| The paper studied several kinds of insecure factors that influencing the distributed database, direct against the possible defect that the security policy of distributed database should exist. Make use of mutual authentication mechanism based on x.509 certificate to replace the traditional password way in order to prevent the fragility of the password ; We try to prevent the blind trust among the distributed database sites by trust evaluation mechanism. Also we introduce access control mechanism which is based on trust to prevent the access to unauthorized users. Through these mechanisms, we reduced the insecure factor that influenced the database, and reach the goal to improve the security of distributed database.On the assumption that the data saved in each site is safe, we discussed the authentication, security communication and access control applied in distributed database security. First of all, through analysing and drawing lessons from the present safe theory of database, combine present distributed identity authentication technology, we extended the mutual authentication model,weakened the dependability assumption of network, and proposed the mutual authentication protocol which based on the mechanism of retransmission of authentication data and dynamically updated nonce. And we guaranteed the consistency of both sides' nonce by dint of the two-phase commit protocol which based on log.Then, we introduced the concept of double channels(namely,control channel and data channel) which based on mutual authentication, authenticated each other through control channel firstly, and exchange AES session key , then encrypt the data with AES key and transmit it by data channel, by this means,the security of the data transfer is thus guaranteed;Finally,we inducted trust managment mechanism into distributed database system. Using recommendation-based global trust model [3] evaluated thetrust dgree of each distributed site. And based on which, we inducted the conception of meta-permission that presented by LEI Hao et al[22],by quantifying the quantity of permission to trust dgree,we extended and implementated the B/S oriented Role-Based Access Control model. On the basis of RBAC96, subdivided the security object by importing the module entity, method entity and thecorresponding role transitive relation, divided meta-permission set into general meta-permission and special meta-permission and presented BSAC model, then give the implementation of the BSAC model combining with security framework based on MVC. |
PDF Full Text Request