Costich, O. and S. Jajodia, "Maintaining Multilevel Transaction 
 Atomicity in MLS Database Systems with Kernelized Architecture",  
 in Database Security VI: Status and Prospects, eds.  B. Thuraisingham 
 and C. Landwehr, North-Holland, 1993, pp. 249-266.
 <a href="1993costich-ds6.ps">
  PostScript</a>

<blockquote>
In most models of trusted database systems, transactions are considered
to be single-level subjects.  As a consequence, users are denied the
ability to execute some transactions that can be run on conventional
(untrusted) database systems, namely those that perform functions that
become inherently multilevel in the MLS environment.  This paper
introduces a notion of multilevel transaction and proceeds to an
algorithm for their concurrent execution.  The algorithm is proven to
be correct in the sense that resulting schedule for executing the
multilevel transactions is one-copy serializable.
</blockquote>