摘要
目前,数据库的安全访问方法主要是通过对数据库的数据字典加以改造,并通过检查用户权限和访问数据安全标记来实现强制访问控制。这类方法不对数据库访问用户身份和访问路径进行检查,存在权限提升等安全风险。因此,采用数据库资源的染色标记方法,提出了一种基于染色标记的数据库安全强制访问控制体系,主要包括请求过滤、资源染色、数据库系统改造、请求响应管控以及身份标记与虚拟通道加密等几个步骤,实现了用户身份的强认证和用户数据库操作的强制访问控制。
Nowadays,the security access method of database,mainly through transforming the data dictionary of database,and by checking user privileges and accessing data security labels,realizes the mandatory access control.This kind of method does not check the user identity and access path of the database access,so there exists security risk such as the privilege escalation.Therefore,a database security mandatory access control system based on dyed markup is proposed with staining and marking of the database resources.The system mainly involves request filtering,resource dyeing,database system transformation,request response control,identity marking and virtual channel encryption,thus realizing the strong authentication of the user identity and the mandatory access control of the user database operation.
作者
戚建淮
宋晶
汪暘
刘建辉
郑伟范
QI Jian-huai;SONG Jing;WANG Yang;LIU Jian-hui;ZHENG Wei-fan(Shenzhen Y&D Electronics Co.,Ltd.,Shenzhen Guangdong 518055,China;State Engineering Laboratory for the Safety Technology of Urban Rail Transit System,Shenzhen Guangdong 518055,China)
出处
《通信技术》
2018年第3期692-695,共4页
Communications Technology
基金
深圳市战略新兴产业发展专项资金项目"基于SDN的IAAS云平台研发"(No.CXZZ20150504110141589)~~
关键词
强制访问控制
公钥基础设施
安全标记
染色策略
MAC (Mandatory Access Control)
PKI (Public Key Infrastructure)
security label
dyeing strategy
