In the viewpoint of concurrency control for multi-level secure database system, it is crucial to eliminate the covert timing channel. This is due to the fact that a higher level transaction may sends the sensitive information to a lower level transaction, with violation of security policy, through the covert timing channel by modulating data conflicts on the shared objects.
In this thesis, in order to eliminate the covert timing channel, we propose a simple and efficient secure concurrency control method that is adopting Read-Down/No-Write-Up model. For the reasons of enhancing concurrency and availability of the higher level transactions, our method is based on the philosophy of non-interference which needs multiple versions of a conflicting object since the transactions of different clearances are executed to access different versions independently. Unlike the previous approaches in which lots of multiple versions are needed to obey philosophy of non-reference, the proposed method uses only two versions for concurrency control so that storage overhead is diminished. One version is used for Read-Down operation, and the other is used for concurrency control on the same clearance level. This method ensures serializability on basis of timestamp orderering and enforces secrecy by eliminating the covert timing channel. This method also avoids deadlock as well as starvation.
Also in this thesis, we present performance evaluation using simulation of this method with two representative methods for multi-level secure concurrency control.