期刊文献+

基于安全策略的一种数据保护方法及实现技术 被引量:6

One Method and Implementation of Security-Policy-based Data Protection
下载PDF
导出
摘要 防止非法访问一直是数据库安全的重要内容,但随着防火墙、权限检查等技术的成熟,应用中越来越多的安全威胁开始来自数据管理者。本文给出了在数据库上采用安全策略的一种数据保护方法和基本原则,它能够防范系统外的入侵者,也能够防止数据库管理者的数据泄漏。同时我们还根据安全策略的定义,给出相应的查询优化指导方法。简单分析表明,执行引擎根据数据库操作的代价特点优化或重写查询能显著减小安全检查带来的性能影响。 Preventing unauthorized access is always one of the main issues to database security, however, internal administrator becomes one threat more and more while facilities like firewall are maturing and widely laid out. A security-policy-based method and its principles are introduced in this paper, which can either defense the external intruders or the leakage of sensitive data because of the administrator(s). We also present several guidelines for cost-based query optimization according to the filter functions of the security policy. The basic analyses show it is feasible to effectively reduce the overhead of security checking by query rewriting and optimization in a query engine.
出处 《计算机科学》 CSCD 北大核心 2007年第2期122-124,共3页 Computer Science
基金 国家自然科学基金资助项目604473069 60496325
关键词 安全策略 安全标签 查询优化 Security policy, Security label, Query optimization
  • 相关文献

参考文献11

  • 1CCIMB-99-031&032 & 033, Common Criteria for Information Technology Security Evaluation, Version 2. 1, August 1999
  • 2GB/T 18336-2001.信息技术/安全技术/信息技术安全性评估准则.2001.
  • 3Department Of Defense. Trusted Database Management System Of TCSEC, 1991
  • 4Elliott B D, LaPadula Leonard J. Secure computer systems: unified exposition and MULTICS interpretation, 1976
  • 5PostgreSQL8. 2, http://developer. postgresql. org/docs/postgres/
  • 6Microsoft Corp. SQL Server 2000, http://msdn. microsoft. com/library/default. asp? url=/library/en-us/tsqlref/ts create2 7eeq. asp
  • 7MySQL 5. 0. http://dev. mysql. com/doc/refman/5. 0/en
  • 8Microsoft Corp. SQL Server 2005. http://msdn2, microsoft.com/en-us/library/ms189799. aspx
  • 9Oracle Corp. Oracle9i Application Developer's Guide, 2002
  • 10Oracle Corp. Database SQL Reference 10g , 2003

同被引文献29

  • 1朱磊,周明辉,刘天成,梅宏.一种面向服务的权限管理模型[J].计算机学报,2005,28(4):677-685. 被引量:29
  • 2杨柳,危韧勇,陈传波.一种扩展型基于角色权限管理模型(E-RBAC)的研究[J].计算机工程与科学,2006,28(9):126-128. 被引量:38
  • 3赵勇,刘吉强,韩臻,沈昌祥.信息泄露防御模型在企业内网安全中的应用[J].计算机研究与发展,2007,44(5):761-767. 被引量:29
  • 4[1]DoD 5200.28-STD-85.Trusted Computer System Evaluation Criteria.1985
  • 5[2]ISO/IEC 15408.Information Technology-Security Techniquess-Evaluation Criteria for IT Security,1999
  • 6[4]DNCSC-TG-021-91.Trusted Database Management System of TCSEC.1991
  • 7[5]NCSC-TG-005-87.Department of Defense,Trusted Network Interpretation of the TCSEC (TNI).1987
  • 8[6]GB/T 18336-2001.信息技术/安全技术/信息技术安全性评估准则.北京:中国标准出版社,2001
  • 9[8]D Elliott Bell,Leonard J LaPadula.Secure computer systems:Unified exposition and MULTICS interpretation.MITRE Corperatio,Techn Rep:ESD-TR-75-306,1976
  • 10[9]Ravi SandhuSushil,Jajodia.Honest databases that can keep secrets.The 14th NIST-NCSC National Computer Security Conference,Washington,1991

引证文献6

二级引证文献22

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部