Analysis of Challenges in the Design and Development of Multi-Level Secure Databases

(1)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 4, Issue 2, February 2014)

574

Analysis of Challenges in the Design and Development of

Multi-Level Secure Databases

Pooja Sapra

1

, Suresh Kumar

2

1

Research Scholar, Manav Rachna International University, Faridabad, India

2_{Faculty of Engineering and Technology, Manav Rachna International University, Faridabad, India}

Abstract—Database security mainly deal with the secrecy, integrity and availability of data stored in a database. The common threats to the databases involve Privilege Abuse, Weak Authentication, Weak Audit Trails and Operating System Vulnerabilities. To make the security least compromised; all users are required to follow the rules set up by Database Administrator. These rules are said to be Mandatory Access Control (MAC) based security policies. The Multi-Level secure Databases are implemented by considering these policies. A multilevel secure database provides internal security to the database. The data stored in MLS databases is classified in several levels of sensitivity. A user is allowed to access the data that matches its classification level. The user classification is referred to clearance levels. Therefore, users with different clearance levels access different versions of data. Due to the various issues like Covert channel, Polyinstantiation and lack of security while transmitting the data in distributed databases, it becomes difficult to design and develop the secure databases. Various challenges in front of researchers are Query processing in distributed Multilevel Secure Databases, Deadlock Detection and Resolution and Concurrency control. In this paper we present all these issues and also the techniques which resolve the issues.

Keywords— Multilevel security, Query processing, deadlock detection and recovery, transaction, wait-for-graph, concurrency control

I. INTRODUCTION

Multilevel Security (MLS) [2] allows the information with different classifications to be available with users having different security clearances and authorizations and at the same time disallowing them from accessing information for which they are not cleared or authorized. In mandatory security models, the subjects (users, processes etc.) and objects (data, record etc.) are assigned security levels termed as labels. Label of object is called its classification class (o) and for a subject is called its clearance, clear(s).

Security label consists of two components:

 Hierarchical list of sensitivity levels: Top-secret > secret > confidential > unclassified

 Non-hierarchical set of categories, which represents classes of objects.

MLS imposes the following two restrictions on all data accesses:

 The Simple Security Property(No-Read-Up): A subject is allowed to have read-access to an object if and only if the clearance level of subject dominates the classification level of object.

 The star property(No-Write-Down): A subject is allowed have write-access to an object if and only if the classification level of object dominates the clearance level of subject.

The restrictions given by this model has a drawback of covert channel. Covert channels are the channels through which malicious user can receive any information about the data that is classified beyond the user's clearance.

II. LITERATURE REVIEW

Walid Rjaibi [1] explained various drawbacks of the traditional databases as the requirement of a different database to store data at different levels, different workstations to access the data with different security levels, High cost of IT infrastructure, Inefficient staff etc.

Sandhu R. S. [3] explained the integrated data architecture (the trusted subject architecture), fragmented data architecture (the kernelized architecture), and replicated data architecture (the distributed architecture) for multilevel secure systems. Commercially available relational database products are basically integrated data architectures. The fragmented and replicated architectures offer more security and can be easily constructed by non DBMS vendors. While many different approaches have been pursued in the research community for high-assurance DBMSs, none of the approaches developed to date has been able to meet all of the high-assurance requirements and still provide the level of functionality provided by un-trusted commercial DBMS products.

(2)

International Journal of Emerging Technology and Advanced Engineering

575 N. Dobrinkova [2] describes Bell-LaPadula model as ―it deals with the control of information flow. It is a linear non-discretionary model. This model of protection consists of the following components: A set of subjects, a set of objects, an access control matrix, and several ordered security levels.‖ This model was first published in 1973 and it was a proposal to ―enforcing access control in government and military applications.‖ This model has a set of four access rights: Read-Only, Append, Execute, and Read-Write. These accesses refer to operations with subjects and enforce data security and integrity by imposing the following restrictions: ―reading down: A subject has only read access to objects whose security level is below the subject's current clearance level. This prevents a subject from getting access to information available in security levels higher than its current clearance level. Writing-up: A subject has appended access to objects whose security level is higher than its current clearance level. This prevents a subject from passing information to levels lower than its current level.‖

T. F. Lunt, D.E. Denning, R.R. Schell, M. Heckman, W.R. Shockley [4] proposed SeaView model. The Sea View model was developed by ―SRI International and Gemini Computers in 1985.‖ In this model, several policies where developed in order to enforce mandatory access control (MAC), discretionary access control (DAC) and relational integrity constraints, for multilevel databases. The MAC policy ―controls access to the granularity of an individual data element in a tuple. This means that within a single tuple, each data element representing a different attribute can have a distinct and possibly different access class. This also means that data elements for the same attributes in different tuples can have distinct and possibly different access classes. The access class of an element is indicated by associating an access-class label with each element of a tuple.‖ The DAC are not applied to single attributes in a tuple, in fact DAC are applied to smaller granularity, and is mostly applied to results of queries. DAC ―can be expressed in terms of access modes. A subject can be granted a particular access mode to a discretionary object. The access modes include the following: insert, delete, retrieval, update, reference, null, grant, and give-grant.‖

N. Balon, I. Thabet [5] analyses Biba Model that was developed in 1977 and which was a ―modification of the Bell-LaPadula model, with emphasis on the integrity.‖ This model has two properties, the simple integrity property (SI), and the Integrity property. The SI property indicates that ―a subject may have write access to an object only if the security level of the subject is either higher or equals to the level of the object.

And the Integrity model indicates that a subject has the read-only access to an object O, then it can also have the write access to another object P only if the security level of P is either lower or equals to the level of O.‖ The Biba model overcomes the integrity problem of Bell-LaPadula model, even though its access rights are similar. The Biba model‘s access rights are: Modify, Invoke, Observe, and Execute.

Sushil Jajodia and Ravi Sandhu [6] gave the Entity integrity, Null integrity, Inter-instance integrity and Polyinsantiation integrity that must be satisfied by all the multilevel relations.

Denning D.E. [4] proposed a concept, where security classifications are made at the individual elements of a tuple. Multilevel relations in seaview exist only at logical level. Decomposition of these multilevel relations is necessary for storing. Decomposition was performed by applying both horizontal and vertical fragmentation. When a query is fired by the user, these decomposed relations need to be recovered in order to reflect the correct result.

Jajodia and Sandhu [6] proposed a new algorithm for decomposition and recovery. With this recovery algorithm the exact original instance can be re-produced. The algorithm eliminates the last three problems of seaview algorithm. Here the classification of all the attributes is considered along with the primary key as key of the relation.

Jajodia and Sandhu [7] modified their previous work, here decomposition uses only horizontal fragmentation to break multilevel relations into single-level relations. Since the decomposition does not require any vertical fragmentation, it is possible to reconstruct the multilevel relation from the underlying single-level base relations. This algorithm does not require any (left or natural) joins; only unions performed.

Keefe et al. [8] discussed that different security levels are provided by classification policies which are defined by security constraints. These constraints can be considered as the integrity constraints.

(3)

International Journal of Emerging Technology and Advanced Engineering

576 Ammann et. al.[11] proposed two single-version timestamp ordering (TO) protocols. In their first protocol, a high security level transaction trying to read a low security level object is delayed until all low security level transactions before it in the timestamp order have completed. A modification of this protocol allows the high security level transaction to read the low security level object when it needs, but delays its commit until all the low security level transactions with earlier timestamps have completed. Both the algorithms meet all secrecy and integrity requirements but they are prone to starvation.

Alom et.al. [12] presented an algorithm for detection and resolution of deadlocks in Distributed Databases.

The following are the findings from literature survey:

 MLS database in a distributed environment may be intruded by a malicious user and security can be compromised. The issue becomes a threat, if secure dictionary is hanged by the intruder; thus a mechanism is required to secure the secure dictionary.

 The application of MLS databases in distributed environment, leads to the requirement of paying more attention in areas like concurrency control and deadlock detection and resolution. Although lots of efforts have been made, still they are suffering from Retrieval anomaly, Deadlocks, Covert Channels, Starvation or either of these; thus a mechanism is required to resolve these issues.

III. QUERY PROCESSING IN MULTILEVEL SECURE

DATABASES

In multilevel secure database management systems, some part of the database is accessible at different levels of security [2], depending upon the clearance level of user. To assign the classifications [13], security constraints are used [14]. They assign security levels on the basis of content, context, and time [15]. In this paper, we propose an integrated architecture for distributed query operations and coding of multi-levels for the purpose of providing extra security. There are two basic security issues for providing the security to distributed database: Secure data transmission, Secure data storage and access.

The transmission of information from one site to another is protected through SSL and TLS. However, no sufficient support is present in storing and processing them in secure way, when the data is stored at the backend.

So integration of cryptographic support into MLS/DBMS is considered and for this purpose, the concept of coding and decoding of levels in secure dictionary has been also introduced.

By integrating cryptography to DBMS, some of the major problems of MLS/DBMS may be solved. The overheads [30] that are required for the procedure are calculated and are shown in table 1 and are shown in Figure 1 and 2.

Fig.1. Number of Operations required with Secure Dictionary

Fig.2. Number of Operations required without Secure Dictionary

TABLE I

NUMBER OF SITES VS.OVERHEADS

number of sites

Number of operations

required (with

secure dictionary)

number of operations

required (without

secure dictionary)

OVERHEADS

2 13 7 6

3 17 9 8

5 25 13 12

10 45 23 22

20 85 43 42

30 125 63 62

50 205 103 102

(4)

International Journal of Emerging Technology and Advanced Engineering

577 To conclude in MLS/DDBMS, the storing of classification labels in the records is not enough to prevent top secret data, from reaching an unclassified user; the database system may simply change the label or merge top secret data into a record marked unclassified. To protect changes against the classification labels, the concept of coding and decoding with the help of secure dictionary is presented.

IV. ALGORITHM FOR DEADLOCK DETECTION AND RESOLUTION IN DISTRIBUTED DATABASES

A deadlock is a situation in the system where transactions wait for one another [16] and none of them is able to proceed. Deadlocks are generally depicted with the help of a wait-for graphs [17], which is a directed graph. The graph consists of nodes and edges, where nodes of the graph represent transactions and edges of the graph represent the dependency among transactions. A direct edge from transaction Ti to transaction Tj is drawn, if the

transaction Ti is waiting for a resource that is currently held

by the transaction Tj. If the wait-for-graph contains a cycle

then the system is assumed to be in a deadlock state. After the detection of deadlocks, their recovery is done. For recovery one of the transactions is considered as victim and aborted and then restarted.

In distributed systems, deadlock detection requires the local wait-for-graph and global-wait-for-graph. A cycle in a LWFG indicates that a deadlock has occurred locally. Even though there is no cycle in LWFG, it does not imply that no deadlock has occurred globally.

In the presented algorithm [27], we have modified the Alom et.al. algorithm[12] by relaxing the assumption, ―global deadlock detection is independent of local deadlock detection‖. The algorithm is as follows:

 Create Linear transaction Structure (LTSi) for each local site i.

 Create Distributed Transaction Structure (DTSi) for global communication.

 Detect Local Deadlock cycle LDi.

 Detect Global Deadlock cycle GDi.

 Find common request edge if exists.(CREi)

 Abort the transaction.

 Modify LTSi.

 Modify DTSi.

 Detect Local Deadlock cycle LDi.

 Detect Global Deadlock cycle GDi.

 Create Transaction Queue TQi corresponding to each LDi.

 Create Transaction Queue TQi corresponding to each GDi.

 Abort the victim transaction.

After its implementation, following conclusions can be drawn:

 Global deadlocks depend on local deadlocks.

 The removal of request edge that is common between LD and GDC breaks the local and global deadlock cycles.

The technique may take more time for execution but the process is resumed to normal working by terminating less or equal number of transactions.

V. ALGORITHM FOR DEADLOCK DETECTION AND

RESOLUTION IN MULTILEVEL SECURE DISTRIBUTED

DATABASES

For the detection and recovery of deadlocks in MLS/DDBS the presented algorithm[28] uses the following data structures:

LTSi: local transaction structure for each site i; DTSi: distributed transaction structure;

SLDCi: sensitivity level local deadlock cycle at each site i; SGDCi: sensitivity level global deadlock cycle;

LDi: local deadlock cycle; GDCi: global deadlock cycle; TQi: transaction queue.

Let us consider two sensitivity levels for the transactions: low (l) and high (h), such that l<h. Further the requests can be made by:

1. Low level secure transactions for the objects held by highly secured transactions.

2. Low level secure transactions for the objects held by less secured transactions.

3. High level secure transactions for the objects held by highly secured transactions.

4. High level secure transactions for the objects held by less secured transactions.

In case 1, the transaction with high security level has to be aborted, so as to avoid the covert channel. In cases 2, 3 and 4, the normal execution of algorithm [16] will be carried out.

For finding out the transaction to be aborted, sensitivity level deadlock cycles are generated, at each local site (SLDCi) and global sites (SGDCi) corresponding to distributed transaction structure.

Algorithm deadlock_detection_and_recovery:

(5)

International Journal of Emerging Technology and Advanced Engineering

578 2.Detect Local Deadlock cycle LDi.

3.Create SLDCi.

4.If SLDCi contains an edge (l -> h), then abort the transaction with security level high (h).Otherwise, Create Transaction Queue TQi corresponding to each LDi and Abort the youngest transaction.

5.Create Distributed Transaction Structure (DTSi) for global communication.

6.Detect Global Deadlock cycle GDCi. 7.Create SGDCi.

8.If SGDCi contains an edge (l -> h), then abort the transaction with security level high (h).Otherwise, Create Transaction Queue TQi corresponding to each GDCi and Abort the youngest.

To calculate the complexity, let us take a situation where the total number of sites are S and N the total number of transaction concurrently executing on these sites.

Let N1, N2, N3…….Ns be the total number of transactions at sites S1, S2, S3……..Ss.

Therefore, N1+N2+N3….Ns=N

Let there be four classification levels l1, l2, l3, l4; such that l1<l2<l3<l4.

At any site Si,

Number of transactions with security level l1 = m1

Therefore,

For site S1, m1+m2+m3+m4=N1.

For site S2, m1+m2+m3+m4= N2……….. and so on…

Total number of operations required to detect the deadlock and recover = S + 2LD +S(S-1)(1+3GD)/2

Where, LD is the total number of local deadlock cycles in the Wait-For-graph and GD be the total number of global deadlock cycles.

Number of operations required for:

Step number 1= S,

Step number 2= d1+d2+…+ds= LD, where d1, d2,…..ds are the number of deadlocks cycles at site S1, S2,…..Ss.

Step number 3= LD.

Step number 4= LD

Step number 5= S*(S-1)/2

Step number 6= (G1+G2+……..GS)*S*(S-1)/2 = GD*S*(S-1)/2

Step number 7 = GD*S*(S-1)/2

Step number 8= GD*S*(S-1)/2

Therefore Total Number of Operations= S + 2LD +S*(S-1)*(1+3GD)/2.

As LD and GD depends on the total number of transactions linearly so LD=GD=cN, Where c is any constant.

So, from the calculated result of total number of operations we can conclude that deadlock detection and recovery process has the complexity Ө (NS2_).

VI. TECHNIQUE FOR CONCURRENCY CONTROL IN SECURE

DATABASES

Due to the restrictions on information flow given by Bell-Lapadula model [2], the transaction can‘t be executed concurrently with the same mechanism as with traditional mechanisms. Moreover, the present protocols [18, 19, 20, 21, 22, 23, 24, 25 and 26] leave the high level secure transaction in a waiting state unless the low level secure transaction commits, it is known as starvation. We therefore present a starvation free concurrency control mechanism for multilevel secure databases that does not suffer from covert channel and retrieval anomaly.

The presented algorithm [29] is an effort to achieve the concurrent execution of transactions without leading to starvation. The algorithm is based on multi-version concurrency control protocols. In this algorithm version locks are attached to remove the retrieval anomaly and a logical degradation of locks is considered to reduce the priority of low level transaction and so as to increase the high level transaction‘s priority. This degradation leads to limit the starvation to some extent and also eliminates the covert channel.

DEFINITION 1: The conflict data-items are stored in

c-items. This data structure contains the set of data-items, read by high level secure transaction and a new version of these data-items is written by low level secure transactions.

C-DATA-ITEMS: {READ-SET-DONE (Ti) ∩ WRITE-SET (Ti+1)}

(6)

International Journal of Emerging Technology and Advanced Engineering

579

DEFINITION 2: v-lock denotes the version lock. So when

a data item is to be written, the new version of data item is created. As soon as a new version is created, it is v-locked so that the latest version is available for reading and updation.

DEFINITION 3: Further, the function LDeg is used to

virtually degrade the level of transactions. High level transaction is automatically degraded by one level logically as and when a low level transaction interrupts a high level transaction. The degraded levels are stored in the variable VL, virtual levels. AL, stores the values of actual level and that is equal to the level of transaction.

For instance if AL = high; then VL = low, assuming the fact that high>low.

The algorithm for concurrency control is as follows:

Step 1: initially at t = 0;

c-data-item = null;

v-lock = null;

At time t=0 for transaction Ti: VL(Ti,0)=AL;

Step 2: Repeat until no more transaction in scheduling

queue:

When Ti is executing and Ti+1 comes for execution, following three cases may arise:

(a) L(Ti) < L(Ti+1) (b) L(Ti) = L(Ti+1) (c) L(Ti) > L(Ti+1)

In case of (a) and (b) normal execution will take place, whereas in the third case execution would involve the following steps:

(i) Find c-data-item = read-set-done(Ti) intersection write-set(Ti+1)

(ii) Put v-lock on all items in c-data-item.

(iii) Find the virtual level for all transactions using the function: VL=LDeg(VL) Where, LDeg is a function that degrades the level of transaction logically by one level so as to avoid the starvation.

(iv) Execute the transaction with the lowest value of virtual level, if two transactions have same virtual levels then compare the actual level values and execute the transaction with the highest level of security.

Step 3: While resuming the execution of transaction Ti, if it

has a data item with v-lock then roll back the transaction and execute with latest version of data item. According to the algorithm the retrieval anomaly will be totally eliminated. However, for making the system starvation free, Ldeg function is used.

When the value of virtuallock becomes the unclassified (the lowest security level), it starts executing the corresponding transaction rather than the transaction whose actual lock value is low. In this way, it may introduce some covert channel. So there may be a tradeoff between the covert channels established and starvation.

Let us consider total no. of security levels is ‗n‘, and then an executing transaction will allow maximum ‗n-1‘ more transaction to interrupt it and be executed. Therefore, after the completion of all low level transactions, which is ‗n-1‘ at the maximum, the virtual level of executing transaction will come down to the least security level available. At this moment the covert channel may interfere.

When the covert channels arise in the system, automatically the starvation problem gets eliminated, because the highest level transaction gets the chance to be executed. Although there are low level transactions present in the queue, which are waiting for their execution.

VII. CONCLUSIONS

Adding multilevel security to databases makes the system more complicated and it becomes difficult to resolve the problems like secure query processing, deadlock and concurrency. In this paper we have addressed the various issues in designing of multilevel secure databases. The deadlock detection and resolution and concurrency control in these databases has different requirements as that of the insecure databases. There should be no covert channel and starvation during the coordination of transaction in secure databases. The presented techniques for query processing, deadlock detection and resolution and query processing are the initiatives taken in the direction of developing multilevel secure databases.

REFERENCES

[1] W. Rjaibi, ―An Introuction to Multilevel Secure Relational Database Management Systems‖, Proc. of Center for Advanced Studies on Collaborative Research, 2004, pp. 232-241.

(7)

International Journal of Emerging Technology and Advanced Engineering

580 [3] E. Bertino and R. Sandhu, ―Database Security-Concepts,

Approaches, and Challenges‖, IEEE Transactions on Dependable and Secure Computing, vol. 2, no.1, 2005, , pp. 2-19.

[4] T. F. Lunt, D. E. Denning, R. R. Schell, M. Heckman, W. R. Shockley, ―The SeaView Security Model‖, IEEE Transactions on Software Engineering, vol. 16. no.6, June 1990.

[5] Balon Nathon, Thabet Ishraq, ―The Biba Security Model-Technical Report‖, CIS, 2004.

[6] S. Jajodia and R. S. Sandhu, "Polyinstantiation Integrity in Multilevel Relations‖. Proc. of IEEE Symposium on Security and Privacy, Oakland, California, May 1990, pp. 104-115.

[7] S. Jajodia and R. S. Sandhu, "A Novel Decomposition of Multilevel Relations into Single Level Relations", Proc. of IEEE Symposium on Security & Privacy, Oakland, California, May 1991, pp. 300-313. [8] T. Keefe, B. Thuraisingham and W. Tsai, ―Secure Query Processing

Strategies‖, Computer, vol. 22, no. 3, Mar. 1989, pp. 63-70. [9] N. Kaur, R. Singh, M. Misra, A. K. Sarje, ―Performance Evaluation

of Secure Concurrency Control Algorithm for Multilevel Secure Distributed Database System‖, Proc. of International Conference on Information Technology: Coding and Computing, 2005, pp. 249 – 254.

[10] N. Kaur, R. Singh, M. Misra, A. K. Sarje, ―Concurrency Control for Multilevel Secure Databases‖, International Journal of Network Security, vol.9, no.1, July 2009, pp. 70-81.

[11] P. Amman, S. Jajodia , ―A Timestamp Ordering Algorithm for Secure, Single Version Multilevel Databases‖, DB Security. V: Status & Prospectus, North Holland, 1992, pp. 23-25.

[12] Alom B. M. M., Henskens F., Hannaford M., ―Deadlock Detection Views of Distributed Database‖, Proc. of sixth International Conference on Information Technology: New Generations, pp. 730-737, 2009.

[13] J. He, M. Wang, ―Cryptography and Relational Database Management System‖, Database Engineering and Applications, pp 273-284.

[14] D. E. Denning, S. G. AH, M. Morgenstem, P.G. Neumann, R. R. Schell and M. Heck, ―Views as a Mechanism for Classification in Multilevel Secure Database Management Systems‖, Proc. IEEE Symp. Security and Privacy, Oakland, Calif., 1986.

[15] P. Stachour and B. Thuraisingham, ―Design of LDV-A Multilevel Secure Relational Database Management System‘‘, IEEE Trans. On Knowledge and Data Eng., vol. 2, no. 2, June 1990.

[16] Alkhatib G. and Labban R. S., "Transaction Management in Distributed Database Systems: the Case of Oracle‘s Two-Phase Commit," The Journal of Information Systems Education, vol. 13:2, pp. 95-103, 1995

[17] Farajzadeh N. , Hashemzadeh M. ,Mousakhani M. and Haghighat A. T., "An Efficient Generalized Deadlock Detection and Resolution Algorithm in Distributed Systems," in International Conference on Computer and Information Technology, 2005.

[18] S. Jajodia and V. Atluri, ―Alternative correctness criteria for concurrent execution of transactions in multilevel secure databases," Proceedings of the IEEE Symposium on Security and Privacy, pp. 839-854,Oakland, California, 1992.

[19] S. Jajodia and C. McCollum, ―Using two-phase commit for crash recovery for federated multilevel secure database management systems," Dependable Computing and Fault Tolerant Systems, vol. 8, pp. 365-381, New York, Springer-Verlag, 1993.

[20] J. McDermott and S. Jajodia, ―Orange locking: Channel free database concurrency control via locking," Database Security, VI: Status and Prospects, Database Security, pp. 267-284, 1995. [21] S. Jajodia, L. V. Mancini, and I. Ray, ―Secure locking protocol for

multilevel database management systems," Proceedings of the Annual IFIP WG 11.3 Conference of Database Security, pp. 177-194, 1995.

[22] S. H. Son and R. David, ―Design and analysis of a secure two-phase locking protocol," 18th International Computer Software and Applications Conference(COMPSAC'94), pp. 374-379, IEEE Computer Society Press, 1994.

[23] S. Jajodia and B. Kogan, ―Concurrency control in multilevel secure databases based on a replicated architecture," Proceedings of the llth IEEE Symposium on Security and Privacy, pp. 360-368, Oakland, CA, Apr. 1990.

[24] T. F. Keefe and W. T. Tsai, ―Multiversion concurrency control for multilevel secure database systems," Proceedings of the IEEE Symposium on Security and Privacy, pp. 369-383, Oakland, California, 1990.

[25] T. Keefe, W. Tsai and J. Srivastava, ―Multilevel secure database concurrency control", Proceedings of IEEE International Conference on Data Engineering, pp. 337-344, Feb. 1990.

[26] T. F. Keefe, W. T. Tsai and J. Srivastava, ―Database concurrency control in multilevel secure database management systems", IEEE Transactions on Knowledge and Data Engineering, vol. 5, no. 6, pp. 1039-1055, 1993.

[27] P. Sapra, S. Kumar, R. K. Rathy, ―Detection and Resolution of Deadlocks in Multi-Level Secure Databases‖, International Journal of Engineering and Technology (IJET), vol. 5, no. 3, pp. 3001-3006. [28] P. Sapra, S. Kumar, R. K. Rathy, ―Deadlock Detection and Recovery

in Distributed Databases", International Journal of Computer Applications (IJCA), vol. 73, no. 1, pp. 32-36.

[29] P. Sapra, S. Kumar, R. K. Rathy, ―Development of a Concurrency Control Technique for Multi-Level Secure Databases‖, Proceedings of the First International Conference on Reliability, Optimization and Information Technology‘14, February 2014.