{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T11:05:48Z","timestamp":1777806348706,"version":"3.51.4"},"reference-count":26,"publisher":"SAGE Publications","issue":"3","license":[{"start":{"date-parts":[[1998,7,1]],"date-time":"1998-07-01T00:00:00Z","timestamp":899251200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[1998,7,1]]},"abstract":"Multilevel transactions have been proposed for multilevel secure databases; in contrast to most proposals, such transactions allow users to read and write across multiple security levels. The security requirement that no high level operation influence a low level operation often conflicts with the atomicity requirement of the standard transaction processing model. In particular, others have shown that no concurrency control algorithm based on the standard transaction processing model can guarantee both atomicity and security. This conflict motivates us to propose an alternative semantic-based transaction processing model for multilevel transactions. Our model uses the semantics of the application to analyze an application and reason about its behavior. Our notion of correctness is based on semantic correctness instead of serializability as in the standard transaction processing model. Semantic correctness ensures that database consistency is maintained, transactions output consistent data, and all partially executed transactions complete. We show how an example application can be analyzed to assure semantic correctness and how this analysis can be automated. We also propose a simple timestamp-based multiversion concurrency control algorithm for transaction processing on a kernelized architecture. The advantages of our model over the standard transaction processing model are that atomicity can be assessed, and for some applications ensured via off line analysis, more concurrency is achieved, lesser synchronization between security levels is required, and a larger class of multilevel transactions can be processed.<\/jats:p>","DOI":"10.3233\/jcs-980108","type":"journal-article","created":{"date-parts":[[2016,5,18]],"date-time":"2016-05-18T03:24:22Z","timestamp":1463541862000},"page":"181-217","source":"Crossref","is-referenced-by-count":6,"title":["A semantic-based transaction processing model for multilevel transactions"],"prefix":"10.1177","volume":"6","author":[{"given":"Indrakshi","family":"Ray","sequence":"first","affiliation":[{"name":"Information & Software Engineering Department, George Mason University, Fairfax, VA\u00a022030, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Paul","family":"Ammann","sequence":"additional","affiliation":[{"name":"Information & Software Engineering Department, George Mason University, Fairfax, VA\u00a022030, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sushil","family":"Jajodia","sequence":"additional","affiliation":[{"name":"Information & Software Engineering Department, George Mason University, Fairfax, VA\u00a022030, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","published-online":{"date-parts":[[1998,7,1]]},"reference":[{"key":"ref001","doi-asserted-by":"publisher","DOI":"10.1145\/155271.155276"},{"key":"ref002","doi-asserted-by":"publisher","DOI":"10.1109\/32.210305"},{"key":"ref003","unstructured":"P.\u00a0Ammann, S.\u00a0Jajodia and I.\u00a0Ray, Using formal methods to reason about semantics-based decomposition of transactions, in: Proceedings of the International Conference on Very Large Databases, Zurich, Switzerland, September 1995, pp.\u00a0218\u2013227."},{"key":"ref004","doi-asserted-by":"crossref","unstructured":"P.\u00a0Ammann, S.\u00a0Jajodia and I.\u00a0Ray, Ensuring atomicity of multilevel transactions, in: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 1996, pp.\u00a074\u201384.","DOI":"10.1109\/SECPRI.1996.502671"},{"key":"ref005","doi-asserted-by":"publisher","DOI":"10.1145\/249978.249981"},{"key":"ref006","unstructured":"P.A.\u00a0Bernstein, V.\u00a0Hadzilacos and N.\u00a0Goodman, Concurrency Control and Recovery in Database Systems, Addison-Wesley, Reading, MA, 1987."},{"key":"ref007","doi-asserted-by":"crossref","unstructured":"B.T.\u00a0Blaustein, S.\u00a0Jajodia, C.D.\u00a0McCollum and L.\u00a0Notargiacomo, A model of atomicity for multilevel transactions, in: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1993, pp.\u00a0120\u2013134.","DOI":"10.1109\/RISP.1993.287637"},{"key":"ref008","doi-asserted-by":"crossref","unstructured":"D.E.\u00a0Bell and L.J.\u00a0LaPadula, Secure computer system: Unified exposition and multics interpretation, Technical Report MTR-2997, The MITRE Corporation, Bedford, MA, July 1975.","DOI":"10.21236\/ADA023588"},{"key":"ref009","doi-asserted-by":"publisher","DOI":"10.1007\/BF00122147"},{"key":"ref010","doi-asserted-by":"crossref","unstructured":"E.M.\u00a0Clarke, O.\u00a0Grumberg and D.\u00a0Long, Verification tools for finite-state concurrent systems, in: A Decade of Concurrency \u2013 Reflections and Perspectives, Lecture Notes in Computer Science, Vol.\u00a0803, Springer Verlag, Berlin, 1994.","DOI":"10.1007\/3-540-58043-3_19"},{"key":"ref011","doi-asserted-by":"crossref","unstructured":"O.\u00a0Costich and S.\u00a0Jajodia, Maintaining multilevel transaction atomicity in multilevel secure database systems with kernelized architecture, in: Database Security VI: Status and Prospects, B.M.\u00a0Thuraisingham and C.E.\u00a0Landwehr, eds, North-Holland, Amsterdam, 1993, pp.\u00a0249\u2013265.","DOI":"10.21236\/ADA465420"},{"key":"ref012","doi-asserted-by":"crossref","unstructured":"O.\u00a0Costich and J.\u00a0McDermott, A multilevel transaction problem for multilevel secure database system and its solution for the replicated architecture, in: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1992, pp.\u00a0192\u2013203.","DOI":"10.1109\/RISP.1992.213261"},{"key":"ref013","doi-asserted-by":"publisher","DOI":"10.1145\/76902.76905"},{"key":"ref014","doi-asserted-by":"publisher","DOI":"10.1145\/319983.319985"},{"key":"ref015","doi-asserted-by":"crossref","unstructured":"H.\u00a0Garcia-Molina and K.\u00a0Salem, Sagas, in: Proceedings of ACM-SIGMOD International Conference on Management of Data, San Francisco, CA, 1987, pp.\u00a0249\u2013259.","DOI":"10.1145\/38713.38742"},{"key":"ref016","unstructured":"J.\u00a0Gray and A.\u00a0Reuter, Transaction Processing: Concepts and Techniques, Morgan Kaufmann Publishers, San Francisco, CA, 1993."},{"key":"ref017","unstructured":"D.\u00a0Jackson, Niptick: A checkable specification language, in: Proceedings of the Workshop on Formal Methods in Software Practice, San Diego, CA, January 1996."},{"key":"ref018","doi-asserted-by":"publisher","DOI":"10.1145\/185827.185854"},{"key":"ref019","unstructured":"K.L.\u00a0McMillan, Symbolic model checking: an approach to the state explosion problem, PhD thesis, Carnegie Mellon University, Pittsburgh, PA, 1992."},{"key":"ref020","doi-asserted-by":"publisher","DOI":"10.1145\/360051.360224"},{"key":"ref021","doi-asserted-by":"crossref","unstructured":"S.\u00a0Owre, J.M.\u00a0Rushby and N.\u00a0Shankar, PVS: A prototype verification system, in: Proceedings of the International Conference on Automated Deduction, D.\u00a0Kapur, ed. Saratoga, NY, June 1992, pp.\u00a0748\u2013752.","DOI":"10.1007\/3-540-55602-8_217"},{"key":"ref022","doi-asserted-by":"crossref","unstructured":"R.\u00a0Rastogi, H.F.\u00a0Korth and A.\u00a0Silberchatz, Exploiting transaction semantics in multidatabase systems, in: Proceedings of the International Conference on Distributed Computing Systems, Vancouver, Canada, June 1995, pp.\u00a0101\u2013109.","DOI":"10.1109\/ICDCS.1995.500008"},{"key":"ref023","doi-asserted-by":"publisher","DOI":"10.1109\/2.241422"},{"key":"ref024","doi-asserted-by":"publisher","DOI":"10.1109\/69.485627"},{"key":"ref025","unstructured":"J.M.\u00a0Spivey, The Z Notation: A Reference Manual, 2nd edn, Prentice-Hall, Englewood Cliffs, NJ, 1992."},{"key":"ref026","unstructured":"J.M.\u00a0Wing and M.\u00a0Vazari-Farahani, A case study in model checking software systems, Technical Report CMU-CS-96-124, Carnegie Mellon University, Pittsburgh, PA, April 1996. To appear in\n Science of Computer Programming\n ."}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-980108","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-980108","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-980108","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:46:07Z","timestamp":1777495567000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-980108"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[1998,7,1]]},"references-count":26,"journal-issue":{"issue":"3","published-print":{"date-parts":[[1998,7,1]]}},"alternative-id":["10.3233\/JCS-980108"],"URL":"https:\/\/doi.org\/10.3233\/jcs-980108","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[1998,7,1]]}}}