| With the constant develop in database technology and the wide use in the department of military, government and financial area, database security issues more and more attention. Traditional database systems provide security features just to meet the requirements of general application, but can not meet the application requirements in a number of key sectors or sensitive areas. Secure database system uses the strict access control protocol in database system, not only guaranteeing the database users to have access to general information, but also ensuring that unauthorized users can not access to the sensitive information in the database.Among many of the data models of security database, MLR model is very successful. MLR data model successfully introduces the "data borrowing" concept to solve the issues in polyinstantiation and so on, but MLR data model also brings some hidden security issues. In MLR data model, a low security level user do the delete operation or do the update operations in primary key property may indirectly lead to a low security level users to modify the user's view in the high security level.In this paper, in order to solve the issue about the low security level users to write too much power in MLR data model, we make an improved security model -E-MLR data model. E-MLR data model revise the delete operation and the update operation in primary key property operating by low security level user.We copy the low-level tuples deleted by the low security level user as well as the indirect deleted tuples owed by the high-level user into a temporary table in the database buffer pool.At the same time,we maintain the table about the relationship between "data borrowing" tuples.The table maintains the information of the high security level tuple who borrows which of the low security level tuple. And maintains the information about whether the high security level tuple have been indirectly removed by the low security level user because of the delete operation and the update operation in primary key property operating by low security level user. In this way, the high security level tuple which indirectly removed by the low security level user can be restored by copying the relevant tuples from the temporary table in the database buffer pool. At the same time, the high security level user do the update operation to raise the security level of "data borrowing" data into its owner's security level. In this way, E-MLR data model solve the issue about low security level users to write too much power in MLR data model. And then E-MLR data model protect the high security level data. In addition, we give the formal proof of the correctness, the completeness and the security of E-MLR data model.We also revise the two versions two-phase locking mechanism (2V2PL). Combine with the functional characteristics of the signal lock and of the two version. We modify the submission and the atomic operations of the two versions two-phase locking mechanism, So that we use the E-MLR data model in the two versions two-phase locking mechanism in success. Therefore we increase the security of system.In this article, we design and implement the prototype of the key section in this multi-level security system. Through our experiments, we prove that the E-MLR data model using in the two versions two phase locking mechanism is achievable and feasible. |
PDF Full Text Request