Study On Testing Techniques And Design Of Testing Tools For Multilevel Secure Database Management System

With the rapid development of networks and information technology and the improvement of the degree of informationization in economic and social lives, information security has become important assurance of keeping informationized society working. As one of the core foundations of information system, database systems stored a large number of information among systems and users, and disclosure and tampering of these information will damage the confidentiality and integrity of total system. Therefore, the security of database is crucial to information system. To improve the security of the database management system, the concept of multilevel secure database and a series of multilevel secure database model and technology were proposed.In this paper, multilevel secure database management system (MLSDBMS) testing techniques are studied, and testing methods of mark, mandatory access control, security, security audit and inference control Function are researched based on the current MLSDBMS security model and technology. Moreover, some new testing methods are proposed, including dynamic testing method based on MAC model's explainment, testing interfaces of database management system security audit function based on the extended SQL and testing methods of inference channel based on the set of cases. And finally, a dynamic security testing tool based on these methods named"MulDBTaT"is achieved.The proposed dynamic testing methods based on MAC model's explainment include interpretation, grammar explanations, test execution and test results summary. Firstly, explanations of MAC model and conversions of syntax generate executable test script files for database system; secondly, the script files are automatically excuted by the testing tool; finally, there is a summary of the test results. Compared with traditional manual testing, this method not only increases the automation of the testing process, but also enhances the objectivity and repeatability of test results.Non-standard SQL was adopted to realize multi-level security database security audit function, so it is difficult to test security audit function dynamically. To solve this problem, a scalable SQL-based database management system security audit function test interface was designed, which provide the dynamic query interfaces with a standard SQL query language specification of inquiries of audit log.Inference control is a difficult problem in the multi-level security database design, it's imposible to eliminate all the inference channels by using a universal control method because of the diversity of inference forms. Therefore, it is difficult to test the multilevel secure database's inference control mechanism. Consequently, in this paper, a set of test cases based on the popular inference strategies were designed and used to test the efficiency of detection and control strategy of inference channel in database system.On the basis of the study of test methods, a multi-level secure database management system security function dynamic testing tool named"MulDBTaT"was designed and implemented in this paper, which implements and integrates testing methods proposed in this paper. Combined with test scripts of other security function indexs, this tool can dynamically test multilevel secure database system, and greatly enhance the efficiency compared with manual testing.Finally, the testing methods and testing tool proposed are used in case of detection of domestic security database systems, and the testing results are compared with the manual testing. The conclusion shows that the methods and tool can improve testing efficiency and have high practical value for the detection and assessment of.multilevel secure database system.