Secure-oscar Authentication System Design

Database management systems (DBMS) is the key to ensure the security of information. OSCAR is a large scale database management system, and Secure-OSCAR is the secure version of OSCAR. In Secure-OSCAR we implemented the strong authentication, access control, audit, encryption and Intrusion Detection mechanisms. All these technologies are used to ensure the security of Secure-OSCAR.Database Authentication is the process by which the database server establishes the identity of the client, and by some techonologies determines whether the client application (or the users who runs the client application) is permitted to connect with the user name that was requested. Authentication in DBMS is thse first barrier to defense the attacks. In this paper we discuss the design of each authentication mechansim in Secure-OSCAR, and analyse the realization of some essential parts.We first analyse the security threats that authentication of DBMS must face and introduce a security threat model. Then we discuss the defense against these threats. According to various technologies to ensure database security, we introduce an ideal anti-threat model.Later, we discuss the architecture of authentication system in Secure-OSCAR and every parts of this architecture detailedly, including the Proxy authentication, database authentication, external authentication, PAM(Pluggable Authentication Modules), and discuss the design of authentication for DBA(database administrator) especially. These mechanisms use mature authentication technologies and encryption mechanism together to ensure the authentication system's security.The following four chapters discuss the detailed realization of authentication based on Proxy, password, fingerprint, Radius, SSL and PAM. In the design and realization, we focus on analyzing the advantage and disadvantage of each authentication mechanism. According to the treat model, we especially solve the security problems of storage and transmission of the user's credence to authentication, and the defense to the attacks against the authentication protocol.We sum up the paper in the end. We propose the future research and improvement direction of Secure-OSCAR's authentication mechanisms.