摘要
防止非法访问一直是数据库安全的重要内容,但随着防火墙、权限检查等技术的成熟,应用中越来越多的安全威胁开始来自数据管理者。本文给出了在数据库上采用安全策略的一种数据保护方法和基本原则,它能够防范系统外的入侵者,也能够防止数据库管理者的数据泄漏。同时我们还根据安全策略的定义,给出相应的查询优化指导方法。简单分析表明,执行引擎根据数据库操作的代价特点优化或重写查询能显著减小安全检查带来的性能影响。
Preventing unauthorized access is always one of the main issues to database security, however, internal administrator becomes one threat more and more while facilities like firewall are maturing and widely laid out. A security-policy-based method and its principles are introduced in this paper, which can either defense the external intruders or the leakage of sensitive data because of the administrator(s). We also present several guidelines for cost-based query optimization according to the filter functions of the security policy. The basic analyses show it is feasible to effectively reduce the overhead of security checking by query rewriting and optimization in a query engine.
出处
《计算机科学》
CSCD
北大核心
2007年第2期122-124,共3页
Computer Science
基金
国家自然科学基金资助项目604473069
60496325
关键词
安全策略
安全标签
查询优化
Security policy, Security label, Query optimization