| Along with the development of information, network and intelligence, the security of database is facing more and more challenges. As a result, the study of databse security has become a research hotspot in related studies directed by many scholars and researchers. The research of data security and recovery in trad itional large database systems has been relatively mature. However, the small embedded database SQLite3 which is used in the embedded areas still has no relatively perfect security mechanism. Therefore, it faces certain security threats and risks. Based on analysis of the architecture and file format of SQLite3, this paper presents a study on the security enhancement and data recovery from three aspects of secure storage, secure access control and data recovery. The main contributions of the paper are as follows:1. The architecture and main data structures of SQ Lite3 are analyzed firstly. Then, the file format of database is deeply analyzed from both small files and large files. At last, the security policy of SQLite3 is designed to strengthen the security of SQLite3 from three aspects of secure storage, secure access control and data recovery.2. The free and open source version of SQLite3 does not provide enough corresponding secure storage function. In view of this, a secure storage method of SQLite3 data based on XXTEA is proposed by analyzing the encryption algorithm, level and granularity. This method makes use of the MD5 hash function to generate a key with a fixed 16-byte length firstly, and then realizes the page- level secure storage of SQLite3 in kernel layer using the tiny encryption algorithm XXTEA. The experimental results and analysis show that this method enhances the secure storage of SQLite3 data without increasing the storage capacity of the database. At the same time, it still keeps the high efficiency of data operations.3. By analyzing the source code of the SQLite3 da tabase, the multi- level roles of SQLite3 are designed and introduced into the RBAC model. Then, a secure access control mechanism for SQLite3 based on RBAC and multi- level roles is proposed. Firstly, it checks the legitimacy of the users through the identity authentication function. Secondly, it verifies the permissions of the legal users about specific database operations to prevent the illegal access and unauthorized use. It is indiacted by the experimental tests that the new secure access control mechanism not only succeeds the original advantages of SQLite3, but also improves the security of SQLite3.4. By analyzing the file format of SQLite3 and comparing the different data storage principles before and after deletion, it’s concluded that there are three different forms of deleted data which are uncovered free blocks, partially covered free blocks and part of unallocated space. Then, a recovery method of deleted data based on the file format of SQLite3 is proposed. The method firstly identifies the SQLite3 database file, then searches and collects the free blocks and unallocated space in the data pages. At last, it selects d ifferent recovery algorithms to recover the deleted data according to the different forms of deleted data. The experimental results a nd analysis show that this method can be applied to recover different forms of deleted data and has wider restore range and better restore performance than the previous methods. |
PDF Full Text Request