Role-based Concurrency Control in a Subject- and Purpose-Oriented (SPO) View

Abstract

In information systems, processes have to be scheduled to share a limited amount of resource objects like memory and CPU with other processes. In database systems, conflicting access requests from multiple transactions have to be serialized. There are various ways to order multiple conflicting access requests like FIFO and timestamp ordering (TO) schemes. For example, an object is exclusively used by each transaction in locking protocols. In scheduling algorithms, highly prioritized processes are performed before lower ones. Thus, it is critical to discuss which access request should be performed before another. In this paper, we postulate that an access request issued by a more significant subject for a more significant purpose should be performed prior to less significant access requests. In the role-based access control model, a role is a set of access rights, which shows a job function in an enterprise. A subject is first granted a role from another subject. Only a subject granted a role can issue an access request in the role. In this paper, the significancy of subject and purpose is defined in terms of roles and authorization relations. Here, there are two views, subject-oriented (SO) and purpose-oriented (PO) views to order transactions. A method issued by a subject with more significant roles should be performed before another conflicting method issued by a less significant subject in the SO view. A transaction issued by a subject is associated with a subset of roles granted to the subject, which is named purpose. A method with a more significant purpose should be performed before another method in the PO view. In this paper, we discuss how to combine the SO and PO views into a unique SPO view to order conflicting access requests.