| Under the guide of the database and web technology, data in the information system are becoming more diversification, individuation and privatization. The data in the database need access control in the granularity of row, column even single cell , namely fine-grained access control(FGAC). But traditional way that deployed the FGAC in the application layer exists many limitations, thus make FGAC should be realized in the DBMS. On the basis of domestic relation database DM5 , we have studied the realization mechanism of FGAC, expressed and managed the policy through expanding SQL, after that we have implemented our own fine-grained access control system prototype.After analyzing the typical commercial database and the researches which have done before, a new grammar of create the policy types and instances in the database is designed. This grammar regard the information filtering body as it's main component, including the operating list, the policy restrain, etc. Regarded security policy as the core, we have designed a new architecture of FGAC. It includes the policy translator , the policy service , the access controller and the SQL execution. Each of them fulfill the relatively independent task.According to design, a FGAC subsystem which took policy as the core have been realized in DM kernel. The subsystem consists of create and manage policy process and access controller implement the policy process. The first process provide a unified database SQL interface to create and manage the policy. And the access controller adopted the technology of dynamical query modification while implementing the security policy. It needs to utilize the policy service to carry out the selection of the policies according to the SQL sentence executing environment.In order to study the correctness and performance, a large number of concrete cases were adopt to prove the FGAC effectively and correctly, and many groups of TPC-W test data compared together show the impact of the system performance is very small. |
PDF Full Text Request