Project Summary

The proposed research is concerned with developing a model for secure and survivable, yet flexible, transaction processing. Special emphasis will be on the integrity and availability issues of transactions, although confidentiality issues will not be ignored. The outcome of this research will be a flexible framework for transaction processing, based on a tool-kit approach. The framework assists the developer in designing secure, complex applications that can survive malicious attacks and other system failures. The model allows the developer to

The proposed research effort is structured into the following {\em research activities}.

  1. Investigate how the different types of data and control-flow dependencies in extended transaction models impact secure transaction processing with respect to integrity and availability.
  2. Investigate how the different types of control-flow, data and external dependencies interact with each other to affect security.
  3. Formalize the notion of a {\em well-behaved} transaction. Informally, a well-behaved transaction is one that survives and/or gracefully degrades under attack.
  4. Develop the Secure Multiform Transaction model as tool-kit approach to implementing well-behaved transactions.
  5. Propose a set of transaction primitives to express resistance, recognition and recovery procedures within a secure multiform transaction.
  6. Develop a proof-of-concept prototype for the Secure Multiform Transaction model from COTS components.

The proposed research advances the current state-of-the-art in secure transaction processing. This research is significant because it will produce results that can be used to develop complex yet secure and easily deployable transactions. Such transactions find application in a variety of different areas -- communications, finance, electronic commerce, manufacturing, process control and office automation, to name a few. These applications are characterized by their need for complex coordination among different components and (often) long duration -- two properties that impose substantial integrity, availability and confidentiality requirements that are yet to be addressed by the research community.