CAREER: Supporting Workflow, Long Duration and Nested Transaction Models in a Multilevel Secure Database Environment
Principal Investigator: Vijay Atluri
Project Summary
Motivated by the need for releasing the rigidity, traditional
transaction models have been extended in various directions. The
goals of this project are (1) to investigate how multilevel
security constraints impact transaction processing in advanced
database applications, and (2) to investigate how the properties
of the advanced transactions models can be utilized to solve the
secure concurrency control problems in traditional databases.
For the purpose of our work, we have categorized extensions to
transaction models as nested transaction models, workflow and
extended transaction models and long duration transactions. In
the process of meeting our first goal, we develop {\em multilevel
secure workflow} and {\em multilevel secure long duration}
transaction models. Pertaining to the second goal of this
research, we examine whether advanced transaction models, in
particular, nested transaction models can be more suitable for
multilevel secure (MLS) database management systems (DBMSs) than
the traditional transaction model and develop the necessary
extensions to the nested model required by MLS DBMSs. The
results of this project enable incorporating multilevel security
in advanced database applications such as engineering design and
long running activities, and provide efficient secure transaction
processing protocols for conventional database applications.
The education plan includes development of three new courses at
the undergraduate and graduate level and student involvement in
the proposed research.
Publications
V. Atluri, W-K. Huang and E. Bertino, ``A Semantic Based
Execution Model for Multilevel Secure Workflows,'' submitted for
publication.
E. Bertino, E. Ferrari and V. Atluri, ``An Approach for the
Specification and Enforcement of Authorization Constraints
in Workflow Management Systems,'' ACM Transactions on
Information
Systems Security,
accepted for publication,
to appear in February 1999.
V. Atluri, W-K. Huang and E. Bertino, ``A Semantic Based
Redesigning of
Distributed Workflows,'' 9th International Conference on
Management of Data,
December 1998.
V. Atluri and W-K. Huang, ``A Petri Net Based Safety
Analysis
of Workflow Authorization Models,'' submitted for publication.
W-K. Huang and V. Atluri, ``Analyzing the Safety of
Workflow Authorization Models,''
12th IFIP Working Conference on Database Security, July
1998.
N.R. Adam, V. Atluri and W-K. Huang,
``Modeling and Analysis of Workflows Using Petri Nets,''
Journal of Intelligent Information Systems, Special Issue
on Workflow and Process Management,
Volume 10, Number 2, March 1998. [ Postscript version ]
V. Atluri and W-K. Huang, ``Enforcing Mandatory
and Discretionary Security in Workflow Management
Systems,''
Journal of Computer
Security,, Vol. 5, No. 4, 1997, pages 303-339.
E. Bertino, E. Ferrari and V. Atluri,
``A Flexible Model for the Specification and Enforcement of
Authorizations in Workflow Management Systems,''
2nd ACM Workshop on Role-based Access Control,
November 1997. [ Postscript version ]
V. Atluri, W-K. Huang and E. Bertino,
``An Execution Model for Multilevel Secure Workflows''
11th IFIP Working Conference on Database Security,
August 1997. [ Postscript version ]
V. Atluri and W-K. Huang, ``An Authorization
Model for Workflows,'' Proceedings of the Fifth European Symposium
on Research in Computer Security, Rome, Italy, and Lecture
Notes in Computer Science, No.1146, Springer-Verlag, September,
96, pages 44-64. [ Postscript version ]
V. Atluri and W-K. Huang, ``An Extended Petri
Net Model for Supporting Workflows in
a Multilevel Secure Environment,''
Proc. of the 10th IFIP WG 11.3 Working conference on Database Security,
July 1996, pages 199-216. [ Postscript version ]
V. Atluri, ``Multilevel Secure Transaction Processing
in Advanced Database Applications,'' invited position paper,
10th IFIP Working Conference on Database Security.
V. Atluri, S. Jajodia, and E. Bertino,
``Transaction Processing in Multilevel Secure Databases using Kernelized
Architecture: Challenges and Solutions,''
IEEE Transactions on Knowledge and Data Engineering,
Vol. 9, No. 5, 1997.
V. Atluri, S. Jajodia, T. F. Keefe, C. McCollum, and R. Mukkamala, ``Multilevel Secure Transaction
Processing: Status and Prospects, position paper, Database
Security, X: Status and Prospects, Chapman & Hall 1997, eds.
Pierangela Samarati and Ravi Sandhu. [
Postscript version ]