Research And Implementation Of Access Control And Intrusion Detection Mechanisms In Grid Database

Grid database is a new research field which is combineded of grid technology and database technology,its purpose is to effectively integrate the distributed, heterogeneous and dynamic data into the grid environment. Data security plays a crucial role in the whole grid database system for safely running, and access control is the most important part in the security architecture of the grid database system. Therefore, using Grid DBMS for effective data access control has become the key to the development of grid database. Intrusion detection is the basis for the database survival research, and in order to maintain the data confidentiality, intrgrity and availability in grid database, we must detect the intrusion proactively. Therefore, the study of intrusion detection mechanisms for grid database has become the inevitable trend of development of grid database.This thesis has researched the relative technologies of access control and intrusion detection in grid database, and purposes a grid database access control modal based on distributed role and purpose mapping, and gives out a grid database intrusion detection algorithm based on service profile and SQL operation. Besides, we gives the implementation of the two security mechanisms in Grid DBMS --- NHGridDB. The main work and innovations of the thesis are as follows:⑴This thesis describes and analyzes related concepts and research status of grid, grid database and grid database security, analyzes the existing grid database access control and intrusion detection technologies in detail, and analyzes the shortcomings of existing technologies in view of the inherent characteristics of grid database.⑵In view of the distribulity, dynamic and heterogeneous of grid database, a grid database access control modal based on distributed role and purpose mapping --- DRPBAC is purposed, and gives out detail definition, access control function and access control rules of basic model and extended model of DRPBAC, and analyzes the security , availability and privacy protection at last.⑶For characteristics of grid environment, a two levers intrusion detection mechanisms including service profile based intrusion detection in system layer and SQL operation based intrusion detection in node layer. Besides, two level intrusion detection algorithm simulation experiments are gived, and the rusults of the two experiments both show that the two algorithm have high detection rate and almost o false positive rate. In addition, intrusion detecion mechanism has little effection on system load.⑷This thesis describes and analyzes the architecture of existing Grid DBMS --- NHGridDB, and main module's specific features and detailed design. Besides, gives the specific design and implementation of access control and intrusion detection technology purposed by this paper in NHGridDB.