Research On Survival Secure DBMS And Its Key Technologies

As important data stored center of information systems, database has always been attack target. Traditional prevention and protection centric database security mechnisms, such as cryptography, identification, access control, firewall and multi-level security mechinisms, put emphases on inspection of user identification and permission constraints, and can not prevent all attacks and abuses of inner normal users. According to these, existing transaction based intrusion detection, isolation and recovery mechanisms are very limited to encounter this situation. Based on traditional database security mechanisms and existing network and operating systems'survival techniques, this dissertation focused on database survival models and techniques from transaction level to DBMS level and OS level. The main contributions of this dissertation are summarized as follows:Firstly, a new idea that using covert channels inevitably existing in MLS/DBMS to detect malicious transaction is provided based on analysis of concurrency control mechanisms and survival database requirements. In survival database environment and multi-level transaction processing, covert channels can not be avoided and conspirators between high level and low level security transactions and the third malicious transaction will leak confidential information. By assumption of probabilities of transactions'events, mechenisms of detecting conspired users and malicious noise transactions are provided. Using covert channel to detect malicious behaviors not only enhances security of DBMS but also provides foundation for futher isolating malicious behaviors and recovery them.Secondly, SPN based malicious transaction isolation and recovery models and related algorithms are provided based on tranditional malicious transactions recovery approaches. The proposed models combine SPN theory and multi-phase isolation techniques and define optimized data structures in order to dynamically locate transactions infected by malicious ones and recovery them. Static malicious transactions recovery algorithm SMRA and on-the-fly malicious transactions recovery algorithm DMRA are provided. Simulated experiments prove that DMRA need less time and disk operations than SMRA thus can speed up malicious transations recovery process.Thirdly, data dependency based malicious transactions recovery algorithm DDMRA and with blind writes data dependency based recovery algorithm BDDMRA are provided based on transaction dependency recovery methods. DDMRA only recoveries incorrupted data items by malicious transactions to avoiding re-excution of innocent operations while transaction dependency methods undo-redo all operations of malicious transactions. In BDDMRA, benign blind writes can write bad data items to normal state thus corresponding malicious operations are not necessary to undo-redo and it will speed up recovery process. Simulated experiments proved that data dependency appoaches are more effectively than transaction dependency ones.Fourthly,a new DBMS access control models named WRBAC is provided based on relational database watermarking and DBMS role-based access control models. WRBAC perduely and dynamicly authorizes permissions to users by embedding and detecting watermarks to database objects. Compared to existing access control models, WRBAC is more secure and can avoid conspirators to achieve additional privileges.Finally, a new multi-valued logic based system survival model is provided based binary logic. For DBMS components always have multi-state, our model can describe system state and survivability. Experiments show that compared to BL based model, MVL based one is more suitable to describe system state and survivability and more accurate when they change.