| With the rapid development of database application and the urgent requirement of the data security in the Internet, traditional Relational Database Management(RDBMS) not only need expanded support of object model, but also ensure the data security.The SDM4 which is the practical security database system researched and developed by ourselves is presently changed to Object-Relational Database Management System (ORDBMS) by supporting the object types and features step-by-step. Four object types and several features are supported in the object sub-system, which are user defined type,row object,queue object,reference type,nesting,inheritance,instantiation,encapsulation and so on. Considering these object types and features, Mandatory Access Control (MAC) Mechanism of SDM4 must be extended to protect all data in the database.Based on the object sub-system and MAC Mechanism in SDM4,analyse and research security objects and object features, bring forward label policy of signing object security-label and constraints policy of filtering object for MAC. There are six constraints policy, which are user defined type-table constraint,nesting constraint,inheritance constraint,instantiation constraint,reference constraint and function constraint. Analyse covert storage channel which exists in MAC of object sub-system based on multilevel security model.MAC Mechanism for SDM4 is expanded. The part in object sub-system which is similary to MAC of relation system, can be extended on the foundation of BLP Model for relation system. Otherwise, the part which is unique for MAC of object features in object sub-system, can be rebuilded on the basis of constraints policy of filtering object.By SQL statements of functionality testing, MAC of object types and object features is effectively implemented in object sub-system of SDM4. |
PDF Full Text Request