摘要
存储过程是DBMS中动态实体,确定其执行权限集合是有效进行DBMS访问控制的关键问题·常用方法违反了最小特权原则,从而导致了一系列DBMS安全漏洞·此外,存储过程的嵌套执行为确定权限集合并限制其应用范围带来了困难·针对这些问题提出一个基于动态上下文栈的DBMS访问模型·模型以操作序列为输入,在存储过程执行过程中使用上下文栈动态确定存储过程的执行权限集合·模型不仅可以有效地支持最小特权原则,而且还具有良好的管理性和可扩展性·
Stored procedures are dynamic entities in DBMSs. Determination of the privileges set of their execution is a key problem of the effective access control of DBMSs. Approaches usually adopted violate the principle of “least privilegs”, which leads to a series of security vulnerabilities of DBMSs. In addition, the cascading execution of stored procedures brings about difficulties of limiting the scope of the application of the privileges set. According to these difficulties, a DBMS access control model based on dynamic context stack is presented, which takes operation sequences as its input and determines the privileges set of the execution of stored procedure based on the context stack. It not only supports the principle of “least privilegs” well, but has good property of manageability and scalability.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2005年第12期2093-2099,共7页
Journal of Computer Research and Development
基金
国家自然科学基金项目(60025205
60273027)
国家"九七三"重点基础研究发展规划基金项目(G1999035802)
国家"八六三"高技术研究发展计划基金项目(2004AA147070
2002AA141080)