems (2014)Google Scholar
  13. 13.
    Denning, D.E., Lunt, T.F., Schell, R.R., Shockley, W.R., Heckman, M.: The SeaView security model. In: Proc. of the IEEE Symp. on Security and Privacy, pp. 218–233 (1988)Google Scholar
  14. 14.
    George, L.: HBase: The Definitive Guide. O’Reilly Media (2011)Google Scholar
  15. 15.
    Graubart, R.D.: A comparison of three secure DBMS architectures. In: Database Security III: Status and Prospects, pp. 167–190 (1989)Google Scholar
  16. 16.
    Hanson, C.: SELinux and MLS: Putting the pieces together. In: Proc. of the Annual SELinux Symp. (2006)Google Scholar
  17. 17.
    Hinke, T.: Secure database management system architectural analysis. In: 2nd Aerospace Computer Security Conf., pp. 65–72 (1986)Google Scholar
  18. 18.
    Hinke, T.H., Schaefer, M.: Secure data management system. Technical Report RADC-TR-75-266, System Development Corp. (November 1975)Google Scholar
  19. 19.
    Hunt, P., Konar, M., Junqueira, F., Reed, B.: Zookeeper: Wait-free coordination for internet-scale systems. In: Proc. of the USENIX Annual Technical Conf. (2010)Google Scholar
  20. 20.
    Irvine, C.: A multilevel file system for high assurance. In: Proc. of the 1995 IEEE Symp. on Security and Privacy, pp. 78–87 (May 1995)Google Scholar
  21. 21.
    Irvine, C.E., Acheson, T., Thompson, M.F.: Building trust into a multilevel file system. In: Proc. 13th National Computer Security Conf., pp. 450–459 (1990)Google Scholar
  22. 22.
    Irvine, C.E., Nguyen, T.D., Shifflett, D.J., Levin, T.E., Khosalim, J., Prince, C., Clark, P.C., Gondree, M.: MYSEA: The Monterey security architecture. In: Proc. of the ACM Workshop on Scalable Trusted Computing, pp. 39–48 (2009)Google Scholar
  23. 23.
    Jaeger, T.: Operating System Security. Morgan and Claypool Publishers (2008)Google Scholar
  24. 24.
    Killion, T.: Future naval capabilities. In: NDIA 15th Annual Science and Engineering Technology Conf. (April 9, 2014)Google Scholar
  25. 25.
    Konkel, F.: Intelligence community builds cloud infrastructure. In: FCW (September 2013),
  26. 26.
    McDermott, J., Montrose, B., Li, M., Kirby, J., Kang, M.: Separation virtual machine monitors. In: Proc. of the Annual Computer Security Applications Conf., pp. 419–428 (2012)Google Scholar
  27. 27.
    Nguyen, T., Gondree, M., Khosalim, J., Irvine, C.: Towards a cross-domain MapReduce framework. In: IEEE MILCOM 2013, pp. 1436–1441 (2013)Google Scholar
  28. 28.
    Notargiacomo, L.: Architectures for MLS database management systems. In: Information Security: An Integrated Collection of Essays, pp. 439–459 (1995)Google Scholar
  29. 29.
    Porche III, I.R., Wilson, B., Johnson, E.-E., Tierney, S., Saltzman, E.: Data_flood: Helping the Navy Address the Rising Tide of Sensor Information. Rand (2014)Google Scholar
  30. 30.
    Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In: Proc. of 16th ACM Conf. on Computer and Communications Security, pp. 199–212 (2009)Google Scholar
  31. 31.
    Roy, I., Setty, S.T.V., Kilzer, A., Shmatikov, V., Witchel, E.: Airavat: Security and privacy for MapReduce. In: Proc. of the USENIX Conf. on Networked Systems Design and Implementation (NSDI), p. 20 (2010)Google Scholar
  32. 32.
    Shockley, W., Schell, R., Thompson, M.F.: The importance of high assurance computers for command, control, communications, and intelligence systems. In: Aerospace Computer Security Applications Conf., pp. 331–342 (December 1988)Google Scholar
  33. 33.
    Shvachko, K., Kuang, H., Radia, S., Chansler, R.: The hadoop distributed file system. In: Proc. of the 26th IEEE Symp. on Mass Storage Systems and Technologies (MSST), pp. 1–10 (2010)Google Scholar
  34. 34.
    Stachour, P.D., Thuraisingham, B.: Design of LDV: A multilevel secure relational database management system. IEEE Trans. Knowledge and Data Engineering 2, 190–209 (1990)CrossRefGoogle Scholar
  35. 35.
    Stonebraker, M., Cetintemel, U.: One size fits all: an idea whose time has come and gone. In: Proc. of the Intl. Conf. on Data Engineering, pp. 2–11 (2005)Google Scholar
  36. 36.
    Watson, P.: A multi-level security model for partitioning workflows over federated clouds. In: Proc. of the IEEE Conf. on Cloud Computing Technology and Science (CloudCom), pp. 180–188 (November 2011)Google Scholar
  37. 37.
    Weissman, C.D., Bobrowski, S.: The design of the multitenant internet application development platform. In: Proc. of the 2009 ACM SIGMOD Conf., pp. 889–896 (2009)Google Scholar
  38. 38.
    Wu, R., Ahn, G.-J., Hu, H., Singhal, M.: Information flow control in cloud computing. In: Proc. of the Conf. on Collaborative Computing (CollaborateCom), pp. 1–7 (October 2010)Google Scholar
  39. 39.
    Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An exploration of L2 cache covert channels in virtualized environments. In: Proc. of the ACM Workshop on Cloud Computing Security, pp. 29–40 (2011)Google Scholar
  40. 40.
    Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proc. of the ACM Conf. on Computer and Communications Security, pp. 305–316 (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Thuy D. Nguyen
    • 1
  • Mark Gondree
    • 1
  • Jean Khosalim
    • 1
  • Cynthia Irvine
    • 1
  1. 1.Department of Computer ScienceNaval Postgraduate SchoolMontereyUSA

Personalised recommendations