Transactional Correctness for Secure Nested Transactions

Duggan, Dominic; Wu, Ye

doi:10.1007/978-3-642-30065-3_11

Cited by 4 publications

(3 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In related work [5], we have developed a "global" version of this semantics, where all logs are at "top-level." This semantics is greatly simplified by avoiding the need for logical constraints on reaction rules in the semantics.…”

Section: Discussionmentioning

confidence: 99%

Security correctness for secure nested transactions

Duggan

2012

Proceedings of the 7th Workshop on Programming Languages and Analysis for Security

Self Cite

View full text Add to dashboard Cite

This article considers the synthesis of two long-standing lines of research in computer security: security correctness for multilevel databases, and language-based security. The motivation is an approach to supporting end-to-end security for a wide class of enterprise applications, those of concurrent transactional applications. The approach extends nested transactions with retroactive abort, a new form of semantics for transactional execution, motivated by security concerns. A semantics is given in terms of a local constrained labelled transition system, the Tau One calculus. This allows a noninterference result to be verified based on adapting results on observational equivalence from concurrency theory.

show abstract

Section: Discussionmentioning

confidence: 99%

Security correctness for secure nested transactions

Duggan

2012

Proceedings of the 7th Workshop on Programming Languages and Analysis for Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…Although our implementation is conservative and would not allow such a thing, the theory behind SC could allow a later stage with less trustworthy participants to hold up earlier, precommitted stages indefinitely. Duggan and Wu [16] observe that aborts in highsecurity subtransactions can leak information to low-security parent transactions. Their model of a single, centralized multilevel secure database with strictly ordered security levels is more restrictive than our distributed model and security lattice.…”

Section: Related Workmentioning

confidence: 99%

Safe Serializable Secure Scheduling

Sheff

Magrino

Liu

et al. 2016

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Modern applications often operate on data in multiple administrative domains. In this federated setting, participants may not fully trust each other. These distributed applications use transactions as a core mechanism for ensuring reliability and consistency with persistent data. However, the coordination mechanisms needed for transactions can both leak confidential information and allow unauthorized influence. By implementing a simple attack, we show these side channels can be exploited. However, our focus is on preventing such attacks. We explore secure scheduling of atomic, serializable transactions in a federated setting. While we prove that no protocol can guarantee security and liveness in all settings, we establish conditions for sets of transactions that can safely complete under secure scheduling. Based on these conditions, we introduce staged commit, a secure scheduling protocol for federated transactions. This protocol avoids insecure information channels by dividing transactions into distinct stages. We implement a compiler that statically checks code to ensure it meets our conditions, and a system that schedules these transactions using the staged commit protocol. Experiments on this implementation demonstrate that realistic federated transactions can be scheduled securely, atomically, and efficiently.

show abstract

“…Although our implementation is conservative and would not allow such a thing, the theory behind SC could allow a later stage with less trustworthy participants to hold up earlier, precommitted stages indefinitely. Duggan and Wu [19] observe that aborts in high-security subtransactions can leak information to low-security parent transactions. Their model of a single, centralized multilevel secure database with strictly ordered security levels is more restrictive than our distributed model and security lattice.…”

Section: Related Workmentioning

confidence: 99%

Safe Serializable Secure Scheduling: Transactions and the Trade-off Between Security and Consistency

Sheff¹,

Magrino²,

Liu³

et al. 2016

Preprint

View full text Add to dashboard Cite

Modern applications often operate on data in multiple administrative domains. In this federated setting, participants may not fully trust each other. These distributed applications use transactions as a core mechanism for ensuring reliability and consistency with persistent data. However, the coordination mechanisms needed for transactions can both leak confidential information and allow unauthorized influence.By implementing a simple attack, we show these side channels can be exploited. However, our focus is on preventing such attacks. We explore secure scheduling of atomic, serializable transactions in a federated setting. While we prove that no protocol can guarantee security and liveness in all settings, we establish conditions for sets of transactions that can safely complete under secure scheduling. Based on these conditions, we introduce staged commit, a secure scheduling protocol for federated transactions. This protocol avoids insecure information channels by dividing transactions into distinct stages. We implement a compiler that statically checks code to ensure it meets our conditions, and a system that schedules these transactions using the staged commit protocol. Experiments on this implementation demonstrate that realistic federated transactions can be scheduled securely, atomically, and efficiently.

show abstract

Transactional Correctness for Secure Nested Transactions

Cited by 4 publications

References 14 publications

Security correctness for secure nested transactions

Security correctness for secure nested transactions

Safe Serializable Secure Scheduling

Safe Serializable Secure Scheduling: Transactions and the Trade-off Between Security and Consistency

Contact Info

Product

Resources

About