Database security technology of the hottest hetero

2022-09-30
  • Detail

Database security technology of heterogeneous platforms

the security of heterogeneous databases includes: confidentiality, integrity and availability, heterogeneity of databases at three levels, client/server communication across different hardware and software platforms through an open network environment, and database security issues become more complex in heterogeneous environments

security policy

the security of heterogeneous databases includes: confidentiality, integrity and availability, heterogeneity of databases at three levels, client/server communication across different hardware and software platforms through an open network environment, and database security issues become more complex in heterogeneous environments. Moreover, the system in heterogeneous environment is scalable, which can manage the distributed or federated database environment. Each node server can also implement the centralized safety plastic granulator autonomously. The pollution to the environment is also quite serious. Full management and access control, and the security management of users, rules, and objects created by itself. For example, the DBA or security administrator implements the security policies of the Department, the region, or the whole, and authorizes specific administrators to manage each group of applications, users, rules, and databases. Therefore, access control and security management are particularly important. The database security strategies in heterogeneous environments include:

global authentication

On the other hand,

global access control to support all kinds of local access control (autonomous and mandatory access control)

global integrity control

network security management, including network information encryption, network intrusion protection and detection

audit technology

database and application system security, such as automatic application system integration, object management, etc. Developers can define the security of each object. According to the defined database security, DBA can quickly and accurately authorize and reclaim permissions for all database objects through the application system

complex password management technology

complex password management technology. Including password synchronization of multiple transactions in the database; Password synchronization between heterogeneous databases, such as Oracle and UNIX passwords; User's initial password update; Forced password update; Password availability, time limit of password, history management of password, password level setting, etc

password security vulnerability check and system termination. It includes checking the number of login failures before system termination, the time interval between login success and login failure before system termination, and tracking the site address that attempts to log in

password encryption and audit technology. It includes discovering password vulnerabilities, recording password history, recording access to tables, rows and columns, and recording access to application systems

security agent model

heterogeneous database is a set of interconnected servers that provide services for users. Therefore, global access control (GAC) should be provided, and the original security policy should be described heterogeneous again. Provide federated access tables to provide services for users to access and update data information (including security information) existing in different databases. This table specifies the operations allowed for an entity object for each user in the Federation. It is created by the security information stored in a database. Since the collection of entity objects may be stored in many databases, specific rules and procedures should be provided to convert the security information into global information

using a variety of agents, the security structure of global access control (GAC) is divided into three layers: coordination layer, task layer and database layer. Each layer has a specific agent to enforce some federal security policies. The task of the coordination layer is completed by the agent of the system administrator, who is responsible for managing the entire environment and assigning permissions to other agents called task agents. Task agents control access to the entire federated database by assigning permissions to database agents to access a single database. For example, the task of ensuring the integrity assigned by the system administrator of the whole inspection of plastic pipes for construction, municipal engineering and home decoration such as polyvinyl chloride (PVC) is completed by the integrity administrator, and the database functions (such as obtaining user information) are completed by users and data agents

the top level agent is called the principal agent. It determines the type of tasks performed in the Federation. Agents at this level care about all activities that are happening or taking place in the Federation. In order to know "who is doing what", the information of different agents is stored in a specific directory. Based on this information, the top-level agent delegates tasks to the appropriate agent

middle level agents are called security agents. Specific tasks (such as maintaining global integrity) are completed by the security agent. Its visible range in the Federation is narrower than that of the top-level agent, and the completed tasks are more specific. The security agent can only see other agents that complete the same task as it

bottom level agents are called data agents. It is composed of agents designated by higher-level agents to complete the task of visiting and updating letters. A few years ago, the Middle East region could import a part of ethane interest. These agents are interfaces between shared databases and top-level and middle-level agents. For example, user agents record all information of a user, such as his/her identity, different access rights to different objects, etc

dm3 security technology

dm3 security architecture

the architecture of trusted database management system is divided into two types. The first type is TCB subset DBMS structure, which uses trusted computing base (TCB) other than DBMS to realize mandatory access control of database objects. At this time, multi-level relationships are decomposed into single level or system level fragments, Multilevel security DBMS stores these fragments in physically separated single-level objects (such as files, segments or physically separated hardware devices), and then enforces mandatory access control on the access of these separated single-level or system level objects. The second type is the trusted agent DBMS, which implements some or all of the mandatory access control by the DBMS itself

dm3 adopts the trusted agent DBMS architecture, and the database management system realizes the function of mandatory access control. It requires the operating system to provide control, prevent the direct access to the database by bypassing the DBMS, and store the conceptual multi-level database in one or more operating system objects (such as files). Each database object is marked by the multi-level security DBMS. These database objects are invisible to the operating system, and the operating system cannot directly access the database objects. The multi-level security DBMS has the privilege of operating across the security level range of the operating system

the security mechanism of separation of powers

dm3 is different from other database management systems in terms of security management system. The vast majority of database management systems use the database administrator DBA to be responsible for all the management work of the system (including security management). Obviously, this management mechanism makes the power of DBA too centralized, and there are security risks. DM3 adopts the security management system of separation of powers in terms of security management, and divides system administrators into three categories: database administrator DBA, database security administrator sso, and database auditor auditor. DBA is responsible for independent access control and system maintenance and management, SSO is responsible for mandatory access control, and auditor is responsible for system audit. This kind of management system truly achieves the separation of powers, each has its own responsibilities, restricts each other, and reliably ensures the security of the database

autonomous access and mandatory access control

autonomous access control is to control the operation permission of the subject (user) to access the object (database object), and the purpose is to ensure that the user can only access the data he has the right to access. When the user has some operation permissions on the database object and the corresponding delegation, he can freely delegate some or all of these operation permissions to other users, Thus, other users can also obtain permission on these database objects. DM3 system implements independent access control according to the user's authority. Three factors should be considered when specifying user permissions: users, data objects, and operations. All user permissions should be recorded in the system table (data dictionary). The definition of user access permission is called authorization. When the user makes an operation request, DM3 checks according to the authorization to decide whether to execute the operation or refuse to execute, so as to ensure that the user can save and access the data he has the right to access

the so-called mandatory access control is to specify the security level for the subject (user) and object (data object), and determine whether a subject is allowed to access an object according to the security level matching rules. The DM3 system implements mandatory access control according to the user's operation request, security level and object security level to ensure that users can only access data matching their security level. Mandatory access control must define the security levels of subjects and objects in advance, and the security levels of all subjects and objects must be recorded in the system. When the user makes an operation request, DM3 first checks whether the user has the corresponding operation permission for the operated data object, and then checks whether the user's operation request and security level match the security level of the operated data object. When both conditions are met, DM3 executes the user's operation request, otherwise it refuses to execute

hidden channel analysis technology

although autonomous and mandatory access control restrict the flow of information in the system from low security level subjects to high security level subjects, low security level subjects can still send information to high security level subjects through other ways, and hidden channel is one of them

hidden channel is a mechanism that one user of the system transmits information to another user in a way that violates the system security policy. It often transmits information through system resources that are not originally used for data transmission, and this communication method is often not detected and controlled by the access control mechanism of the system. Hidden channel includes storage hidden channel and timing hidden channel. The sender and receiver of the hidden channel agree on a certain coding method in advance, and use the system to operate normally. If the sender of the hidden channel directly or indirectly modifies the resource attribute, and another subject (receiver) directly or indirectly reads the change of this attribute, this hidden channel is the storage hidden channel. If a hidden channel is an agent, and the actual response time of the other agent is affected by adjusting the use time of system resources (such as CPU), so as to send information to the other agent, this hidden channel is a timed hidden channel. Although users with high security level may use the hidden channel to transmit information to users with low security level, the main potential threat of the hidden channel is that it may be used by Trojans

according to the requirements of the trusted computer system evaluation standard (TCSEC) of the United States, the hidden channel analysis must be carried out for systems with B2 security level and above, and the bandwidth of the hidden channel must be estimated, and the processing of the hidden channel (tolerance, elimination or audit) must be determined according to the bandwidth. According to this requirement, we analyze the hidden channel of DM3 and design an auxiliary identification tool. At present, the storage hidden channel in DM3 includes object attribute channel, object existence channel and shared resource channel (such as resource exhaustion channel). For some timing hidden channels, such as those using concurrency control locking mechanism (which also exists in other database management systems such as Oracle), elimination measures are taken

Copyright © 2011 JIN SHI