CN1975675A - Safety real-time concurrent control protocol adapted to moving distributing real-time data bank - Google Patents
Safety real-time concurrent control protocol adapted to moving distributing real-time data bank Download PDFInfo
- Publication number
- CN1975675A CN1975675A CN 200610130104 CN200610130104A CN1975675A CN 1975675 A CN1975675 A CN 1975675A CN 200610130104 CN200610130104 CN 200610130104 CN 200610130104 A CN200610130104 A CN 200610130104A CN 1975675 A CN1975675 A CN 1975675A
- Authority
- CN
- China
- Prior art keywords
- real
- affairs
- time
- lock
- definition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention is one kind of real-time concurrency control protocol (SHORTCC protocol) for the security of mobile distributed real-time database. The invention divides the mobile distributed real-time transaction into two stages: optimistic implementation stage; certification and submission stage which is based on high priority mortality and two-phase locking. Through the concept of similarity, a standard for the ability of similar serialization is given, so that the traditional standard for serialization of conflicts is relaxed, to improve the transaction concurrency. Besides similar serialization scheduling of concurrent transactions, the security check is introduced in the certification and submission stage. For the possible disobey of security, whether to block or mortally the transaction certification can be determined by the comparison between the factor of security disobey and the factor of real-time impact. User can adjust the behavior by changing the weight of the two factors.
Description
[technical field]: the invention belongs to the Database security technology field.Stop the invalid information that utilizes concurrent control mechanism conspiracy to carry out secret between different security clearance level affairs to transmit by in concurrency control protocol, integrating security constraint, guarantee the safety of Database Systems.
[background technology]: moving distributing real-time dataBase system (MDRTDBS:Mobile Distributed Real-Time DatabaseSystem) is considered to support the distributing real-time data bank system of mobile computing environment usually.The distributing real-time data bank system is that affairs and data can have the regularly distributed data base system of restriction, and the correctness of system not only depends on the logical consequence that affairs are carried out, and depends on the time that logical consequence produces.The timing of affairs restriction typical earth surface now is the off period of affairs among the MDRTDBS.For soft Real-time Transaction, will cause the result to lose due value if fail to finish (surpassing the off period) in the off period of regulation; Affairs when solid, the super off period will make the result become meaningless; For the hard real-time affairs, the super off period may cause catastrophic consequence.According to the pressing degree of off period, Real-time Transaction is assigned corresponding priority level, and the off period, near more affairs were assigned with high more priority.In MDRTDBS, priority is used as transaction scheduling and solves the main foundation of data collision, and scheduling strategy and concurrent control mechanism all will preferentially be guaranteed the high priority affairs.
MDRTDBS is applied in some safety-critical classes application, as ecommerce, wireless stock exchange, dispatching of power netwoks, military command system etc. usually.This class is used, and except guaranteeing real-time performance, it also is vital stoping information flow illegal between different affairs.Great majority have been realized forcing the safety database system of access control all to lose based on Bel-La Pa and have been drawn (Bell-LaPadula) security model.In the Bell-LaPadula model, element is divided into main body (Subject) and object (Object) by its characteristic.Main body is the active active element of system, can carry out a series of action, as process, affairs.Object is the passive element that comprises information in the system.In Database Systems, object can be relation, tuple etc.Each object in the system distributes a level of confidentiality (Classification level) according to the susceptibility of its canned data.Same, each main body is assigned with a permission level (a Clearance level) based on its degree of confidence (degree of being believed by system).According to the Bell-LaPadula model, affairs only can read the data object (reading rule downwards) that level of confidentiality is less than or equal to its permission level; Affairs only can be write the data object (upwards write rule) of level of confidentiality more than or equal to its permission level.The restrict access of Bell-LaPadula model can stop direct invalid information stream between different permission level affairs, but is not enough to stop the indirect invalid information between different permission level affairs to flow, i.e. concealed channel.Traditional (non-safe) Real-time and Concurrent control protocol has fully taken into account the priority of affairs as die young two-phase lock agreement (HPA-2PL) etc. of high priority when solving the concurrent transaction data collision, guarantee that the high priority affairs are preferentially carried out.The strategy that HPA-2PL solves the concurrent transaction data collision is: clash when certain lock of being held by the high priority affairs of low priority affairs application, the low priority affairs get clogged; Clash when certain lock of being held by the low priority affairs of high priority affairs application, the low priority affairs are died young, and the high priority affairs obtain corresponding lock resource.The HPA-2PL agreement has solved the priority inversion problem well, but does not solve the concealed channel problem, can walk around the security of system strategy by means of the lock-out facility of concurrent control between concurrent difference permission level affairs, carries out covert communications.For example high priority, a height are permitted a level affairs T
2Hold the exclusive lock on a certain data object, the low priority that conspire another and it, low permission level affairs T
1Apply for the lock of this data object simultaneously, thereby data collision takes place, according to HPA-2PL agreement T
1Get clogged, so T
1Can be according to the time of getting clogged, from T
2Obtain information.Like this at T
1And T
2Between just formed concealed channel.Can traditional (non-safe) concurrent control strategy be improved in order to solve above-mentioned concealed channel problem, as increase following rule: when between difference permission level affairs data collision takes place, concurrent control strategy is guaranteed to hang down permission level affairs and is preferentially carried out.In last example, according to this rule, T
1To obtain required lock resource, and continue to carry out.T
2To get clogged.Like this, just avoided at T
1And T
2Between form the possibility of concealed channel, but produced priority inversion, be that the high priority affairs are waited for the execution of low priority affairs because of data collision, this does not obviously meet, and the high priority affairs have precedence over low priority affairs ground principle among the MDRTDBS on resource is used, and are unfavorable for satisfying of Real-time Transaction off period.
A real-time security concurrency system agreement must be considered the demand of two aspects simultaneously: 1) guarantee data security; 2) guarantee that Real-time Transaction misses the ratio minimum of off period.Yet above-mentioned two aspects are normally conflicting, realize being cost on the other hand to sacrifice usually on the one hand.
Existing Real-time and Concurrent control protocol, as 2PL-HP, PC (Priority Ceiling), OPT-WAIT, OPT-SACRIFICE etc., all focus on and guarantee satisfying of Real-time Transaction off period how better, but can't stop illegal secret communication between different permission level affairs, also not consider the inherent feature of mobile environment.Existing safe concurrency control protocol is not then considered the timing restriction of Real-time Transaction, thereby can't satisfy real-time demands of applications.Research to real-time security concurrency control protocol comprises that mainly the Son of Fo Jiniya university and the people such as George of India science institute propose related protocol.The main research thinking of Son is to design the safe concurrent control mechanism of a kind of adaptive (adaptive), and its deficiency is security completely can not be provided, and George has proved in its concurrent control strategy and had security breaches; Some prerequisite of the concurrent control strategy of its safety in addition, the whole resources of disposable acquisition are unreasonable, not science and poor efficiency in many cases before starting as affairs.The starting point of George research is the overall safety that guarantees real-time dataBase system, and its thinking is for utilizing existing concurrent control strategy, and it is carried out reasonable combination, uses different concurrent control mechanisms at security respectively with real-time.Its deficiency at first is to guaranteeing that security makes performance loss excessive, its hard real-time affairs hypothesis has also been ignored the application demand of a large amount of soft Real-time Transaction in addition, its too complicated safe concurrent control mechanism still has many difficulties in realization, and they do not consider the feature that mobile environment is intrinsic yet simultaneously.
[summary of the invention]: the objective of the invention is to solve existing real-time security concurrency control protocol guaranteeing data security and guaranteeing that Real-time Transaction is missed and have conflicting problem usually aspect the ratio minimum two of off period, provide a kind of and can satisfy the real-time security concurrency control protocol that the application safety sexual demand can be guaranteed the suitable moving distributing real-time data base of real-time performance again.
The real-time security concurrency control protocol of suitable moving distributing real-time data base provided by the invention, this protocol contents comprises:
1) real-time security concurrency control protocol provided by the invention combines optimistic concurrent control strategy and high priority two-phase lock (HPA-2PL) agreement of dying young---and be called safety and mix optimistic real-time concurrency control protocol (SHORTCC), this agreement is divided into the optimistic execute phase with the execution of moving distributing Real-time Transaction and based on the die young checking presentation stage of two-phase lock of high priority;
2) by the similarity notion, provided similar serializability standard, traditional conflict serializability standard has been loosened, to improve the concurrency of affairs;
3) in the checking presentation stage, except the similar serializability of guaranteeing the concurrent transaction scheduling, introduced security inspection: promptly, when the possibility that exists security violation, then by relatively the Security Violation factor---obstruction is verified the order of severity to security violation that affairs cause, with real-time factor of influence---the checking affairs of dying young cause to the real-time sex order of severity, be to block or die young the checking affairs with decision; Wherein, the user is according to different application different to security and real-time demand, by the Security Violation factor and the adjustment of factor of influence weights in real time better being adapted to the demand of different application.
The concrete operations that above-mentioned safety is mixed optimistic real-time concurrency control protocol (SHORTCC) the contents are as follows:
1) at first provide the definition that readset conflicts:
---definition 15, suppose OPST
iBe an optimistic subtransaction, its corresponding basic affairs are BT
iROS is OPST
iAnd BT
iThe set of read operation; RDS
oAnd RDS
bRepresent OPST respectively
iAnd BT
iThe set of institute's read data object; RD
o(r) and RD
b(r) represent OPST respectively
iAnd BT
iThe data object read of read operation r; If one of following condition is set up, then claim to detect the readset conflict:
(1)RDS
o≠RDS
b
(2)(r∈ROS)∧(V
o(RD
o(r))≈V
b(RD
b(r)))
Here, V
o(RD
o(r)) expression OPST
iThe data object RD that middle read operation r is read
o(r) value; V
b(RD
b(r)) expression BT
iThe data object RD that middle read operation r is read
b(r) value;
2) in the optimistic execute phase, all subtransactions of moving distributing Real-time Transaction (MDRTT) are gone up optimistic the execution at respective fixation database server (FDS); In case enter the checking presentation stage, fixed data storehouse server (FDS) carries out consistency checking and security inspection for corresponding optimistic subtransaction triggers basic affairs, and wherein basic affairs and corresponding optimistic subtransaction have identical operations sequence and access data object set;
3) in the checking presentation stage, the concurrent control mechanism based on lock is adopted in the execution of basic affairs, has wherein designed three kinds of lock types: read lock (R lock), write lock (X lock) and similar lock (S lock);
When basic affairs are carried out read operation or write operation on certain data object D, it at first applies for the read lock (R lock) on the D or writes lock (X lock) that if concurrent control manager does not detect operating collision, it is authorized these base affairs and locks accordingly; If detect operating collision, it judges whether conflict operation is similar operations, if similar, then authorizes corresponding similar lock (S lock).
4) introduced security inspection in the checking presentation stage, promptly, when the possibility that exists security violation, then by block relatively that the checking affairs cause to the order of severity of security violation and the checking affairs of dying young cause to the real-time sex order of severity, be to block or die young the checking affairs with decision.
Advantage of the present invention and good effect: compared with prior art, the present invention has the following advantages:
(1) by introducing the similarity notion, proposes similar serializability standard, traditional conflict serializability standard has been loosened, improved the concurrency of affairs.
(2) defined the Security Violation factor (order of severity to security violation that the checking affairs cause is blocked in portrayal quantitatively) and in real time factor of influence (quantitatively portrayal die young verify that affairs cause to the real-time sex order of severity).
(3) combine optimistic concurrent control strategy and high priority two-phase lock (HPA-2PL) agreement of dying young, a kind of compromise mechanism is provided, allow the user concurrent control strategy be adjusted, to adapt to demands of applications better according to different the stressing that specifically is applied in real-time and the security.
Compared with prior art, effect of the present invention:
The performance test results shows that the concurrency control protocol that we propose still can guarantee the good real-time energy when guaranteeing security.
[description of drawings]:
Fig. 1 is SHORTCC and the comparative result synoptic diagram of Real-time and Concurrent control protocol DHP2PL on LCTMDR.Wherein, the implication of LCTMDR provides in embodiment 2;
Fig. 2 is SHORTCC and the comparative result synoptic diagram of Real-time and Concurrent control protocol DHP2PL on HCTMDR.Wherein, the implication of HCTMDR provides in embodiment 2;
Fig. 3 is SHORTCC and the comparative result synoptic diagram of Real-time and Concurrent control protocol DHP2PL on NLCB.Wherein, the implication of NLCB provides in embodiment 2.
[embodiment]:
Embodiment 1
A kind of real-time security concurrency control protocol of suitable moving distributing real-time data base, this protocol contents comprises:
1) real-time security concurrency control protocol provided by the invention combines optimistic concurrent control strategy and high priority two-phase lock (HPA-2PL) agreement of dying young---and be called safety and mix optimistic real-time concurrency control protocol (SHORTCC), this agreement is divided into the optimistic execute phase with the execution of moving distributing Real-time Transaction and based on the die young checking presentation stage of two-phase lock of high priority;
2) by the similarity notion, provided similar serializability standard, traditional conflict serializability standard has been loosened, to improve the concurrency of affairs;
3) verifying presentation stage except that the similar serializability of guaranteeing the concurrent transaction scheduling, introduced security inspection: promptly, when the possibility that exists security violation, then by relatively the Security Violation factor---obstruction is verified the order of severity to security violation that affairs cause, with real-time factor of influence---the checking affairs of dying young cause to the real-time sex order of severity, be to block or die young the checking affairs with decision; Wherein, the user is according to different application different to security and real-time demand, by the Security Violation factor and the adjustment of factor of influence weights in real time better being adapted to the demand of different application.
Above-mentioned SHORTCC agreement 3) the Security Violation factor described in and real-time factor of influence are defined as follows:
Wherein, the symbol implication that relates to give a definition is the permission level of CL (T) expression affairs T; The priority of P (T) expression affairs T; Op
iThe reading and writing operation of expression affairs; OP
nCF Op
mExpression Op
nAnd Op
mIt is a pair of conflict operation; ST represents the affairs set of the system that enters;
---definition 1, suppose T
i, T
j∈ ST is if following condition is set up: ( OP
n∈ T
i) ∧ ( OP
m∈ T
j) ∧ (OP
nCFOp
m)
Then claim T
iAnd T
jBe a pair of conflict transaction, be designated as: T
iCF T
j
---definition 2, suppose T
i∈ ST, ST
1 ST, if following condition satisfies:
T
j∈ST
1(T
i?CF?T
j)
Then claim ST
1Be affairs T
iConflict set, be designated as: CS (T
i);
---definition 3, suppose T
i∈ ST, ST
2 ST, if following condition is set up:
(T
j∈ST
2(T
i?CF?T
j))∧(T
j∈(ST-ST
2)((T
i?CF?T
j)))
Then claim ST
2Be affairs T
iThe maximum collision collection, be designated as: MCS (T
i);
---definition 4, definition | f (CL (T
i))-f (CL (T
j) | be affairs T
iAnd T
jPermission level diversity factor, be designated as: CDD (T
i, T
j); Here, f represents the mapping of the set of different permission levels to the nature manifold;
---definition 5, definition | P (T
i)-P (T
j) | be affairs T
iAnd T
jThe priority diversity factor, be designated as: PDD (T
i, T
j);
---definition 6, suppose T
i∈ ST, MCS1 (T
i) MCS (T
i), if there is following condition to set up:
(T
j∈MCS1(T
i)(CL(T
j>CL(T
i)))∧(T
j∈(MCS(T
i)-MCS1(T
i))(CL(T
j)≤CL(T
i)))
Then claim MCS1 (T
i) be affairs T
iA height permission level maximum collision collection, be designated as: HCMCS (T
i);
---definition 7, suppose T
i∈ ST, MCS2 (T
i) MCS (T
i), if there is following condition to set up:
(T
j∈MCS2(T
i)(P(T
j)<P(T
i)))∧(T
j∈(MCS(T
i)-MCS2(T
i))(P(T
j)≥P(T
i)))
Then claim MCS2 (T
i) be affairs T
iLow priority maximum collision collection, be designated as: LPMCS (T
i).
---definition 8, definition
Be affairs T
iWith respect to HCMCS (T
i) the Security Violation factor, be designated as: SVF (T
i, HCMCS (T
i));
SVF (T
i, HCMCS (T
i)) reflected obstruction T
iThe concealed channel that may cause (the running counter to security) order of severity;
---definition 9, definition
Be affairs T
iWith respect to LPMCS (T
i) real-time factor of influence, be designated as: RTIF (T
i, LPMCS (T
i));
RTIF (T
i, LPMCS (T
i)) reflected the T that dies young
iThe order of severity to the real-time performance influence that may cause.
Above-mentioned SHORTCC agreement 2) similarity described in is defined as follows:
---definition 10, for two the value V of data object D in the database
1(D) and V
2(D), if following condition satisfies:
|g(V
1(D))-g(V
2(D))|≤σ
Two value V that then claim data object D
1(D) and V
2(D) be that data are similar, be designated as: V
1(D) ≈ V
2(D); In the definition, g represents from the scope territory of D to the mapping of set of real numbers above; σ is predetermined threshold value, and its value is decided according to application semantics;
---definition 11, suppose T
i, T
j∈ ST, Op
i∈ T
i, Op
j∈ T
jAnd Op
iAnd Op
jAct on the same data object D, if following condition satisfies:
V(Op
i,D)≈V(OP
j,D)
Then claim Op
iAnd Op
jBe that operation is similar, be designated as: Op
i≈ Op
jIn defining above, V (Op
i, D) and V (Op
j, D) represent Op respectively
iAnd Op
jAct on the value on the D;
---definition 12 supposition T
1, T
2..., T
n∈ ST, Op
1∈ T
1, Op
2∈ T
2..., Op
n∈ T
nAnd Op
1, Op
2..., Op
nAct on the same data object D, if following condition satisfies:
V(Op
i,D),V(Op
j,D)∈{V(Op
1,D),V(Op
2,D),…,V(Op
n,D)},|g(V(Op
i,D))
-g(V(Op
j,D))|≤σ
Then claim operation set { Op
1, Op
2..., Op
nFor operating similar collection;
---definition 13 supposition SD
iAnd SD
jRepresent database respectively at difference two states constantly, D represents arbitrary data object of database, if following condition satisfies:
V
i(D)∈SD
i,V
j(D)∈SD
j(V
i(D)≈V
j(D))
Then claim SD
iAnd SD
jSimilar, be designated as: SD
i≈ SD
j
---definition 14 supposition Sch
aBe affairs collection { T
1, T
2..., T
nA scheduling, SD
aBe Sch
aA state of the database that produces, if following condition satisfies:
Sch
b(SD
a≈SD
b)
Then claim scheduling Sch
aBe similar serializable; Here, Sch
bRepresent a serialized scheduling; SD
bExpression Sch
bThe database positioning that produces.
Above-mentioned SHORTCC agreement 1) concrete operations that the safety described in is mixed optimistic real-time concurrency control protocol (SHORTCC) the contents are as follows:
1) at first provide the definition that readset conflicts:
---definition 15, suppose OPST
iBe an optimistic subtransaction, its corresponding basic affairs are BT
iROS is OPST
iAnd BT
iThe set of read operation; RDS
oAnd RDS
bRepresent OPST respectively
iAnd BT
iThe set of institute's read data object; RD
o(r) and RD
b(r) represent OPST respectively
iAnd BT
iThe data object read of read operation r; If one of following condition is set up, then claim to detect the readset conflict:
(1)RDS
o≠RDS
b
(2)(r∈ROS)∧(V
o(RD
o(r))≈V
b(RD
b(r)))
Here, V
o(RD
o(r)) expression OPST
iThe data object RD that middle read operation r is read
o(r) value; V
b(RD
b(r)) expression BT
iThe data object RD that middle read operation r is read
b(r) value;
2) in the optimistic execute phase, all subtransactions of moving distributing Real-time Transaction (MDRTT) are gone up optimistic the execution at respective fixation database server (FDS); In case enter the checking presentation stage, fixed data storehouse server (FDS) carries out consistency checking and security inspection for corresponding optimistic subtransaction triggers basic affairs, and wherein basic affairs and corresponding optimistic subtransaction have identical operations sequence and access data object set;
3) in the checking presentation stage, the concurrent control mechanism based on lock is adopted in the execution of basic affairs, has wherein designed three kinds of lock types: read lock (R lock), write lock (X lock) and similar lock (S lock); Its compatibility matrix is as shown in table 1:
Table 1. lock compatibility matrix
When basic affairs are carried out read operation or write operation on certain data object D, it at first applies for the read lock (R lock) on the D or writes lock (X lock) that if concurrent control manager does not detect operating collision, it is authorized these base affairs and locks accordingly; If detect operating collision, it judges whether conflict operation is similar operations, if similar, then authorizes corresponding similar lock (S lock).
The specific operation process of checking presentation stage is as follows in the above-mentioned SHORTCC agreement:
If BTS represents a certain fixed data storehouse server (FDS) and goes up the set of basic affairs, T
i∈ BTS, MCS (T
i)={ T
I, 1, T
I, 2..., T
I, m; Suppose T
iThe lock on requested data object D just, T
I, k(k=1,2 ..., m) held lock on the D; Op (T
i) expression T
iThe operation that application is locked to D, Op (T
I, k) expression T
I, kHold the operation that D locks; PCS (Op (T
i)) expression and Op (T
i) operation set of conflict, i.e. PCS (Op (T
i))={ Op (T
I, l), Op (T
I, 2) ..., Op (T
I, m); Safety is mixed optimistic real-time concurrency control protocol (SHORTCC) and can be described below:
IF(P(T
i)>max(P(T
i,k)))//k=1,2,…,m
{IF(Op(T
i,k)∈PCS(T
i)(Op(T
i,k)≈Op(T
i)))
T
iObtain the S lock that it is asked;
ELSE
T
iObtain corresponding R lock or X lock, T
I, kDied young, if T
I, kBe the basic affairs of certain MDRTT, the message of dying young
Be sent to the coordinator of this MDRTT, the coordinator is termination or restarts this according to the off period decision of MDRTT
MDRTT;
}
ELSE
{IF(Op(T
i,k)∈PCS(T
i)(Op(T
i,k)≈Op(T
i)))
T
iObtain the S lock that it is asked;
ELSE
{IF(ω×SVF(T
i,HCMCS(T
i))>(1-ω)×RTIF(T
i,LPMCS(T
i))
T dies young
iAnd send the message of dying young to corresponding coordinator;
ELSE
Block T
i
}
}
In the superincumbent description, ω and (1-ω) represent the degree of security and real-time shared importance in system respectively.
Embodiment 2
SHORTCC and Real-time and Concurrent control protocol DHP2PL (distributed high priority two-phase lock) agreement are compared.Main performance index have: TMDR (affairs are missed the ratio of off period) and NLCB (number that unit interval low permission level affairs are blocked by height permission level affairs).TMDR is defined as follows: TMDR=(missing the number of off period affairs)/(entering the total number of the affairs of system).TMDR has reflected the system real time energy, and NLCB then is used for weighing the order of severity of violating security.The permission level of supposing affairs is divided into six grades, and from 1 to 6 permission level raises successively.We represent to have high permission level (the permission level is not less than 4) affairs with HCTMDR and miss the ratio of off period; LCTMDR represents to have low permission level (the permission level is less than 4) affairs and misses the ratio of off period.Result such as Fig. 1, Fig. 2, shown in Figure 3, as can be seen when guaranteeing security, SHORTCC still has good real-time performance from accompanying drawing.
Claims (5)
1, a kind of real-time security concurrency control protocol of suitable moving distributing real-time data base is characterized in that this protocol contents comprises:
1) real-time security concurrency control protocol provided by the invention combines optimistic concurrent control strategy and high priority two-phase lock (HPA-2PL) agreement of dying young---and be called safety and mix optimistic real-time concurrency control protocol (SHORTCC), this agreement is divided into the optimistic execute phase with the execution of moving distributing Real-time Transaction and based on the die young checking presentation stage of two-phase lock of high priority;
2) by the similarity notion, provided similar serializability standard, traditional conflict serializability standard has been loosened, to improve the concurrency of affairs;
3) verifying presentation stage except that the similar serializability of guaranteeing the concurrent transaction scheduling, introduced security inspection: promptly, when the possibility that exists security violation, then by relatively the Security Violation factor---obstruction is verified the order of severity to security violation that affairs cause, with real-time factor of influence---the checking affairs of dying young cause to the real-time sex order of severity, be to block or die young the checking affairs with decision; Wherein, the user is according to different application different to security and real-time demand, by the Security Violation factor and the adjustment of factor of influence weights in real time better being adapted to the demand of different application.
2, real-time security concurrency control protocol---the method for suitable moving distributing real-time data base according to claim 1 is characterized in that 3) described in the Security Violation factor and in real time factor of influence be defined as follows:
Wherein, the symbol implication that relates to give a definition is the permission level of CL (T) expression affairs T; The priority of P (T) expression affairs T; Op
iThe reading and writing operation of expression affairs; Op
nCF Op
mExpression Op
nAnd Op
mIt is a pair of conflict operation; ST represents the affairs set of the system that enters;
---definition 1, suppose T
i, T
j∈ ST is if following condition is set up: ( Op
n∈ T
i) ∧ ( Op
m∈ T
j) ∧ (Op
nCF Op
m)
Then claim T
iAnd T
jBe a pair of conflict transaction, be designated as: T
iCF T
j
---definition 2, suppose T
i∈ ST, ST
1 ST, if following condition satisfies:
T
j∈ST
1(T
i?CF?T
j)
Then claim ST
1Be affairs T
iConflict set, be designated as: CS (T
i);
---definition 3, suppose T
i∈ ST, ST
2 ST, if following condition is set up:
(T
j∈ST
2(T
i?CF?T
j))∧(?T
j∈(ST-ST
2)(﹁(T
i?CF?T
j)))
Then claim ST
2Be affairs T
iThe maximum collision collection, be designated as: MCS (T
i);
---definition 4, definition | f (CL (T
i))-f (CL (T
j)) | be affairs T
iAnd T
jPermission level diversity factor, be designated as: CDD (T
i, T
j); Here, f represents the mapping of the set of different permission levels to the nature manifold;
---definition 5, definition | P (T
i)-P (T
j) | be affairs T
iAnd T
jThe priority diversity factor, be designated as: PDD (T
I, T
j);
---definition 6, suppose T
i∈ ST, MCS1 (T
i) MCS (T
i), if there is following condition to set up:
(T
j∈MCS1(T
i)(CL(T
j)>CL(T
i)))∧(T
j∈(MCS(T
i)-MCS1(T
i))(CL(T
j)≤CL(T
i)))
Then claim MCS1 (T
i) be affairs T
iA height permission level maximum collision collection, be designated as: HCMCS (T
i);
---definition 7, suppose T
i∈ ST, MCS2 (T
i) MCS (T
i), if there is following condition to set up:
(T
j∈MCS2(T
i)(P(T
j)<P(T
i)))∧(T
j∈(MCS(T
i)-MCS2(T
i))(P(T
j)≥P(T
i)))
Then claim MCS2 (T
i) be affairs T
iLow priority maximum collision collection, be designated as: LPMCS (T
i).
---definition 8, definition
Be affairs T
iWith respect to HCMCS (T
i) the Security Violation factor, be designated as: SVF (T
i, HCMCS (T
i));
SVF (T
i, HCMCS (T
i)) reflected obstruction T
iThe concealed channel that may cause (the running counter to security) order of severity;
---definition 9, definition
Be affairs T
iWith respect to LPMCS (T
i) real-time factor of influence, be designated as: RTIF (T
i, LPMCS (T
i));
RTIF (T
i, LPMCS (T
i)) reflected the T that dies young
iThe order of severity to the real-time performance influence that may cause.
3, real-time security concurrency control protocol---the method for suitable moving distributing real-time data base according to claim 1 is characterized in that 2) described in similarity be defined as follows:
---definition 10, for two the value V of data object D in the database
1(D) and V
2(D), if following condition satisfies:
|g(V
1(D))-g(V
2(D))|≤σ
Two value V that then claim data object D
1(D) and V
2(D) be that data are similar, be designated as: V
1(D) ≈ V
2(D); In the definition, g represents from the scope territory of D to the mapping of set of real numbers above; σ is predetermined threshold value, and its value is decided according to application semantics;
---definition 11, suppose T
i, T
j∈ ST, Op
i∈ T
i, Op
j∈ T
jAnd Op
iAnd Op
jAct on the same data object D, if following condition satisfies:
V(Op
i,D)≈V(Op
j,D)
Then claim Op
iAnd Op
jBe that operation is similar, be designated as: Op
i≈ Op
jIn defining above, V (Op
i, D) and V (Op
j, D) represent Op respectively
iAnd Op
jAct on the value on the D;
---definition 12 supposition T
1, T
2..., T
n∈ ST, Op
1∈ T
1, Op
2∈ T
2..., Op
n∈ T
nAnd Op
1, Op
2..., Op
nAct on the same data object D, if following condition satisfies:
V(Op
i,D),V(Op
j,D)∈{V(Op
1,D),V(Op
2,D),…,V(Op
n,D)},|g(V(Op
i,
D))-g(V(Op
j,D))|≤σ
Then claim operation set { Op
1, Op
2..., Op
nFor operating similar collection;
---definition 13 supposition SD
iAnd SD
jRepresent database respectively at difference two states constantly, D represents arbitrary data object of database, if following condition satisfies:
V
i(D)∈SD
i,V
j(D)∈SD
j(V
i(D)≈V
j(D))
Then claim SD
iAnd SD
jSimilar, be designated as: SD
i≈ SD
j
---definition 14 supposition Sch
aBe affairs collection { T
1, T
2..., T
nA scheduling, SD
aBe Sch
aA state of the database that produces, if following condition satisfies:
Sch
b(SD
a≈SD
b)
Then claim scheduling Sch
aBe similar serializable; Here, Sch
bRepresent a serialized scheduling; SD
bExpression Sch
bThe database positioning that produces.
4, real-time security concurrency control protocol---the method for suitable moving distributing real-time data base according to claim 1 is characterized in that 1) described in the safety concrete operations that mix optimistic real-time concurrency control protocol (SHORTCC) the contents are as follows:
1) at first provide the definition that readset conflicts:
---definition 15, suppose OPST
iBe an optimistic subtransaction, its corresponding basic affairs are BT
iROS is OPST
iAnd BT
iThe set of read operation; RDS
oAnd RDS
bRepresent OPST respectively
iAnd BT
iThe set of institute's read data object; RD
o(r) and RD
b(r) represent OPST respectively
iAnd BT
iThe data object read of read operation r; If one of following condition is set up, then claim to detect the readset conflict:
(1)RDS
o≠RDS
b
(2)(r∈ROS)∧﹁(V
o(R(D
o(r))≈V
b(RD
b(r)))
Here, V
o(RD
o(r)) expression OPST
iThe data object RD that middle read operation r is read
o(r) value; V
b(RD
b(r)) expression BT
iThe data object RD that middle read operation r is read
b(r) value;
2) in the optimistic execute phase, all subtransactions of moving distributing Real-time Transaction (MDRTT) are gone up optimistic the execution at respective fixation database server (FDS); In case enter the checking presentation stage, fixed data storehouse server (FDS) carries out consistency checking and security inspection for corresponding optimistic subtransaction triggers basic affairs, and wherein basic affairs and corresponding optimistic subtransaction have identical operations sequence and access data object set;
3) in the checking presentation stage, the concurrent control mechanism based on lock is adopted in the execution of basic affairs, has wherein designed three kinds of lock types: read lock (R lock), write lock (X lock) and similar lock (S lock);
When basic affairs are carried out read operation or write operation on certain data object D, it at first applies for the read lock (R lock) on the D or writes lock (X lock) that if concurrent control manager does not detect operating collision, it is authorized these base affairs and locks accordingly; If detect operating collision, it judges whether conflict operation is similar operations, if similar, then authorizes corresponding similar lock (S lock).
5, real-time security concurrency control protocol---the method for suitable moving distributing real-time data base according to claim 4 is characterized in that verifying that the specific operation process of presentation stage is as follows:
If BTS represents a certain fixed data storehouse server (FDS) and goes up the set of basic affairs, T
i∈ BTS, MCS (T
i)={ T
I, 1, T
I, 2..., T
I, m; Suppose T
iThe lock on requested data object D just, T
I, k(k=1,2 ..., m) held lock on the D; Op (T
i) expression T
iThe operation that application is locked to D, Op (T
I, k) expression T
I, kHold the operation that D locks; PCS (Op (T
i)) expression and Op (T
i) operation set of conflict, i.e. PCS (Op (T
i))={ Op (T
I, 1), Op (T
I, 2) ..., Op (T
I, m); Safety is mixed optimistic real-time concurrency control protocol (SHORTCC) and can be described below:
IF(P(T
i)>max(P(T
i,k)))//k=1,2,…,m
{IF(Op(T
i,k)∈PCS(T
i)(Op(T
i,k)≈Op(T
i)))
T
iObtain the S lock that it is asked;
ELSE
T
iObtain corresponding R lock or X lock, T
I, kDied young, if
T
I, kBe the basic affairs of certain MDRTT, the message of dying young is sent out
Give the coordinator of this MDRTT, the coordinator is according to MDRTT
Off period decision be to stop or restart this MDRTT;
}
ELSE
{IF(Op(T
i,k)∈PCS(T
i)(Op(T
i,k)≈Op(T
i)))
T
iObtain the S lock that it is asked;
ELSE
{IF(ω×SVF(T
i,HCMCS(T
i))>(1-ω)×RTIF(T
i,LPMCS(T
i)))
T dies young
iAnd send the message of dying young to corresponding coordinator;
ELSE
Block T
i
}
}
In the superincumbent description, ω and (1-ω) represent the degree of security and real-time shared importance in system respectively.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200610130104 CN1975675A (en) | 2006-12-13 | 2006-12-13 | Safety real-time concurrent control protocol adapted to moving distributing real-time data bank |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200610130104 CN1975675A (en) | 2006-12-13 | 2006-12-13 | Safety real-time concurrent control protocol adapted to moving distributing real-time data bank |
Publications (1)
Publication Number | Publication Date |
---|---|
CN1975675A true CN1975675A (en) | 2007-06-06 |
Family
ID=38125762
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 200610130104 Pending CN1975675A (en) | 2006-12-13 | 2006-12-13 | Safety real-time concurrent control protocol adapted to moving distributing real-time data bank |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN1975675A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101667211B (en) * | 2009-08-20 | 2011-04-20 | 华中科技大学 | Transaction conflict decision method of dynamic multi-granularity lock in database |
CN102135980A (en) * | 2010-12-21 | 2011-07-27 | 北京高森明晨信息科技有限公司 | Real-time transaction processing method and device |
CN103888253A (en) * | 2012-12-19 | 2014-06-25 | 中国电信股份有限公司 | Token mechanism-based data processing method and system |
CN104850631A (en) * | 2015-05-21 | 2015-08-19 | 天津大学 | Security concurrency control method applicable to real-time database |
CN110730958A (en) * | 2017-06-09 | 2020-01-24 | 华为技术有限公司 | Method and system for managing prioritized database transactions |
CN111723061A (en) * | 2020-06-24 | 2020-09-29 | 北京松鼠山科技有限公司 | Concurrency control method and device for database system |
-
2006
- 2006-12-13 CN CN 200610130104 patent/CN1975675A/en active Pending
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101667211B (en) * | 2009-08-20 | 2011-04-20 | 华中科技大学 | Transaction conflict decision method of dynamic multi-granularity lock in database |
CN102135980A (en) * | 2010-12-21 | 2011-07-27 | 北京高森明晨信息科技有限公司 | Real-time transaction processing method and device |
CN102135980B (en) * | 2010-12-21 | 2013-03-13 | 北京高森明晨信息科技有限公司 | Real-time transaction processing method and device |
CN103888253A (en) * | 2012-12-19 | 2014-06-25 | 中国电信股份有限公司 | Token mechanism-based data processing method and system |
CN104850631A (en) * | 2015-05-21 | 2015-08-19 | 天津大学 | Security concurrency control method applicable to real-time database |
CN104850631B (en) * | 2015-05-21 | 2018-08-07 | 天津大学 | A kind of secure concurrency control method suitable for real-time data base |
CN110730958A (en) * | 2017-06-09 | 2020-01-24 | 华为技术有限公司 | Method and system for managing prioritized database transactions |
CN110730958B (en) * | 2017-06-09 | 2022-12-06 | 华为技术有限公司 | Method and system for managing prioritized database transactions |
US11537567B2 (en) | 2017-06-09 | 2022-12-27 | Huawei Technologies Co., Ltd. | Methods and systems for managing prioritized database transactions |
CN111723061A (en) * | 2020-06-24 | 2020-09-29 | 北京松鼠山科技有限公司 | Concurrency control method and device for database system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1975675A (en) | Safety real-time concurrent control protocol adapted to moving distributing real-time data bank | |
CN1860723A (en) | System and methods providing enhanced security model | |
CN1236136A (en) | High speed remote storage cluster interface controller | |
CN1825826A (en) | System and method based on internet access and shared remote apparatus | |
US20050132220A1 (en) | Fine-grained authorization by authorization table associated with a resource | |
CN101055544A (en) | Method and apparatus for supporting multiple one-time table access operations in a hierarchical memory setting | |
CN1870643A (en) | Data communication coordination with sequence numbers | |
CN103379089A (en) | Access control method and system based on security domain isolation | |
CN1893372A (en) | Authorization method and system | |
CN1924816A (en) | Method and apparatus for improving speed of multi-core system accessing critical resources | |
CN1828541A (en) | Implementation method for timing task in Java operating system | |
CN1818875A (en) | Grouped hard realtime task dispatching method of built-in operation system | |
CN1300982C (en) | Hierarchical cooperated network virus and malice code recognition method | |
CN1959693A (en) | Method of realizing intelligence cryptographic key set of fingerprint for multiple users to use | |
CN1752896A (en) | Power source management method of embedded equipment under operation system cooperation and its system | |
CA2588197A1 (en) | Method to control access between network endpoints based on trust scores calculated from information system component analysis | |
CN101075239A (en) | Composite searching method and system | |
CN1877534A (en) | Accomplishing method for embedded real-time file system task scheduling | |
CN104850631B (en) | A kind of secure concurrency control method suitable for real-time data base | |
CN1212569C (en) | Multiple-thread automatic test method | |
CN1829949A (en) | System and method for representing multiple security groups as a single data object | |
CN1633085A (en) | An access control method based on non-grade inter-role mapping | |
CN1841329A (en) | Method and apparatus for positioning target file | |
CN1787529A (en) | Method for safety access based on policy in network computing environment | |
CN1967552A (en) | Data protecting method based on target labeling and operation device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |