| A multidatabase system (MDBS), based on network and database technologies, is a system that supports data sharing and integrating of a collection of pre-existing, heterogeneous, distributed local database systems. Adding a security module into MDBS is urgent when more and more system security problems come into notice. Because of the heterogeneity, distribution and autonomy of MDBS, the security mechanism in MDBS is much different to that in traditional database.A MDBS security model based on digital certificate is designed in this paper to ensure the secret communication among the components in the distributed network. With verifying the digital certificates and establishing the secret connections, safe communications between the servers and clients in MDBS are kept.There are two kinds of users in MDBS: global user and local user, which can be managed by the corresponding managers independently. We enter the MDBS as a global user, and access into the local data source as a local user. Some methods to identify users in MDBS, divided by the different ways to map between global users and local users, are analyzed. Based on the analysis of the theories about access entities and access roles, a role privilege assignment model is proposed in order to realize access control and preserve the heterogeneity and autonomy in MDBS, According to the ideas above, we add a security module into Panorama, a multidatabase prototype system. X.509 digital certificate and Security Socket Layer (SSL) are introduced into Panorama, and communication security under Common Object Request Broker Architecture (CORBA) is realized. By the benefit of digital certificate, the privilege assignment request could be distributed by encrypted XML format. In this way, the global users could be mapped to the local users more flexibly and access control could be implemented.
|
PDF Full Text Request