| As the rapid development of technology of computer network, security in information becomes more and more critical to the success of a computer system. The security of a database, which usually carries all the important information, plays a very important role in the research of information security. The security problems arise greatly when a database shares its data. Access control mechanism is usually to solve the data - sharing problems.The Discretionary Access Control( DAC ) mechanism has serious flaws in multi-user systems, especially in the network environment DAC mechanisms restrict access to objects based solely on the identity of subjects who are trying to access them. This basic principle of DAC contains a fundamental flaw that makes it vulnerable to Trojan horses [BF85][D85]. So another mechanism called Mandatory Access Control( MAC ) is to be considered in designing a secure database management system (DBMS ). The basic principle of MAC is to classify the subjects who try to access and the objects who are to be accessed respectively, and all these classifications, partially ordered, form a lattice. The best known security model for MAC is that of Bell and LaPadula. In MAC mechanisms, a special officer called Security Administrator (SA), instead of the objects' owner, is responsible to grant and revoke of access privileges on them. SA is to classify the subjects, and this may cause the classification of the objects when they are created. Information flow are forced in only one direction in MAC , so it can eliminate the possibility of leaking confidential data to insecure subjects, which disables the effect of Trojan horse attack.As the kernel component of database security, the development trend is very important for developing database security. HRU, Bell-Lapadula module and Jajodia-Sandhu module all serve as milestones. But there are several shortcomings and defects in these modules. Then based on the analysis on these modules, we proposed ZJMAC module for enforce database security. At the same time, we introduce MLR and integrated it with ZJMAC. We design and implement an Security Enforcer based on Oracle 8i, and we include the audit mechanism which record all the data operations about security and we can use them for investigation and analysis. |
PDF Full Text Request