期刊文献+

基于动态上下文栈的DBMS访问控制模型

An Access Control Model for DBMS Based on Dynamic Context Stack
下载PDF
导出
摘要 存储过程是DBMS中动态实体,确定其执行权限集合是有效进行DBMS访问控制的关键问题·常用方法违反了最小特权原则,从而导致了一系列DBMS安全漏洞·此外,存储过程的嵌套执行为确定权限集合并限制其应用范围带来了困难·针对这些问题提出一个基于动态上下文栈的DBMS访问模型·模型以操作序列为输入,在存储过程执行过程中使用上下文栈动态确定存储过程的执行权限集合·模型不仅可以有效地支持最小特权原则,而且还具有良好的管理性和可扩展性· Stored procedures are dynamic entities in DBMSs. Determination of the privileges set of their execution is a key problem of the effective access control of DBMSs. Approaches usually adopted violate the principle of “least privilegs”, which leads to a series of security vulnerabilities of DBMSs. In addition, the cascading execution of stored procedures brings about difficulties of limiting the scope of the application of the privileges set. According to these difficulties, a DBMS access control model based on dynamic context stack is presented, which takes operation sequences as its input and determines the privileges set of the execution of stored procedure based on the context stack. It not only supports the principle of “least privilegs” well, but has good property of manageability and scalability.
出处 《计算机研究与发展》 EI CSCD 北大核心 2005年第12期2093-2099,共7页 Journal of Computer Research and Development
基金 国家自然科学基金项目(60025205 60273027) 国家"九七三"重点基础研究发展规划基金项目(G1999035802) 国家"八六三"高技术研究发展计划基金项目(2004AA147070 2002AA141080)
关键词 数据库安全 RBAC模型 最小特权 访问控制 database security RBAC model least privileges access control
  • 相关文献

参考文献23

  • 1Elisa Bertino, Elena Ferrari. Data security. In: Proc. 22nd Annual Int'l Computer Software and Applications Conf. Los Alamitos, CA: IEEE Computer Society Press, 1998. 228-239.
  • 2D. Gollman. Computer Security. New York: John Wiley and Sons Ltd, 1998.
  • 3Oracle: Java Stored Procedures Developer's Guide. http://otn. oracle. com, 2001.
  • 4Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, et al.Role-based access control models. IEEE Computer, 1996, 29(2):38-47.
  • 5R. Chandramouli, R. Sandhu. Role based access control features in commercial database management systems. The 21st National Information Systems Security Conf, Crystal City, Virginia, 1998.
  • 6SecurityFocus. Multiple vulnerabilities in Oracle servers. http://www. securityfocus. com/advisories/3964, 2002.
  • 7NGSSoftware. Insight security research advisory. http://www. nextgenss. com/advisories/mssql-esppu. txt, 2002.
  • 8Jerome H. Saltzer, Michael D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE,1975, 63(9): 1278-1380.
  • 9Patricia P. Griffiths, Bradford W. Wade. An authorization mechanism for a relational data base system. ACM Trans.Database System, 1976, 3(1): 242-255.
  • 10Elisa Bertino, Pierangela Samarati, Sushil Jajodia. An extended authorization model for relational databases. IEEE Trans. Knowl.Data Eng, 1997, 9(1): 85-101.

二级参考文献5

  • 1[1]Sandhu, R. Issues in RBAC . In: Proceedings of the ACM RBAC Workshop. MD: ACM Press, 1996. 21~24.
  • 2[2]Jaeger, T. On the increasing importance of constraints. In: Proceedings of 4th ACM Workshop on Role-Based Access Control. Fairefax, VA: ACM Press, 1999. 33~42.
  • 3[3]Ahn, G.-J. The RCL2000 language for specifying role-based authorization constraints [Ph.D. Thesis]. Fairfax, VA: George Mason University, 1999.
  • 4[4]Sandhu, R., Coyne, E.J., Feinstein, H.L., et al. Role-Based access control models. IEEE Computer, 1995,29(2):38~47.
  • 5[5]Chen, Fang, Sandhu, R. Constraints for role-based access control. In: Proceedings of the ACM RBAC Workshop. MD: ACM Press, 1996. 39~46.

共引文献50

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部