Visible to the public Safe Serializable Secure Scheduling: Transactions and the Trade-Off Between Security and Consistency

TitleSafe Serializable Secure Scheduling: Transactions and the Trade-Off Between Security and Consistency
Publication TypeConference Paper
Year of Publication2016
AuthorsSheff, Isaac, Magrino, Tom, Liu, Jed, Myers, Andrew C., van Renesse, Robbert
Conference NameProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4139-4
Keywordschannel coding, Collaboration, consistency, Distributed Systems, human factors, information flow, language-based security, Metrics, pubcrawl, Resiliency, safe coding standards, security, serializability, transactions
Abstract

Modern applications often operate on data in multiple administrative domains. In this federated setting, participants may not fully trust each other. These distributed applications use transactions as a core mechanism for ensuring reliability and consistency with persistent data. However, the coordination mechanisms needed for transactions can both leak confidential information and allow unauthorized influence. By implementing a simple attack, we show these side channels can be exploited. However, our focus is on preventing such attacks. We explore secure scheduling of atomic, serializable transactions in a federated setting. While we prove that no protocol can guarantee security and liveness in all settings, we establish conditions for sets of transactions that can safely complete under secure scheduling. Based on these conditions, we introduce \textbackslashti\staged commit\, a secure scheduling protocol for federated transactions. This protocol avoids insecure information channels by dividing transactions into distinct stages. We implement a compiler that statically checks code to ensure it meets our conditions, and a system that schedules these transactions using the staged commit protocol. Experiments on this implementation demonstrate that realistic federated transactions can be scheduled securely, atomically, and efficiently.

URLhttp://doi.acm.org/10.1145/2976749.2978415
DOI10.1145/2976749.2978415
Citation Keysheff_safe_2016