CN1975675A - Safety real-time concurrent control protocol adapted to moving distributing real-time data bank - Google Patents

Abstract

The invention is one kind of real-time concurrency control protocol (SHORTCC protocol) for the security of mobile distributed real-time database. The invention divides the mobile distributed real-time transaction into two stages: optimistic implementation stage; certification and submission stage which is based on high priority mortality and two-phase locking. Through the concept of similarity, a standard for the ability of similar serialization is given, so that the traditional standard for serialization of conflicts is relaxed, to improve the transaction concurrency. Besides similar serialization scheduling of concurrent transactions, the security check is introduced in the certification and submission stage. For the possible disobey of security, whether to block or mortally the transaction certification can be determined by the comparison between the factor of security disobey and the factor of real-time impact. User can adjust the behavior by changing the weight of the two factors.

Description

A kind of real-time security concurrency control protocol of suitable moving distributing real-time data base

[technical field]: the invention belongs to the Database security technology field.Stop the invalid information that utilizes concurrent control mechanism conspiracy to carry out secret between different security clearance level affairs to transmit by in concurrency control protocol, integrating security constraint, guarantee the safety of Database Systems.

[background technology]: moving distributing real-time dataBase system (MDRTDBS:Mobile Distributed Real-Time DatabaseSystem) is considered to support the distributing real-time data bank system of mobile computing environment usually.The distributing real-time data bank system is that affairs and data can have the regularly distributed data base system of restriction, and the correctness of system not only depends on the logical consequence that affairs are carried out, and depends on the time that logical consequence produces.The timing of affairs restriction typical earth surface now is the off period of affairs among the MDRTDBS.For soft Real-time Transaction, will cause the result to lose due value if fail to finish (surpassing the off period) in the off period of regulation; Affairs when solid, the super off period will make the result become meaningless; For the hard real-time affairs, the super off period may cause catastrophic consequence.According to the pressing degree of off period, Real-time Transaction is assigned corresponding priority level, and the off period, near more affairs were assigned with high more priority.In MDRTDBS, priority is used as transaction scheduling and solves the main foundation of data collision, and scheduling strategy and concurrent control mechanism all will preferentially be guaranteed the high priority affairs.

MDRTDBS is applied in some safety-critical classes application, as ecommerce, wireless stock exchange, dispatching of power netwoks, military command system etc. usually.This class is used, and except guaranteeing real-time performance, it also is vital stoping information flow illegal between different affairs.Great majority have been realized forcing the safety database system of access control all to lose based on Bel-La Pa and have been drawn (Bell-LaPadula) security model.In the Bell-LaPadula model, element is divided into main body (Subject) and object (Object) by its characteristic.Main body is the active active element of system, can carry out a series of action, as process, affairs.Object is the passive element that comprises information in the system.In Database Systems, object can be relation, tuple etc.Each object in the system distributes a level of confidentiality (Classification level) according to the susceptibility of its canned data.Same, each main body is assigned with a permission level (a Clearance level) based on its degree of confidence (degree of being believed by system).According to the Bell-LaPadula model, affairs only can read the data object (reading rule downwards) that level of confidentiality is less than or equal to its permission level; Affairs only can be write the data object (upwards write rule) of level of confidentiality more than or equal to its permission level.The restrict access of Bell-LaPadula model can stop direct invalid information stream between different permission level affairs, but is not enough to stop the indirect invalid information between different permission level affairs to flow, i.e. concealed channel.Traditional (non-safe) Real-time and Concurrent control protocol has fully taken into account the priority of affairs as die young two-phase lock agreement (HPA-2PL) etc. of high priority when solving the concurrent transaction data collision, guarantee that the high priority affairs are preferentially carried out.The strategy that HPA-2PL solves the concurrent transaction data collision is: clash when certain lock of being held by the high priority affairs of low priority affairs application, the low priority affairs get clogged; Clash when certain lock of being held by the low priority affairs of high priority affairs application, the low priority affairs are died young, and the high priority affairs obtain corresponding lock resource.The HPA-2PL agreement has solved the priority inversion problem well, but does not solve the concealed channel problem, can walk around the security of system strategy by means of the lock-out facility of concurrent control between concurrent difference permission level affairs, carries out covert communications.For example high priority, a height are permitted a level affairs T ₂Hold the exclusive lock on a certain data object, the low priority that conspire another and it, low permission level affairs T ₁Apply for the lock of this data object simultaneously, thereby data collision takes place, according to HPA-2PL agreement T ₁Get clogged, so T ₁Can be according to the time of getting clogged, from T ₂Obtain information.Like this at T ₁And T ₂Between just formed concealed channel.Can traditional (non-safe) concurrent control strategy be improved in order to solve above-mentioned concealed channel problem, as increase following rule: when between difference permission level affairs data collision takes place, concurrent control strategy is guaranteed to hang down permission level affairs and is preferentially carried out.In last example, according to this rule, T ₁To obtain required lock resource, and continue to carry out.T ₂To get clogged.Like this, just avoided at T ₁And T ₂Between form the possibility of concealed channel, but produced priority inversion, be that the high priority affairs are waited for the execution of low priority affairs because of data collision, this does not obviously meet, and the high priority affairs have precedence over low priority affairs ground principle among the MDRTDBS on resource is used, and are unfavorable for satisfying of Real-time Transaction off period.

A real-time security concurrency system agreement must be considered the demand of two aspects simultaneously: 1) guarantee data security; 2) guarantee that Real-time Transaction misses the ratio minimum of off period.Yet above-mentioned two aspects are normally conflicting, realize being cost on the other hand to sacrifice usually on the one hand.

Existing Real-time and Concurrent control protocol, as 2PL-HP, PC (Priority Ceiling), OPT-WAIT, OPT-SACRIFICE etc., all focus on and guarantee satisfying of Real-time Transaction off period how better, but can't stop illegal secret communication between different permission level affairs, also not consider the inherent feature of mobile environment.Existing safe concurrency control protocol is not then considered the timing restriction of Real-time Transaction, thereby can't satisfy real-time demands of applications.Research to real-time security concurrency control protocol comprises that mainly the Son of Fo Jiniya university and the people such as George of India science institute propose related protocol.The main research thinking of Son is to design the safe concurrent control mechanism of a kind of adaptive (adaptive), and its deficiency is security completely can not be provided, and George has proved in its concurrent control strategy and had security breaches; Some prerequisite of the concurrent control strategy of its safety in addition, the whole resources of disposable acquisition are unreasonable, not science and poor efficiency in many cases before starting as affairs.The starting point of George research is the overall safety that guarantees real-time dataBase system, and its thinking is for utilizing existing concurrent control strategy, and it is carried out reasonable combination, uses different concurrent control mechanisms at security respectively with real-time.Its deficiency at first is to guaranteeing that security makes performance loss excessive, its hard real-time affairs hypothesis has also been ignored the application demand of a large amount of soft Real-time Transaction in addition, its too complicated safe concurrent control mechanism still has many difficulties in realization, and they do not consider the feature that mobile environment is intrinsic yet simultaneously.

[summary of the invention]: the objective of the invention is to solve existing real-time security concurrency control protocol guaranteeing data security and guaranteeing that Real-time Transaction is missed and have conflicting problem usually aspect the ratio minimum two of off period, provide a kind of and can satisfy the real-time security concurrency control protocol that the application safety sexual demand can be guaranteed the suitable moving distributing real-time data base of real-time performance again.

The real-time security concurrency control protocol of suitable moving distributing real-time data base provided by the invention, this protocol contents comprises:

1) real-time security concurrency control protocol provided by the invention combines optimistic concurrent control strategy and high priority two-phase lock (HPA-2PL) agreement of dying young---and be called safety and mix optimistic real-time concurrency control protocol (SHORTCC), this agreement is divided into the optimistic execute phase with the execution of moving distributing Real-time Transaction and based on the die young checking presentation stage of two-phase lock of high priority;

2) by the similarity notion, provided similar serializability standard, traditional conflict serializability standard has been loosened, to improve the concurrency of affairs;

3) in the checking presentation stage, except the similar serializability of guaranteeing the concurrent transaction scheduling, introduced security inspection: promptly, when the possibility that exists security violation, then by relatively the Security Violation factor---obstruction is verified the order of severity to security violation that affairs cause, with real-time factor of influence---the checking affairs of dying young cause to the real-time sex order of severity, be to block or die young the checking affairs with decision; Wherein, the user is according to different application different to security and real-time demand, by the Security Violation factor and the adjustment of factor of influence weights in real time better being adapted to the demand of different application.

The concrete operations that above-mentioned safety is mixed optimistic real-time concurrency control protocol (SHORTCC) the contents are as follows:

1) at first provide the definition that readset conflicts:

---definition 15, suppose OPST _iBe an optimistic subtransaction, its corresponding basic affairs are BT _iROS is OPST _iAnd BT _iThe set of read operation; RDS _oAnd RDS _bRepresent OPST respectively _iAnd BT _iThe set of institute's read data object; RD _o(r) and RD _b(r) represent OPST respectively _iAnd BT _iThe data object read of read operation r; If one of following condition is set up, then claim to detect the readset conflict:

(1)RDS _o≠RDS _b

(2)(r∈ROS)∧(V _o(RD _o(r))≈V _b(RD _b(r)))

Here, V _o(RD _o(r)) expression OPST _iThe data object RD that middle read operation r is read _o(r) value; V _b(RD _b(r)) expression BT _iThe data object RD that middle read operation r is read _b(r) value;

2) in the optimistic execute phase, all subtransactions of moving distributing Real-time Transaction (MDRTT) are gone up optimistic the execution at respective fixation database server (FDS); In case enter the checking presentation stage, fixed data storehouse server (FDS) carries out consistency checking and security inspection for corresponding optimistic subtransaction triggers basic affairs, and wherein basic affairs and corresponding optimistic subtransaction have identical operations sequence and access data object set;

3) in the checking presentation stage, the concurrent control mechanism based on lock is adopted in the execution of basic affairs, has wherein designed three kinds of lock types: read lock (R lock), write lock (X lock) and similar lock (S lock);

When basic affairs are carried out read operation or write operation on certain data object D, it at first applies for the read lock (R lock) on the D or writes lock (X lock) that if concurrent control manager does not detect operating collision, it is authorized these base affairs and locks accordingly; If detect operating collision, it judges whether conflict operation is similar operations, if similar, then authorizes corresponding similar lock (S lock).

4) introduced security inspection in the checking presentation stage, promptly, when the possibility that exists security violation, then by block relatively that the checking affairs cause to the order of severity of security violation and the checking affairs of dying young cause to the real-time sex order of severity, be to block or die young the checking affairs with decision.

Advantage of the present invention and good effect: compared with prior art, the present invention has the following advantages:

(1) by introducing the similarity notion, proposes similar serializability standard, traditional conflict serializability standard has been loosened, improved the concurrency of affairs.

(2) defined the Security Violation factor (order of severity to security violation that the checking affairs cause is blocked in portrayal quantitatively) and in real time factor of influence (quantitatively portrayal die young verify that affairs cause to the real-time sex order of severity).

(3) combine optimistic concurrent control strategy and high priority two-phase lock (HPA-2PL) agreement of dying young, a kind of compromise mechanism is provided, allow the user concurrent control strategy be adjusted, to adapt to demands of applications better according to different the stressing that specifically is applied in real-time and the security.

Compared with prior art, effect of the present invention:

The performance test results shows that the concurrency control protocol that we propose still can guarantee the good real-time energy when guaranteeing security.

[description of drawings]:

Fig. 1 is SHORTCC and the comparative result synoptic diagram of Real-time and Concurrent control protocol DHP2PL on LCTMDR.Wherein, the implication of LCTMDR provides in embodiment 2;

Fig. 2 is SHORTCC and the comparative result synoptic diagram of Real-time and Concurrent control protocol DHP2PL on HCTMDR.Wherein, the implication of HCTMDR provides in embodiment 2;

Fig. 3 is SHORTCC and the comparative result synoptic diagram of Real-time and Concurrent control protocol DHP2PL on NLCB.Wherein, the implication of NLCB provides in embodiment 2.

[embodiment]:

Embodiment 1

A kind of real-time security concurrency control protocol of suitable moving distributing real-time data base, this protocol contents comprises:

1) real-time security concurrency control protocol provided by the invention combines optimistic concurrent control strategy and high priority two-phase lock (HPA-2PL) agreement of dying young---and be called safety and mix optimistic real-time concurrency control protocol (SHORTCC), this agreement is divided into the optimistic execute phase with the execution of moving distributing Real-time Transaction and based on the die young checking presentation stage of two-phase lock of high priority;

2) by the similarity notion, provided similar serializability standard, traditional conflict serializability standard has been loosened, to improve the concurrency of affairs;

3) verifying presentation stage except that the similar serializability of guaranteeing the concurrent transaction scheduling, introduced security inspection: promptly, when the possibility that exists security violation, then by relatively the Security Violation factor---obstruction is verified the order of severity to security violation that affairs cause, with real-time factor of influence---the checking affairs of dying young cause to the real-time sex order of severity, be to block or die young the checking affairs with decision; Wherein, the user is according to different application different to security and real-time demand, by the Security Violation factor and the adjustment of factor of influence weights in real time better being adapted to the demand of different application.

Above-mentioned SHORTCC agreement 3) the Security Violation factor described in and real-time factor of influence are defined as follows:

Wherein, the symbol implication that relates to give a definition is the permission level of CL (T) expression affairs T; The priority of P (T) expression affairs T; Op _iThe reading and writing operation of expression affairs; OP _nCF Op _mExpression Op _nAnd Op _mIt is a pair of conflict operation; ST represents the affairs set of the system that enters;

---definition 1, suppose T _i, T _j∈ ST is if following condition is set up: ( OP _n∈ T _i) ∧ ( OP _m∈ T _j) ∧ (OP _nCFOp _m)

Then claim T _iAnd T _jBe a pair of conflict transaction, be designated as: T _iCF T _j

---definition 2, suppose T _i∈ ST, ST ₁ ST, if following condition satisfies:

T _j∈ST ₁(T _i?CF?T _j)

Then claim ST ₁Be affairs T _iConflict set, be designated as: CS (T _i);

---definition 3, suppose T _i∈ ST, ST ₂ ST, if following condition is set up:

(T _j∈ST ₂(T _i?CF?T _j))∧(T _j∈(ST-ST ₂)((T _i?CF?T _j)))

Then claim ST ₂Be affairs T _iThe maximum collision collection, be designated as: MCS (T _i);

---definition 4, definition | f (CL (T _i))-f (CL (T _j) | be affairs T _iAnd T _jPermission level diversity factor, be designated as: CDD (T _i, T _j); Here, f represents the mapping of the set of different permission levels to the nature manifold;

---definition 5, definition | P (T _i)-P (T _j) | be affairs T _iAnd T _jThe priority diversity factor, be designated as: PDD (T _i, T _j);

---definition 6, suppose T _i∈ ST, MCS1 (T _i)  MCS (T _i), if there is following condition to set up:

(T _j∈MCS1(T _i)(CL(T _j＞CL(T _i)))∧(T _j∈(MCS(T _i)-MCS1(T _i))(CL(T _j)≤CL(T _i)))

Then claim MCS1 (T _i) be affairs T _iA height permission level maximum collision collection, be designated as: HCMCS (T _i);

---definition 7, suppose T _i∈ ST, MCS2 (T _i)  MCS (T _i), if there is following condition to set up:

(T _j∈MCS2(T _i)(P(T _j)＜P(T _i)))∧(T _j∈(MCS(T _i)-MCS2(T _i))(P(T _j)≥P(T _i)))

Then claim MCS2 (T _i) be affairs T _iLow priority maximum collision collection, be designated as: LPMCS (T _i).

---definition 8, definition $\underset{\mathrm{Tj}\∈\mathrm{HCMCS}\left(\mathrm{Ti}\right)}{\mathrm{\Σ}}\left(\right|f\left(\mathrm{CL}\left(T_i\right)\right)-f\left(\mathrm{CL}\left(T_j\right)\right)\left|\right)$ Be affairs T _iWith respect to HCMCS (T _i) the Security Violation factor, be designated as: SVF (T _i, HCMCS (T _i));

SVF (T _i, HCMCS (T _i)) reflected obstruction T _iThe concealed channel that may cause (the running counter to security) order of severity;

---definition 9, definition $\underset{\mathrm{Tj}\∈\mathrm{LPMCS}\left(\mathrm{Ti}\right)}{\mathrm{\Σ}}\left(\right|P\left(T_i\right)-P\left(T_j\right)\left|\right)$ Be affairs T _iWith respect to LPMCS (T _i) real-time factor of influence, be designated as: RTIF (T _i, LPMCS (T _i));

RTIF (T _i, LPMCS (T _i)) reflected the T that dies young _iThe order of severity to the real-time performance influence that may cause.

Above-mentioned SHORTCC agreement 2) similarity described in is defined as follows:

---definition 10, for two the value V of data object D in the database ₁(D) and V ₂(D), if following condition satisfies:

|g(V ₁(D))-g(V ₂(D))|≤σ

Two value V that then claim data object D ₁(D) and V ₂(D) be that data are similar, be designated as: V ₁(D) ≈ V ₂(D); In the definition, g represents from the scope territory of D to the mapping of set of real numbers above; σ is predetermined threshold value, and its value is decided according to application semantics;

---definition 11, suppose T _i, T _j∈ ST, Op _i∈ T _i, Op _j∈ T _jAnd Op _iAnd Op _jAct on the same data object D, if following condition satisfies:

V(Op _i，D)≈V(OP _j，D)

Then claim Op _iAnd Op _jBe that operation is similar, be designated as: Op _i≈ Op _jIn defining above, V (Op _i, D) and V (Op _j, D) represent Op respectively _iAnd Op _jAct on the value on the D;

---definition 12 supposition T ₁, T ₂..., T _n∈ ST, Op ₁∈ T ₁, Op ₂∈ T ₂..., Op _n∈ T _nAnd Op ₁, Op ₂..., Op _nAct on the same data object D, if following condition satisfies:

V(Op _i，D)，V(Op _j，D)∈{V(Op ₁，D)，V(Op ₂，D)，…，V(Op _n，D)}，|g(V(Op _i，D))

-g(V(Op _j，D))|≤σ

Then claim operation set { Op ₁, Op ₂..., Op _nFor operating similar collection;

---definition 13 supposition SD _iAnd SD _jRepresent database respectively at difference two states constantly, D represents arbitrary data object of database, if following condition satisfies:

V _i(D)∈SD _i，V _j(D)∈SD _j(V _i(D)≈V _j(D))

Then claim SD _iAnd SD _jSimilar, be designated as: SD _i≈ SD _j

---definition 14 supposition Sch _aBe affairs collection { T ₁, T ₂..., T _nA scheduling, SD _aBe Sch _aA state of the database that produces, if following condition satisfies:

Sch _b(SD _a≈SD _b)

Then claim scheduling Sch _aBe similar serializable; Here, Sch _bRepresent a serialized scheduling; SD _bExpression Sch _bThe database positioning that produces.

Above-mentioned SHORTCC agreement 1) concrete operations that the safety described in is mixed optimistic real-time concurrency control protocol (SHORTCC) the contents are as follows:

1) at first provide the definition that readset conflicts:

---definition 15, suppose OPST _iBe an optimistic subtransaction, its corresponding basic affairs are BT _iROS is OPST _iAnd BT _iThe set of read operation; RDS _oAnd RDS _bRepresent OPST respectively _iAnd BT _iThe set of institute's read data object; RD _o(r) and RD _b(r) represent OPST respectively _iAnd BT _iThe data object read of read operation r; If one of following condition is set up, then claim to detect the readset conflict:

(1)RDS _o≠RDS _b

(2)(r∈ROS)∧(V _o(RD _o(r))≈V _b(RD _b(r)))

Here, V _o(RD _o(r)) expression OPST _iThe data object RD that middle read operation r is read _o(r) value; V _b(RD _b(r)) expression BT _iThe data object RD that middle read operation r is read _b(r) value;

2) in the optimistic execute phase, all subtransactions of moving distributing Real-time Transaction (MDRTT) are gone up optimistic the execution at respective fixation database server (FDS); In case enter the checking presentation stage, fixed data storehouse server (FDS) carries out consistency checking and security inspection for corresponding optimistic subtransaction triggers basic affairs, and wherein basic affairs and corresponding optimistic subtransaction have identical operations sequence and access data object set;

3) in the checking presentation stage, the concurrent control mechanism based on lock is adopted in the execution of basic affairs, has wherein designed three kinds of lock types: read lock (R lock), write lock (X lock) and similar lock (S lock); Its compatibility matrix is as shown in table 1:

Table 1. lock compatibility matrix

When basic affairs are carried out read operation or write operation on certain data object D, it at first applies for the read lock (R lock) on the D or writes lock (X lock) that if concurrent control manager does not detect operating collision, it is authorized these base affairs and locks accordingly; If detect operating collision, it judges whether conflict operation is similar operations, if similar, then authorizes corresponding similar lock (S lock).

The specific operation process of checking presentation stage is as follows in the above-mentioned SHORTCC agreement:

If BTS represents a certain fixed data storehouse server (FDS) and goes up the set of basic affairs, T _i∈ BTS, MCS (T _i)={ T _{I, 1}, T _{I, 2}..., T _{I, m}; Suppose T _iThe lock on requested data object D just, T _{I, k}(k=1,2 ..., m) held lock on the D; Op (T _i) expression T _iThe operation that application is locked to D, Op (T _{I, k}) expression T _{I, k}Hold the operation that D locks; PCS (Op (T _i)) expression and Op (T _i) operation set of conflict, i.e. PCS (Op (T _i))={ Op (T _{I, l}), Op (T _{I, 2}) ..., Op (T _{I, m}); Safety is mixed optimistic real-time concurrency control protocol (SHORTCC) and can be described below:

IF(P(T _i)＞max(P(T _i，k)))//k＝1，2，…，m

{IF(Op(T _i，k)∈PCS(T _i)(Op(T _i，k)≈Op(T _i)))

T _iObtain the S lock that it is asked;

ELSE

T _iObtain corresponding R lock or X lock, T _{I, k}Died young, if T _{I, k}Be the basic affairs of certain MDRTT, the message of dying young

Be sent to the coordinator of this MDRTT, the coordinator is termination or restarts this according to the off period decision of MDRTT

MDRTT；

}

ELSE

{IF(Op(T _i，k)∈PCS(T _i)(Op(T _i，k)≈Op(T _i)))

T _iObtain the S lock that it is asked;

ELSE

{IF(ω×SVF(T _i，HCMCS(T _i))＞(1-ω)×RTIF(T _i，LPMCS(T _i))

T dies young _iAnd send the message of dying young to corresponding coordinator;

ELSE

Block T _i

}

}

In the superincumbent description, ω and (1-ω) represent the degree of security and real-time shared importance in system respectively.

Embodiment 2

SHORTCC and Real-time and Concurrent control protocol DHP2PL (distributed high priority two-phase lock) agreement are compared.Main performance index have: TMDR (affairs are missed the ratio of off period) and NLCB (number that unit interval low permission level affairs are blocked by height permission level affairs).TMDR is defined as follows: TMDR=(missing the number of off period affairs)/(entering the total number of the affairs of system).TMDR has reflected the system real time energy, and NLCB then is used for weighing the order of severity of violating security.The permission level of supposing affairs is divided into six grades, and from 1 to 6 permission level raises successively.We represent to have high permission level (the permission level is not less than 4) affairs with HCTMDR and miss the ratio of off period; LCTMDR represents to have low permission level (the permission level is less than 4) affairs and misses the ratio of off period.Result such as Fig. 1, Fig. 2, shown in Figure 3, as can be seen when guaranteeing security, SHORTCC still has good real-time performance from accompanying drawing.

Claims (5)

1, a kind of real-time security concurrency control protocol of suitable moving distributing real-time data base is characterized in that this protocol contents comprises:

1) real-time security concurrency control protocol provided by the invention combines optimistic concurrent control strategy and high priority two-phase lock (HPA-2PL) agreement of dying young---and be called safety and mix optimistic real-time concurrency control protocol (SHORTCC), this agreement is divided into the optimistic execute phase with the execution of moving distributing Real-time Transaction and based on the die young checking presentation stage of two-phase lock of high priority;

2) by the similarity notion, provided similar serializability standard, traditional conflict serializability standard has been loosened, to improve the concurrency of affairs;

3) verifying presentation stage except that the similar serializability of guaranteeing the concurrent transaction scheduling, introduced security inspection: promptly, when the possibility that exists security violation, then by relatively the Security Violation factor---obstruction is verified the order of severity to security violation that affairs cause, with real-time factor of influence---the checking affairs of dying young cause to the real-time sex order of severity, be to block or die young the checking affairs with decision; Wherein, the user is according to different application different to security and real-time demand, by the Security Violation factor and the adjustment of factor of influence weights in real time better being adapted to the demand of different application.

2, real-time security concurrency control protocol---the method for suitable moving distributing real-time data base according to claim 1 is characterized in that 3) described in the Security Violation factor and in real time factor of influence be defined as follows:

Wherein, the symbol implication that relates to give a definition is the permission level of CL (T) expression affairs T; The priority of P (T) expression affairs T; Op _iThe reading and writing operation of expression affairs; Op _nCF Op _mExpression Op _nAnd Op _mIt is a pair of conflict operation; ST represents the affairs set of the system that enters;

---definition 1, suppose T _i, T _j∈ ST is if following condition is set up: ( Op _n∈ T _i) ∧ ( Op _m∈ T _j) ∧ (Op _nCF Op _m)

Then claim T _iAnd T _jBe a pair of conflict transaction, be designated as: T _iCF T _j

---definition 2, suppose T _i∈ ST, ST ₁ ST, if following condition satisfies:

T _j∈ST ₁(T _i?CF?T _j)

Then claim ST ₁Be affairs T _iConflict set, be designated as: CS (T _i);

---definition 3, suppose T _i∈ ST, ST ₂ ST, if following condition is set up:

(T _j∈ST ₂(T _i?CF?T _j))∧(?T _j∈(ST-ST ₂)(﹁(T _i?CF?T _j)))

Then claim ST ₂Be affairs T _iThe maximum collision collection, be designated as: MCS (T _i);

---definition 4, definition | f (CL (T _i))-f (CL (T _j)) | be affairs T _iAnd T _jPermission level diversity factor, be designated as: CDD (T _i, T _j); Here, f represents the mapping of the set of different permission levels to the nature manifold;

---definition 5, definition | P (T _i)-P (T _j) | be affairs T _iAnd T _jThe priority diversity factor, be designated as: PDD (T _I, T _j);

---definition 6, suppose T _i∈ ST, MCS1 (T _i)  MCS (T _i), if there is following condition to set up:

(T _j∈MCS1(T _i)(CL(T _j)＞CL(T _i)))∧(T _j∈(MCS(T _i)-MCS1(T _i))(CL(T _j)≤CL(T _i)))

Then claim MCS1 (T _i) be affairs T _iA height permission level maximum collision collection, be designated as: HCMCS (T _i);

---definition 7, suppose T _i∈ ST, MCS2 (T _i)  MCS (T _i), if there is following condition to set up:

(T _j∈MCS2(T _i)(P(T _j)＜P(T _i)))∧(T _j∈(MCS(T _i)-MCS2(T _i))(P(T _j)≥P(T _i)))

Then claim MCS2 (T _i) be affairs T _iLow priority maximum collision collection, be designated as: LPMCS (T _i).

---definition 8, definition $\underset{\mathrm{Tj}\∈\mathrm{HCMCS}\left(\mathrm{Ti}\right)}{\mathrm{\Σ}}\left(\right|f\left(\mathrm{CL}\left(T_i\right)\right)-f\left(\mathrm{CL}\left(T_j\right)\right)\left|\right)$ Be affairs T _iWith respect to HCMCS (T _i) the Security Violation factor, be designated as: SVF (T _i, HCMCS (T _i));

SVF (T _i, HCMCS (T _i)) reflected obstruction T _iThe concealed channel that may cause (the running counter to security) order of severity;

---definition 9, definition $\underset{\mathrm{Tj}\∈\mathrm{LPMCS}\left(\mathrm{Ti}\right)}{\mathrm{\Σ}}\left(\right|P\left(T_i\right)-P\left(T_j\right)\left|\right)$ Be affairs T _iWith respect to LPMCS (T _i) real-time factor of influence, be designated as: RTIF (T _i, LPMCS (T _i));

RTIF (T _i, LPMCS (T _i)) reflected the T that dies young _iThe order of severity to the real-time performance influence that may cause.

3, real-time security concurrency control protocol---the method for suitable moving distributing real-time data base according to claim 1 is characterized in that 2) described in similarity be defined as follows:

---definition 10, for two the value V of data object D in the database ₁(D) and V ₂(D), if following condition satisfies:

|g(V ₁(D))-g(V ₂(D))|≤σ

Two value V that then claim data object D ₁(D) and V ₂(D) be that data are similar, be designated as: V ₁(D) ≈ V ₂(D); In the definition, g represents from the scope territory of D to the mapping of set of real numbers above; σ is predetermined threshold value, and its value is decided according to application semantics;

---definition 11, suppose T _i, T _j∈ ST, Op _i∈ T _i, Op _j∈ T _jAnd Op _iAnd Op _jAct on the same data object D, if following condition satisfies:

V(Op _i，D)≈V(Op _j，D)

Then claim Op _iAnd Op _jBe that operation is similar, be designated as: Op _i≈ Op _jIn defining above, V (Op _i, D) and V (Op _j, D) represent Op respectively _iAnd Op _jAct on the value on the D;

---definition 12 supposition T ₁, T ₂..., T _n∈ ST, Op ₁∈ T ₁, Op ₂∈ T ₂..., Op _n∈ T _nAnd Op ₁, Op ₂..., Op _nAct on the same data object D, if following condition satisfies:

V(Op _i，D)，V(Op _j，D)∈{V(Op ₁，D)，V(Op ₂，D)，…，V(Op _n，D)}，|g(V(Op _i，

D))-g(V(Op _j，D))|≤σ

Then claim operation set { Op ₁, Op ₂..., Op _nFor operating similar collection;

---definition 13 supposition SD _iAnd SD _jRepresent database respectively at difference two states constantly, D represents arbitrary data object of database, if following condition satisfies:

V _i(D)∈SD _i，V _j(D)∈SD _j(V _i(D)≈V _j(D))

Then claim SD _iAnd SD _jSimilar, be designated as: SD _i≈ SD _j

---definition 14 supposition Sch _aBe affairs collection { T ₁, T ₂..., T _nA scheduling, SD _aBe Sch _aA state of the database that produces, if following condition satisfies:

Sch _b(SD _a≈SD _b)

Then claim scheduling Sch _aBe similar serializable; Here, Sch _bRepresent a serialized scheduling; SD _bExpression Sch _bThe database positioning that produces.

4, real-time security concurrency control protocol---the method for suitable moving distributing real-time data base according to claim 1 is characterized in that 1) described in the safety concrete operations that mix optimistic real-time concurrency control protocol (SHORTCC) the contents are as follows:

1) at first provide the definition that readset conflicts:

---definition 15, suppose OPST _iBe an optimistic subtransaction, its corresponding basic affairs are BT _iROS is OPST _iAnd BT _iThe set of read operation; RDS _oAnd RDS _bRepresent OPST respectively _iAnd BT _iThe set of institute's read data object; RD _o(r) and RD _b(r) represent OPST respectively _iAnd BT _iThe data object read of read operation r; If one of following condition is set up, then claim to detect the readset conflict:

(1)RDS _o≠RDS _b

(2)(r∈ROS)∧﹁(V _o(R(D _o(r))≈V _b(RD _b(r)))

Here, V _o(RD _o(r)) expression OPST _iThe data object RD that middle read operation r is read _o(r) value; V _b(RD _b(r)) expression BT _iThe data object RD that middle read operation r is read _b(r) value;

2) in the optimistic execute phase, all subtransactions of moving distributing Real-time Transaction (MDRTT) are gone up optimistic the execution at respective fixation database server (FDS); In case enter the checking presentation stage, fixed data storehouse server (FDS) carries out consistency checking and security inspection for corresponding optimistic subtransaction triggers basic affairs, and wherein basic affairs and corresponding optimistic subtransaction have identical operations sequence and access data object set;

3) in the checking presentation stage, the concurrent control mechanism based on lock is adopted in the execution of basic affairs, has wherein designed three kinds of lock types: read lock (R lock), write lock (X lock) and similar lock (S lock);

When basic affairs are carried out read operation or write operation on certain data object D, it at first applies for the read lock (R lock) on the D or writes lock (X lock) that if concurrent control manager does not detect operating collision, it is authorized these base affairs and locks accordingly; If detect operating collision, it judges whether conflict operation is similar operations, if similar, then authorizes corresponding similar lock (S lock).

5, real-time security concurrency control protocol---the method for suitable moving distributing real-time data base according to claim 4 is characterized in that verifying that the specific operation process of presentation stage is as follows:

If BTS represents a certain fixed data storehouse server (FDS) and goes up the set of basic affairs, T _i∈ BTS, MCS (T _i)={ T _{I, 1}, T _{I, 2}..., T _{I, m}; Suppose T _iThe lock on requested data object D just, T _{I, k}(k=1,2 ..., m) held lock on the D; Op (T _i) expression T _iThe operation that application is locked to D, Op (T _{I, k}) expression T _{I, k}Hold the operation that D locks; PCS (Op (T _i)) expression and Op (T _i) operation set of conflict, i.e. PCS (Op (T _i))={ Op (T _{I, 1}), Op (T _{I, 2}) ..., Op (T _{I, m}); Safety is mixed optimistic real-time concurrency control protocol (SHORTCC) and can be described below:

IF(P(T _i)＞max(P(T _i，k)))//k＝1，2，…，m

{IF(Op(T _i，k)∈PCS(T _i)(Op(T _i，k)≈Op(T _i)))

T _iObtain the S lock that it is asked;

ELSE

T _iObtain corresponding R lock or X lock, T _{I, k}Died young, if

T _{I, k}Be the basic affairs of certain MDRTT, the message of dying young is sent out

Give the coordinator of this MDRTT, the coordinator is according to MDRTT

Off period decision be to stop or restart this MDRTT;

}

ELSE

{IF(Op(T _i，k)∈PCS(T _i)(Op(T _i，k)≈Op(T _i)))

T _iObtain the S lock that it is asked;

ELSE

{IF(ω×SVF(T _i，HCMCS(T _i))＞(1-ω)×RTIF(T _i，LPMCS(T _i)))

T dies young _iAnd send the message of dying young to corresponding coordinator;

ELSE

Block T _i

}

}

In the superincumbent description, ω and (1-ω) represent the degree of security and real-time shared importance in system respectively.

Images