| Traditional database information security research focused on how to defend against intrusions, such as authentication, encryption, access control, firewall, Intrusion Detection, but it can not resist all the intrusions. And it's powerless to do anything more for the internal attacks. Intrusion Tolerance database considers how to make the system to provide uninterrupted service in the case of intrusion, and keep the availability, integrality and confidentiality of the database, and adaptively enhance the system's intrusion-tolerant ability.This paper discusses the technique of intrusion tolerance in detail. Basing on that, it proposes a secret sharing project, and uses redundancy technique to realize the inner intrusion-tolerance. Then, the single error correction tolerates the transfer's intrusion, and this enables the outer-level intrusion-tolerance. At last, an integrated database security architecture is proposed basing on these key techniques.It designs Proxy, sensor agent (SA) and early warning center (EC) basing on the research of multi-layer intrusion-tolerance structure, in order to enhance detecting the attacking- data. It means that when a malicious is detected, system contains all the objects that may be damaged immediately. And then, system checks whether the object is damaged. System unchains the object that is undamaged. System repairs the object that is damaged to the latest version that is undamaged.This model solves damage spread. It is transparent to users. It enforces damage assessment and repair without stopping the execution of normal transaction, so it has more usability. |
PDF Full Text Request