Skip to main content
SpringerLink
Log in

Secure Transaction Processing

  • Living reference work entry
  • First Online:
Encyclopedia of Database Systems

  • 37 Accesses

Synonyms

Cloud Computing; Database Security; Data Confidentiality; Privacy; Multilevel Secure Database Management System; Transaction Processing

Definition

Secure transaction processing refers to execution of transactions that cannot be exploited to cause security breaches.

Historical Background

Research in making transaction processing secure has progressed along different directions. Early research in this area was geared toward military applications. Such applications are characterized by having a set of security levels which are partially ordered using the dominance relation. Information is transmitted through read and write operations on data items belonging to the various levels. Information is allowed to flow from a dominated level to a dominating level but all other flows are illegal. Traditional concurrency control and recovery algorithms cause illegal information flow. Most research in this area involved providing new architectures, concurrency control, and recovery...

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Recommended Reading

  1. Ahmed Q, Vrbsky S. Maintaining security in firm real-time database systems. In: Proceedings of the fourteenth annual computer security applications conference; 1998.

    Book  Google Scholar 

  2. Ammann P, Jaeckle F, Jajodia S. A two-snapshot algorithm for concurrency control in secure multi-level databases. In: Proceedings of the IEEE symposium on security and privacy. Oakland; 1992. p. 204–15.

    Google Scholar 

  3. Ammann P, Jajodia S. Distributed timestamp generation in planar lattice networks. ACM Trans Comput Syst. 1993;11(3):205–25.

    Article  Google Scholar 

  4. Ammann P, Jajodia S. An efficient multiversion algorithm for secure servicing of transaction reads. In: Proceedings of the 1st ACM conference on computer and communication security. Fairfax; 1994. p. 118–25.

    Google Scholar 

  5. Ammann P, Jajodia S, Frankl P. Globally consistent event ordering in one-directional distributed environments. IEEE Trans Parallel Distrib Syst. 1996;7(6):665–70.

    Article  Google Scholar 

  6. Ammann P, Jajodia S, Liu P. Recovery from malicious transactions. IEEE Trans Knowl Data Eng. 2002;14:1167–85.

    Article  Google Scholar 

  7. Ammann P, Jajodia S, McCollum C, Blaustein B. Surviving information warfare attacks on databases. In: Proceedings of 1997 IEEE symposium on security and privacy. Oakland; 1997.

    Google Scholar 

  8. Atluri V, Bertino E, Jajodia S. Degrees of isolation, concurrency control protocols, and commit protocols. In: Proceedings of the IFIP WG11.3 working conference on database security, Rensselaerville; 1995. p. 259–74.

    Google Scholar 

  9. Atluri V, Huang W-K. Enforcing mandatory and discretionary security in workflow management systems. J Comput Secur. 1997;5(4):303–40.

    Article  Google Scholar 

  10. Atluri V, Huang W-K, Bertino E. A semantic-based execution model for multilevel secure workflows. J Comput Secur. 2000;8(1):3–42.

    Article  Google Scholar 

  11. Atluri V, Jajodia S, Keefe TF, McCollum C, Mukkamala R. Multilevel secure transaction processing: status and prospects. In: Proceedings of the tenth IFIP WG11.3 working conference on database security. Como; 1996.

    Google Scholar 

  12. Bell DE, LaPadula LJ. Secure computer system: unified exposition and multics interpretation. Technical Report MTR-2997, MITRE Corporation, Bedford; 1975.

    Google Scholar 

  13. Biswas D, Vidyasankar K. Secure cloud transactions. Comput Syst Sci Eng. 2013;28(6):439–48.

    Google Scholar 

  14. Blaustein BT, Jajodia S, McCollum CD, Notargiacomo L. A model of atomicity for multilevel transactions. In: Proceedings of the IEEE symposium on research in security and Privacy. Oakland; 1993. p. 120–34.

    Google Scholar 

  15. Costich O. Transaction processing using an untrusted scheduler in a multilevel database with replicated architecture. In: Proceedings of the IFIP WG11.3 working conference on database security. Vancouver; 1992. p. 173–90.

    Google Scholar 

  16. Curino C, Jones EPC, Popa RA, Malviya N, Wu E, Madden S, Balakrishnan H, Zeldovich N. Relational cloud: a database service for the cloud. In: Proceedings of the fifth biennial conference on innovative data systems research. Asilomar; 2011. p. 235–40.

    Google Scholar 

  17. George B, Haritsa JR. Secure concurrency control in firm real-time databases. Distrib Parallel Databases. 1997;5:275–320.

    Google Scholar 

  18. Iskander MK, Wilkinson DW, Lee AJ, Chrysanthis PK. Enforcing policy and data consistency of cloud transactions. In: Proceedings of the thirty first international conference on distributed computing systems workshops. Minneapolis; 2011. p. 253–62. IEEE.

    Google Scholar 

  19. Jajodia S, Atluri V. Alternative correctness criteria for concurrent execution of transactions in multilevel secure databases. In: Proceedings of the IEEE symposium on security and privacy. Oakland; 1992. p. 216–24.

    Google Scholar 

  20. Jajodia S, Kogan B. Integrating an object-oriented data model with multilevel security. In: Proceedings of the IEEE symposium on security and privacy. Oakland; 1990. p. 76–85.

    Google Scholar 

  21. Kang IE, Keefe TF. Transaction management for multilevel secure replicated databases. J Comput Secur. 1995;3:115–45.

    Article  Google Scholar 

  22. Kang K, Son SH, Stankovic J. STAR: secure real-time transaction processing with timeliness guarantees. In: Proceedings of the twenty third IEEE real-time systems symposium, Austin; 2002.

    Google Scholar 

  23. Keefe TF, Tsai WT. Multiversion concurrency control for multilevel secure databases. In: Proceedings of the IEEE symposium on security and privacy. Oakland; 1990. p. 369–83

    Google Scholar 

  24. Lala C, Panda B. Evaluating damage from cyber attacks: a model and analysis. IEEE Trans Syst Man Cybern Part A. 2001;31(4):300–10.

    Article  Google Scholar 

  25. Lamport L. Concurrent reading and writing. Commun ACM. 1977;20(11):806–11.

    Article  MathSciNet  MATH  Google Scholar 

  26. Liu P, Hao X. Efficient damage assessment and repair in resilient distributed database systems. In: Proceedings of the fifteenth IFIP WG11.3 working conference on data and application security. Niagara; 2001. p. 75–89.

    Google Scholar 

  27. Liu P, Jajodia S. Multi-phase damage confinement in database systems for intrusion tolerance. In: Proceedings of 14th IEEE computer security foundations workshop. Cape Breton; 2001.

    Google Scholar 

  28. Maimone WT, Greenberg IB. Single-level multiversion schedulers for multilevel secure database systems. In: Proceedings of the sixth annual computer security applications conference. Tucson; 1990. p. 137–47.

    Google Scholar 

  29. McDermott J, Jajodia S, Sandhu R. A single-level scheduler for replicated architecture for multilevel secure databases. In: Proceedings of the seventh annual computer security applications conference. San Antonio; 1991. p. 2–11.

    Google Scholar 

  30. OASIS. Web services security: SOAP message security, 2; 2006.

    Google Scholar 

  31. OASIS.WS-SecureConversation, 3; 2007.

    Google Scholar 

  32. OASIS.Web services atomic transaction, 2; 2009.

    Google Scholar 

  33. OASIS. WS-Trust, 4; 2012.

    Google Scholar 

  34. Pal S. A locking protocol for multilevel secure databases providing support for long transactions. In: Proceedings of the tenth IFIP WG11.3 working conference on database security. Como; 1996. p. 183–98.

    Google Scholar 

  35. Panda B, Giordano J. Reconstructing the database after electronic attacks. In: Proceedings of the twelfth IFIP WG11.3 international working conference on database security. Chalkidiki; 1998.

    Google Scholar 

  36. Panda B, Haque KA. Extended data dependency approach: a robust way of rebuilding database. In: Proceedings of the 2002 ACM symposium on applied computing. Madrid; 2002.

    Google Scholar 

  37. Park C, Park S, Son SH. Multiversion locking protocol with freezing for secure real-time database systems. IEEE Trans Knowl Data Eng. 2002;14(5):1141–54.

    Article  Google Scholar 

  38. Popa RA, Redfield C, Zeldovich N, Balakrishnan H. Cryptdb: protecting confidentiality with encrypted query processing. In: Proceedings of the twenty-third ACM symposium on operating systems principles. Cascais; 2011. p. 85–100. ACM

    Google Scholar 

  39. Ray I, Ammann P, Jajodia S. A semantic-based model for multi-level transactions. J Comput Secur. 1998;6:181–217.

    Article  Google Scholar 

  40. Ray I, Bertino E, Jajodia S, Mancini L. An advanced commit protocol for MLS distributed database systems. In: Proceedings of the third ACM conference on computer and communications security. New Delhi; 1996. p. 119–28.

    Google Scholar 

  41. Ray I, McConnell RM, Lunacek M, Kumar V. Reducing damage assessment latency in survivable databases. In: Proceedings of the twenty first British national conference on databases. Edinburgh; 2004.

    Book  Google Scholar 

  42. Reed DP, Kanodia RK. Synchronizations with event counts and sequencers. Commun ACM. 1979;22(5):115–23.

    Article  MATH  Google Scholar 

  43. Schaefer M. Quasi-synchronization of readers and writers in a multi-level environment. Technical Report TM-5407/003, System Development Corporation; 1974.

    Google Scholar 

  44. Smith KP, Blaustein BT, Jajodia S, Notargiacomo L. Correctness criteria for multilevel secure transactions. IEEE Trans Knowl Data Eng. 1996;8(1):32.

    Article  Google Scholar 

  45. Son SH, Mukkamala R, David R. Integrating security and real-time requirements using covert channel capacity. IEEE Trans Knowl Data Eng. 2000;12(6):865–79.

    Article  Google Scholar 

  46. Tan CC, Liu Q, Wu J. Secure locking for untrusted clouds. In: Proceedings of the IEEE international conference on cloud computing. Washington, DC; 2011. p. 131–8. IEEE.

    Google Scholar 

  47. Williams P, Sion R, Shasha D. The blind stone tablet: outsourcing durability to untrusted parties. In: Proceedings of the network distributed system security symposium. San Diego; 2009. Citeseer.

    Google Scholar 

  48. Wu J. Distributed system design. Boca Raton: CRC Press; 1998.

    Google Scholar 

  49. Yu M, Liu P, Zang W. Multi-version attack recovery for workflow systems. In: Proceedings of the nineteenth annual computer security applications conference. Las Vegas; 2003. p. 142–51

    Google Scholar 

  50. Zhu Y, Xin T, Ray I. Recovering from malicious attacks in workflow systems. In: Proceedings of the sixteenth international conference on database and expert systems. Copenhagen; 2005.

    Book  Google Scholar 

  51. Zuo Y, Panda B. Damage discovery in distributed database systems. In: Proceedings of the eighteenth IFIP WG11.3 working conference on data and applications security. Barcelona; 2004.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Colorado State University, Fort Collins, CO, USA

    Indrakshi Ray & Thilina Buddhika

Authors
  1. Indrakshi Ray
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thilina Buddhika
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Indrakshi Ray .

Editor information

Editors and Affiliations

  1. Georgia Institute of Technology College of Computing, Atlanta, Georgia, USA

    Ling Liu

  2. University of Waterloo School of Computer Science, Waterloo, Ontario, Canada

    M. Tamer Özsu

Section Editor information

  1. DiSTA, University of Insubria, Via Mazzini, 5, 21100, Varese, Italy

    Elena Ferrari

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer Science+Business Media LLC

About this entry

Cite this entry

Ray, I., Buddhika, T. (2017). Secure Transaction Processing. In: Liu, L., Özsu, M. (eds) Encyclopedia of Database Systems. Springer, New York, NY. https://doi.org/10.1007/978-1-4899-7993-3_331-3

Download citation

  • DOI: https://doi.org/10.1007/978-1-4899-7993-3_331-3

  • Received:

  • Accepted:

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4899-7993-3

  • Online ISBN: 978-1-4899-7993-3

  • eBook Packages: Springer Reference Computer SciencesReference Module Computer Science and Engineering

Publish with us

Policies and ethics

Search

Navigation