Study On Secure Database And Its Application

With the repaid development of computer technology,computer has come into many areas of modern society and everyday life.Now,in our country, a lot of information infrastructure are being under construction and many new services such as electronic commerence,remote education,electronic cash,etc are supplied by internet . Due to the urgent demand on high-security DBMS and the government's policy of developing information security product, it is significant to make research on secure DBMS, both in theory and application.Based on a plenty of papers,technology reports and dissertations,this dissertations make some research works on the field of secure DBMS in accordance with the reality of our country ,the main points are as follows:1. The problem of polyinstantiation in MLS DBMS is discussed. In Chapter 2, its catalogue,the mean of production and the influences on MLS DBMS are anylized. Especially a number of implementation's characteristics and scope of application are analyzed carefully and currently commercial MLS DBMS's approaches were introduced. All the results help in solving polyinstantiation in developing a MLS database application system and a MLS DBMS based on the free software PostgreSQL.2. Based on the analysis of current access control model, in Chapter 3 the realization of mandatory access control in role-based protection system is discussed. At first, the definition of role and the application in security are discussed. Then the concept of MAC is introduced and a scheme of Role-based protection is developed, which realizes MAC by viewing each of the role contexts as a independent security-level and imposing non-cyclic information flow requirement. 3. Inference is one of the major threats to MLS DBMS's security. In Chapter 4, We give a new approach for inference risk evaluation, which uses the rough set theory in data mining technique to catch the possible inference channel in MLS DBMS. Compared with other methods,the main advantages lie in that it doesn't need the knowledge of SSO (System Security Officer) and can use the current available data mining tools to monitor the database in time. 4. Aimed at current C/S database application system, in chapter 5,a new technology "databse security proxy" is introduced, which incorporate present security mechanisms including multi-level security,cryptology ,authentication .Its relization based on the Insprise's MIDAS (Multi-Tier Distributed Application Services Suite) of the Insprise is discueesed and a practical database application is realized. 5. A new approach to develop MLS DBMS is introduced in chapter 6.The key idea is to make use of the characteristics of free software: its source code is open and can be modified freely. So the souece code of PostgreSQL-a kind of free software DBMS and its security capability are analyzed firstly, and then based on the carefully analyzing of TCSEC & TDI's requirements and present MLS DBMS's architecture, technical scheme to retrofit PostgreSQL to a B1-level MLS DBMS is given, which including security subsystem and audit subsystem. Then some revellent machanism and policy about security label and MAC are discueesd.