I. Security Overview
1.1 of insecurity
Unauthorized access and malicious destruction of database
database important or sensitive data being leaked
secure environment vulnerability
1.2 Introduction to Safety Standards
1.2.1 TCSEC / TDI standard
Backward compatible to have a partial order relationship between the level of security that the security provided by a higher level of security protection requirements to include all the lower level, while providing more or better protection
1.2.2 CC standard
1.3 Security Controls
A computer system, a security layer is disposed a
database management system security control model
common database security system control method comprising: a user identification and authentication, access control, view, auditing, data encryption
Second, access control
composition
- Define user permissions and the user rights registered in the dictionary data
- User rights called for authority to operate a data object
- DBMS provide the appropriate language to define user permissions, stored in the data dictionary, called safety rules or authorization rules
- Check the lawful authority
- Database access request issued by a user operation
- DBMS data dictionary lookup, legitimate authority check
2.1 customize access control
Achieved through SQL statements of grant and revoke statements
user permissions that
- Data Objects
- Action Type
Defining user access rights: the user can define what types of operations on the database objects which
define access authorization referred to
access relational database systems
Granting privileges and recycling 2.1.1
1, awarded grant
grant <权限列表> on <对象名> to <用户/角色列表>
/*
权限列表可以是 all privileges,或者如下
select:查询
delete:删除元组
insert [(<属性列>,...,<属性列>)]:插入
update [(<属性列>,...,<属性列>)]:修改
references [(<属性列>,...,<属性列>)]:赋予用户创建关系时定义外码的能力
*/
2, recovery revoke
grant <权限列表> on <对象名> to <用户/角色列表>
{cascade | retrict}
2.1.2 Create a database schema permission
--数据库管理员在创建用户时实现
create user <username>
[with][dba | resource | connect];
create user statement Format Description
- Only the super user of the system have the right to create a new database user
- The newly created database users, there are three rights: connect, resource and DBA
- Absence create a new user permissions by default the user has permission to connect
2.1.3 database role
Definition: named a group associated with the operation of the database permissions
- Roles are collections of permissions
- You can create a role for a group of users with the same permissions
- Simplify the process of authorization
--创建角色
create role <角色名>
--角色授权
grant <权限列表> on <对象名> to <角色名>
--使用角色授权
grant <角色列表> to <用户/角色列表>
--收回授予角色的权限
revoke <权限列表> on <对象名> from <角色名>
--收回角色
revoke <角色列表> from <用户/角色列表> {cascade | restrict}
--通过角色来实现将一组权限授予一个用户。步骤如下:
--首先创建一个角色 R1
create role R1;
--然后使用grant语句,使角色R1拥有Student表的 select、update、insert权限
grant select,update,insert
on table Student
to R1;
--将这个角色授予王平,张明,赵玲。使他们具有角色R1所包含的全部权限
grant R1
to 王平,张明,赵玲;
--可以一次性通过R1来回收王平的这3个权限
revoke R1
from 王平;
2.2 Mandatory Access Control Method
In mandatory access control, all of the entities managed by the database management system is divided into two major categories of subject and object
body is a mobile body system
- Database management system managed by the actual user
- On behalf of the user process
The object is a passive entity in the system, by manipulation body
- Documents, basic tables, indexes, views
Tag sensitivity
for subject and object, DBMS them each instance (value) is assigned a marker Sensitivity
Sensitivity mark into several levels
- Top-secret
- confidential
- secret
- public
Body tag called a license sensitivity level
sensitivity dense object called a marker
Mandatory Access Control rules
- Only when the body is equal to or greater than the level of the license dense object, the subject can read the corresponding objects
- Only when the license subject level less than or equal dense object, the subject can write the corresponding object
First, to achieve self-control to achieve access Mandatory Access Control
- The reason: The security higher level of security provided to include all lower-level protection
Independent access control and mandatory access control security mechanism together constitute a database management system
Third, other security measures
3.1 view mechanism
First define a view, shielded part of the data needed for some users confidential; then in view of the definition of access rights, it will grant access to the apostle of these users, but does not allow direct access to their relationship that defines the view
3.2 Audit Techniques
Auditing technology is a surveillance measures, it tracks database access activity, detect possible illegal conduct
audits to enable a dedicated audit log automatically records all users to update the database (insert, delete, modify)
audit logging part
- Type of operation (insertion, deletion, modification)
- Operation terminal identifier and the operator identifier
- Operating dates and times
- Data involved in the operation (relationship, tuple attributes, etc.)
- Before and after images of data
3.3 Data Encryption
According to some encryption algorithm, the original data (plaintext) into a format not directly recognizable (ciphertext)
encrypted secret algorithm should not depend on modes, but is dependent on algorithm parameters, i.e. the key