Abstract
Secure nested transactions have been introduced as a synthesis of two long-standing lines of research in computer security: security correctness for multilevel databases, and language-based security. The motivation is to consider information flow control for certain classes of concurrent applications. This article describes a noninterference result for secure nested transactions, based on observational equivalence. A semantics for secure nested transactions is provided based on an extension of the pi-calculus with nested transactions, the \(\mathbf {Tau}_{\mathbf {One}}\) calculus. A novelty of this semantics is a constrained labelled transition system, where local transition rules place logical constraints on the global state of the transactional context. This context is described by a notion of logs, an abstraction for factoring transactional state out of the usual description of concurrent processes. An advantage of this approach is that it allows the consideration of security properties such as noninterference independently of transactional properties such as serializability.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Even if lock-based concurrency control is replaced by some other notion, such as optimistic concurrency control, we will still require messages from low to high processes to be handled in a special, linear fashion. Therefore we will still need a construct similar to these messages, whether we call them locks or something else.
References
Piazza, C., Bossi, A., Rossi, S.: Compositional information flow security for concurrent programs. J. Comput. Secur. 15(3), 373–416 (2007)
Atluri, V., Jajodia, S., George, B.: Multilevel Secure Transaction Processing. Kluwer Academic, Boston (1999)
Bertino, E., Catania, B., Ferrari, E.: A nested transaction model for multilevel secure database management systems. ACM Trans. Inf. Syst. Secur. 4, 321–370 (2001)
Boudol, G., Castellani, I.: Noninterference for concurrent programs and thread systems. Theor. Comput. Sci. 281(1–2), 109–130 (2002)
Crafa, S., Rossi, S.: A theory of noninterference for the \(\pi \)-calculus. In: De Nicola, R., Sangiorgi, D. (eds.) TGC 2005. LNCS, vol. 3705, pp. 2–18. Springer, Heidelberg (2005)
Denning, D.E., Denning, P.J.: Certifications of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)
Duggan, D., Wu, Y.: Transactional correctness for secure nested transactions. In: Bruni, R., Sassone, V. (eds.) TGC 2011. LNCS, vol. 7173, pp. 179–196. Springer, Heidelberg (2012)
Duggan, D., Wu, Y.: Security correctness for secure nested transactions. Technical Report 2013–4, Stevens Institute of Technology. http://www.jeddak.org/Results/Stevens-CS-TR-2013-4.pdf (2013)
Focardi, R., Gorrieri, R.: Classification of security properties (part i: information flow). In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 331–396. Springer, Heidelberg (2001)
Focardi, R., Rossi, S.: Information flow security in dynamic contexts. In: Computer Security Foundations Workshop, pp. 307–319. IEEE Press (2002)
Hennessy, M.: The security picalculus and non-interference. J. Logic Algebraic Program. 63, 3–34 (2004)
Hennessy, M., Riely, J.: Information flow vs resource access in the asynchronous pi-calculus. TOPLAS 24(5), 566–591 (2002)
Honda, K., Vasconcelos, V.T., Yoshida, N.: Secure information flow as typed process behaviour. In: Smolka, G. (ed.) ESOP 2000. LNCS, vol. 1782, pp. 180–199. Springer, Heidelberg (2000)
Honda, K., Yoshida, N.: A uniform type structure for secure information flow. In: POPL, pp. 81–92. ACM (2002)
Kobayashi, N.: Type-based information flow analysis for the pi-calculus. Acta Inf. (2003)
Moss, E.B.: Nested transactions: an approach to reliable distributed computing. Ph.D. thesis, Massachusetts Institute of Technology, Cambridge, MA, USA (1981)
Pottier, F.: A simple view of type-secure information flow in the pi-calculus. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop, pp. 320–330 (2002)
Ryan, P.Y.A., Schneider, S.A.: Process algebra and non-interference. In: CSFW ’99: Proceedings of the 12th IEEE Workshop on Computer Security Foundations, p. 214. IEEE Computer Society, Washington, DC (1999)
Sabelfeld, A.: Semantic models for the security of sequential and concurrent programs. Ph.D. thesis, Chalmers University of Technology and Gothenburg University, Gothenburg, Sweden, May 2001
Sabelfeld, A., Mantel, H.: Static confidentiality enforcement for distributed programs. In: Hermenegildo, M., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 376–394. Springer, Heidelberg (2002)
Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5–19 (2003)
Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: Proceedings of ACM Symposium on Principles of Programming Languages, pp. 19–21 (1998)
Stefan, D., Russo, A., Buiras, P., Levy, A., Mitchell, J.C., Mazières, D.: Addressing covert termination and timing channels in concurrent information flow systems. In: Proceedings of ACM International Conference on Functional Programming. Association for Computing Machinery (2012)
Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. J. Comput. Secur. 4(3), 167–187 (1996)
Zdancewic, S., Myers, A.C.: Observational determinism for concurrent program security. In: Proceedings of the 16th IEEE Computer Security Foundations Workshop, pp. 29–43 (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Duggan, D., Wu, Y. (2014). Security Correctness for Secure Nested Transactions. In: Abadi, M., Lluch Lafuente, A. (eds) Trustworthy Global Computing. TGC 2013. Lecture Notes in Computer Science(), vol 8358. Springer, Cham. https://doi.org/10.1007/978-3-319-05119-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-05119-2_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-05118-5
Online ISBN: 978-3-319-05119-2
eBook Packages: Computer ScienceComputer Science (R0)