Concurrency, Synchronization, and Scheduling to Support High-assurance Write-up in Multilevel Object-based Computing
We discuss concurrency, synchronization, and scheduling issues that arise with the support of high-assurance RPC-based (synchronous) write-up actions in multilevel object-based environments. Such environments are characterized by objects classified at varying security levels (called classifications) and accessed by subjects with varying security clearances. A write-up action occurs when a low level object sends a message to a higher one, triggering an update in the latter. While such actions do not directly violate the security policy, their abstract nature in object-based systems poses confidentiality leaks by opening up signaling channels. We present an approach to closing such channels by executing the methods in the sender and receiver objects concurrently, whenever a write-up action is issued. However, these concurrent computations have to be synchronized and scheduled so that they preserve the semantics of the original and synchronous (sequential) execution. We utilize a multi-version synchronization scheme and various scheduling strategies to achieve this.
KeywordsSecurity Policy Security Level Signaling Channel Serial Correctness Aggressive Scheme
Unable to display preview. Download preview PDF.
- D.E. Bell and L.J. LaPadula. Secure computer systems: Unified Exposition and Multics Interpretation. EDS-TR-75–306, The MITRE Corp., Bedford, MA., March 1976.Google Scholar
- E.H. Bensley and T.J. Brando and M.J. Prelle. An execution model for distributed object-oriented computation. Proc. of the ACM OOPSLA conference, pp. 316–322, September, 1988.Google Scholar
- S. Jajodia and B. Kogan. Integrating an object-oriented data model with multi-level security. Proc. of the 1990 IEEE Symposium on Security and Privacy, pp. 76–85, May 1990.Google Scholar
- B. Maimone and R. Allen. Methods for resolving the security vs. integrity conflict. In Proc. of the fourth RADC Database Security Workshop, Little Compton, Rhode Island, April 1991.Google Scholar
- R.S. Sandhu, R. Thomas, and S. Jajodia. Supporting timing-channel free computations in multilevel secure object-oriented databases. Proc. of the IFIP 11.3 Workshop on Database Security, Sheperdstown, West Virginia, November 1991.Google Scholar
- R.K. Thomas and R.S. Sandhu. Implementing the message filter object-oriented security model without trusted subjects. Proc. of the IFIP 11.3 Workshop on Database Security, Vancouver, Canada, August 1992.Google Scholar