Research on fully distributed data processing systems

Issued as Quarterly progress reports, nos. 1-11, and Project report, Project no. G-36-64

Towards an Enhanced Protocol for Improving Transactional Support in Interoperable Service Oriented Application-Based (SOA-Based) Systems

When using a shared database for distributed transactions, it is often difficult to connect business processes and softwarecomponents running on disparate platforms into a single transaction. For instance, one platform may add or update data, and thenanother platform later access the changed or added data. This severely limits transactional capabilities across platforms. Thissituation becomes more acute when concurrent transactions with interleaving operations spans across different applications andresources. Addressing this problem in an open, dynamic and distributed environment of web services poses special challenges,and still remains an open issue. Following the broad adoption and use of the standard Web Services Transaction Protocols,requirements have grown for the addition of extended protocols to handle problems that exist within the context of interoperableservice-oriented applications. Most extensions to the current standard WS-Transaction Protocols still lack proper mechanisms forerror-handling, concurrency control, transaction recovery, consolidation of multiple transaction calls into a single call, and securereporting and tracing for suspicious activities. In this research, we will first extend the current standard WS-TransactionFramework, and then propose an enhanced protocol (that can be deployed within the extended framework) to improvetransactional and security support for asynchronous applications in a distributed environment. A hybrid methodology whichincorporates service-oriented engineering and rapid application development will be used to develop a procurement system(which represents an interoperable service-oriented application) that integrates our proposed protocol. We will empiricallyevaluate and compare the performance of the enhanced protocol with other conventional distributed protocols (such as 2PL) interms of QoS parameters (throughput, response time, and resource utilization), availability of the application, databaseconsistency, and effect of locking on latency, among other factors.Keywords: Database, interoperability, security, concurrent transaction, web services, protocol, service-oriente

Multilevel security and concurrency control for distributed computer systems

Multilevel security deals with the problem of controlling the flow of classified information. We present multilevel information flow control mechanisms for distributed systems that allow concurrent accesses to shared data. In a distributed computing environment, the different sites communicate through message passing. Our security mechanisms check the security of information flows caused by computations within individual sites as well as ones caused by communications among the sites. The correct behavior of the security mechanisms cannot be guaranteed if the allowed concurrency is left uncontrolled in the system. We present concurrency control mechanisms for the security mechanisms. In the presence of such concurrency control mechanisms, the consistency of the security data, which the security mechanisms rely upon, is preserved. Finally, we also present schemes to increase the efficiency and the precision of the security mechanisms

Performance study of a COTS Distributed DBMS adapted for multilevel security

Multilevel secure database management system (MLS/DBMS) products no longer enjoy direct commercial-off-the-shelf (COTS) support. Meanwhile, existing users of these MLS/DBMS products continue to rely on them to satisfy their multilevel security requirements. This calls for a new approach to developing MLS/DBMS systems, one that relies on adapting the features of existing COTS database products rather than depending on the traditional custom design products to provide continuing MLS support. We advocate fragmentation as a good basis for implementing multilevel security in the new approach because it is well supported in some current COTS database management systems. We implemented a prototype that utilises the inherent advantages of the distribution scheme in distributed databases for controlling access to single-level fragments; this is achieved by augmenting the distribution module of the host distributed DBMS with MLS code such that the clearance of the user making a request is always compared to the classification of the node containing the fragments referenced; requests to unauthorised nodes are simply dropped. The prototype we implemented was used to instrument a series of experiments to determine the relative performance of the tuple, attribute, and element level fragmentation schemes. Our experiments measured the impact on the front-end and the network when various properties of each scheme, such as the number of tuples, attributes, security levels, and the page size, were varied for a Selection and Join query. We were particularly interested in the relationship between performance degradation and changes in the quantity of these properties. The performance of each scheme was measured in terms of its response time. The response times for the element level fragmentation scheme increased as the numbers of tuples, attributes, security levels, and the page size were increased, more significantly so than when the number of tuples and attributes were increased. The response times for the attribute level fragmentation scheme was the fastest, suggesting that the performance of the attribute level scheme is superior to the tuple and element level fragmentation schemes. In the context of assurance, this research has also shown that the distribution of fragments based on security level is a more natural approach to implementing security in MLS/DBMS systems, because a multilevel database is analogous to a distributed database based on security level. Overall, our study finds that the attribute level fragmentation scheme demonstrates better performance than the tuple and element level schemes. The response times (and hence the performance) of the element level fragmentation scheme exhibited the worst performance degradation compared to the tuple and attribute level schemes