| Database system security is one of the most important research areas of information system security, the theory and technology of which is an important research direction in database theory. Data model is the core and foundation of database system, access control is an important part of database security, audit is an essential component of modern security system, and these are mainly discussed in this paper. First, a multilevel secure data model is put forward which consults the two concepts of"data-borrow"and"data-based semantics"that are used in classical MLR model and introduces the borrow identity of data. This new model modifies the integrity properties and the manipulation of deletion, update and uplevel, improves the ambiguity of semantics and strengthens the availability of data borrow. Second, based on the analysis of role-based access control, an extended role-based mandatory access control model is proposed in which audit function is introduced and the revised operations are defined. The improved model can simplify the administration of privileges, also can guarantee the system security. Finally, an audit model on multilevel secure database and the framework of the audit subsystem are discussed. The model can express fine-grained audit policies on basic operation and attributes of object, and can express real-time detection with constraint rules. According to the theory mentioned above, a MLS/DBMS is designed and developed, the access control function and the audit subsystem of it are implemented. |
PDF Full Text Request