安全数据库的推理通道问题研究
|
摘要
安全数据库中推理安全问题在信息安全领域中是一个重要课题。常见的商用数据库对于一般企业来说安全性是足够了,但是对像军队和政府这些特殊部门,必须研究特殊数据库来满足需要的安全性,于是就产生了对安全数据库的需求。国外安全数据库的研究已经相对成熟,并推出了很多相关产品。但是国内对此研究还不够成熟,需要多加研究以弥补这方面的空白。
在学习推理通道的相关理论和前人研究成果的基础上,本文针对安全数据库提出了一种基于MAC的安全控制模型。首先着重介绍了一种安全控制机制,叫做泄漏推理引擎,使用表达性很强的Horn子句约束用于数据依赖的推理算法。然后引入更新的状态,通过使用动态泄漏推理引擎扩展了强制访问控制机制,确保了数据的安全性。动态泄漏推理引擎扩展了泄漏推理引擎,是在数据库更新的情况下,保护数据库的健全性和完整性的安全模型。动态泄漏推理引擎在泄漏推理引擎的基础上,增加更新集运模块,并对历史文件进行更新,使得基于过时数据的错误推理查询不被拒绝,从而保证数据机密性和最大查询可能。针对本文提出的安全模型,通过实验对其性能进行了分析。
Inference control problem of secure database is an important research area in information security domain. The security of the common commercial database should be enough for general enterprises, but it isn’t enough for some special departments such as army and government. So we must study the special database to guarantee the absolute security of their information, and we call it secure database. The foreign study on secure database has been already riper, and has released the relevant products, but the domestic study on secure database is still very unripe. We must study our own secure database.
On the basis of previous research results and the study of information extraction theory, this paper presents a security mechanism based on MAC. First we present an integrated security mechanism, called the Disclosure Monitor. And we develop actual inference algorithms for data-dependent disclosures for a highly expressive family of Horn-clause constraints.Then lead in update state, we guarantees data confidentiality by extending an mandatory access control mechanism (MAC) with the integrated security mechanism called Dynamic Disclosure Monitor (D2Mon). D2Mon extends the functionality of Disclosure Monitor (DiMon) to address database updates while preserving the soundness and completeness properties of inference algorithms. We develop a mechanism, called Update Consolidator (UpCon), that propagates updates to a history file to ensure that no query is rejected based on inferences derived from outdated data. We show that D2Mon guarantees confidentiality and maximal availability even in the presence of updates.
在学习推理通道的相关理论和前人研究成果的基础上,本文针对安全数据库提出了一种基于MAC的安全控制模型。首先着重介绍了一种安全控制机制,叫做泄漏推理引擎,使用表达性很强的Horn子句约束用于数据依赖的推理算法。然后引入更新的状态,通过使用动态泄漏推理引擎扩展了强制访问控制机制,确保了数据的安全性。动态泄漏推理引擎扩展了泄漏推理引擎,是在数据库更新的情况下,保护数据库的健全性和完整性的安全模型。动态泄漏推理引擎在泄漏推理引擎的基础上,增加更新集运模块,并对历史文件进行更新,使得基于过时数据的错误推理查询不被拒绝,从而保证数据机密性和最大查询可能。针对本文提出的安全模型,通过实验对其性能进行了分析。
Inference control problem of secure database is an important research area in information security domain. The security of the common commercial database should be enough for general enterprises, but it isn’t enough for some special departments such as army and government. So we must study the special database to guarantee the absolute security of their information, and we call it secure database. The foreign study on secure database has been already riper, and has released the relevant products, but the domestic study on secure database is still very unripe. We must study our own secure database.
On the basis of previous research results and the study of information extraction theory, this paper presents a security mechanism based on MAC. First we present an integrated security mechanism, called the Disclosure Monitor. And we develop actual inference algorithms for data-dependent disclosures for a highly expressive family of Horn-clause constraints.Then lead in update state, we guarantees data confidentiality by extending an mandatory access control mechanism (MAC) with the integrated security mechanism called Dynamic Disclosure Monitor (D2Mon). D2Mon extends the functionality of Disclosure Monitor (DiMon) to address database updates while preserving the soundness and completeness properties of inference algorithms. We develop a mechanism, called Update Consolidator (UpCon), that propagates updates to a history file to ensure that no query is rejected based on inferences derived from outdated data. We show that D2Mon guarantees confidentiality and maximal availability even in the presence of updates.
引文
[1]中华人民共和国国家标准,GB17859-1999,计算机信息系统安全保护等级划分准则,北京:中国标准出版社,1999.
[2]中华人民共和国国家标准,GB/T18336.1-2001,信息技术安全性评估准则,北京:中国标准出版社,2001.
[3]中华人民共和国军用标准,GJB5023-2001,军用数据库安全评估准则,北京:中国标准出版社.
[4]中华人民共和国公安部,GA/T389-2002,计算机信息系统安全等级保护数据库管理系统技术要求,北京:中国标准出版社.
[5]中华人民共和国军用标准, GB/T20273-2006,信息技术数据库管理系统安全技术要求,北京:中国标准出版社,2006.
[6]中华人民共和国公安部,MSTL_JGF_04-021,信息技术数据库安全审计产品检验规范,北京:中国标准出版社.
[7] L.Russell.Assigning Probabilities for Assurance in MLS Database Design. IEEE Transaction on Knowledge and Data Engineering, Aug 1993,8(3):99-109.
[8] D.G.Marks . Inference in MLS Database systems. IEEE Transactions on Knowledge and Data engineering,1996,8(1):46-55.
[9] N.R.Adam,J.C.Wortmann. Security-Control Methods for Statistical Databases:A Comparative Study.ACM Computing Surveys,1989,21(4):515-556.
[10] D.E.Denning. Secure Statistical Databases with Random Sample Queries. ACM Transactions on Database systems,1980,5(3):291-315.
[11] C.Meadows,S.Jajodia.Integrity versus Security in Multi-level Secure Databases.ACM Transactions on Database System,1989,89-101.
[12] G.L.Sicherman,W.D.Jonge,R.Van de Riet.Answering Queries without Revealing Secrets.ACM Transactions on Database System,1983,8(1):41-59.
[13] Jessica Staddon. Dynamic Inference Control. ACM Transactions on Database System,2003, 6(3):94-101.
[14] X.Qian, M.Stickel, P.Karp, T.Lunt and T.Garvey.Detection and elimination of inference channels in multilevel relational database systems. IEEE Symposium on Security and Privacy,1993,4(7): 58-97.
[15] C.Beeri.On the membership problem for functional and multivalued dependencies in relational databases. ACM Transactions on Database systems,1980,5(3):241-259.
[16] Brodsky A,Farkas C, Jajodia S. Secure databases: constraints, inference channels,and monitoring disclosure.IEEE Transactions on knowledge and Data Engineering , 2000,6(4): 212-237.
[17]陈越,刘伟,范新峰.动态多级安全数据库系统(DMSDS)的设计和实现.计算机工程与应用,1998, 4(11):2-5.
[18]崔宾阁.推理通道和隐蔽通道的检测和消除, [硕士学位论文].哈尔滨:哈尔滨工程大学,2003.
[19] Tyrone S.Toland Csilla Farksa, Caroline M.Eastman. The inference problem:Maintaining maximal availability in the presence of database update. Computers&Security ,2010 , 3(29):88-103.
[20] Hinke T.Inference aggregation detection in database management systems. IEEE On Security and Privacy,1998,2(33):96-106.
[21] R.Yip,K Levitt.Data level inference detection in database systems. IEEE Computer Security Foundation Workshop, 1998,11(2):179-189.
[22]朱虹.多级安全数据库管理系统研究, [博士学位论文].武汉:华中科技大学,2001.
[23] D.O’Leary. Some privacy issues in knowledge discovery:OECD personal privacy guidelines. IEEE Expert,1995,4(5):36-45.
[24] D.Maier.the Theory of Relational Database.Rockville. Computer Science Press,1983, 6(12):121-143.
[25] M.Stickel.Elimination of inference channels by optimal upgrading. IEEE Symposium on Security and Privacy,1994,2(15):87-101.
[26] B.Thuraisingham.Recursion theoretic properties of the inference problem. IEEE Third Computer Security Foundations Workshop,1990,11(3):97-120.
[27] D.Naor, M.Naor ,J.Lotspiech.Revocation . tracing schemes for stateless receivers,In Advances in Cryptology-Crypto,2001,34-56.
[28] T.Keefe,M.Thuraisinghm,W.Tsai .Secure query-processing strategies.IEEE Computer, 1989,22(3):63-70.
[29] B.Thuraisingham,Mandatory.security in object-oriented database systems .In proceedings of OOPSLA,1989:156-199.
[30]严蔚敏,吴伟民.数据结构(C语言版).北京:清华大学出版社,1996,2(9):54-60.
[31]严和平,王正飞,汪卫,施伯乐.基于推理的安全数据库审计框架.计算机研究与发展,2006, 43(9):1630-1638.
[32] Csilla Farkas,Sushil jajodia.The Inference Problem:A Survey. SIGKDD Explorations,1994,4(2): 6-11.
[33]邢红刚.关于SQL Server数据库的安全问题的思考.科技资讯,2008:1-89.
[34]王东升,徐鑫涛.SQL Server数据库安全配置探讨.中国科技信息,2007(2):6-9.
[35]史凌云.多级安全数据库系统集合推理问题研究, [硕士学位论文],武汉:华中科技大学, 2005.
[36] T.Marlene,H.William.Oracle Security.O’Reilly & Associations Inc,1998,2(4): 51-68.
[37] Oracle9i Database Security for eBusiness, http://www.oralce.com/technology/deploy/security/oracle9i.
[38]张敏,徐震,冯登国.数据库安全.北京:科学出版社,2005:107-142.
[39] R.Kumar,S.Rajagopalan ,A.Sahai.Coding constructions for blacklisting problems without computational constructions.In Advance in Cryptology Crypto’99 pp,1989: 609-623.
[40] M.Naor ,B.Pinkas. Efficient trace and revoke schemes.In Financial Cryptography, 2000:25-35.
[41]李专,王元珍,朱虹.基于属性关联的数据库推理控制,小型微型计算机系统,2006, 27(2):300-304.
[42] Tzong-An Su,Gultekin Ozsoyoglu.Controlling FD and MVD inferences in multilevel relational systems[J].IEEE Transactions on Knowledge and Data Engineering,1991,3(4):474-485.
[43]朱虹,冯玉才.DM3强制存取控制设计与实现,华中理工大学学报,2000,28(4):26-29.
[44]朱虹,冯玉才.S-DBMS的安全管理,计算机工程与应用,2000,36(1):99-100.
[45]朱虹,多级安全数据库管理系统研究,[博士学位论文],武汉:华中科技大学,2001.
[46] Global Development Group,Postgre SQL 7.3 Developer’s Guide,http://www.postgresql.org.
[47] T.A.Su,G.Ozsoyoglu.Multivalued Dependency Inferences in Multilevel Relational Database Systems. Database SecurityⅢ:Status and Prospects,1990:293-300.
[48] T.A.Su,G.Ozsoyoglu.Controlling FD and MVD Inferences in Multilevel Relational Database System.IEEE Transactions on Knowledge and Data Engineering,1991,3(4):474-485.
[2]中华人民共和国国家标准,GB/T18336.1-2001,信息技术安全性评估准则,北京:中国标准出版社,2001.
[3]中华人民共和国军用标准,GJB5023-2001,军用数据库安全评估准则,北京:中国标准出版社.
[4]中华人民共和国公安部,GA/T389-2002,计算机信息系统安全等级保护数据库管理系统技术要求,北京:中国标准出版社.
[5]中华人民共和国军用标准, GB/T20273-2006,信息技术数据库管理系统安全技术要求,北京:中国标准出版社,2006.
[6]中华人民共和国公安部,MSTL_JGF_04-021,信息技术数据库安全审计产品检验规范,北京:中国标准出版社.
[7] L.Russell.Assigning Probabilities for Assurance in MLS Database Design. IEEE Transaction on Knowledge and Data Engineering, Aug 1993,8(3):99-109.
[8] D.G.Marks . Inference in MLS Database systems. IEEE Transactions on Knowledge and Data engineering,1996,8(1):46-55.
[9] N.R.Adam,J.C.Wortmann. Security-Control Methods for Statistical Databases:A Comparative Study.ACM Computing Surveys,1989,21(4):515-556.
[10] D.E.Denning. Secure Statistical Databases with Random Sample Queries. ACM Transactions on Database systems,1980,5(3):291-315.
[11] C.Meadows,S.Jajodia.Integrity versus Security in Multi-level Secure Databases.ACM Transactions on Database System,1989,89-101.
[12] G.L.Sicherman,W.D.Jonge,R.Van de Riet.Answering Queries without Revealing Secrets.ACM Transactions on Database System,1983,8(1):41-59.
[13] Jessica Staddon. Dynamic Inference Control. ACM Transactions on Database System,2003, 6(3):94-101.
[14] X.Qian, M.Stickel, P.Karp, T.Lunt and T.Garvey.Detection and elimination of inference channels in multilevel relational database systems. IEEE Symposium on Security and Privacy,1993,4(7): 58-97.
[15] C.Beeri.On the membership problem for functional and multivalued dependencies in relational databases. ACM Transactions on Database systems,1980,5(3):241-259.
[16] Brodsky A,Farkas C, Jajodia S. Secure databases: constraints, inference channels,and monitoring disclosure.IEEE Transactions on knowledge and Data Engineering , 2000,6(4): 212-237.
[17]陈越,刘伟,范新峰.动态多级安全数据库系统(DMSDS)的设计和实现.计算机工程与应用,1998, 4(11):2-5.
[18]崔宾阁.推理通道和隐蔽通道的检测和消除, [硕士学位论文].哈尔滨:哈尔滨工程大学,2003.
[19] Tyrone S.Toland Csilla Farksa, Caroline M.Eastman. The inference problem:Maintaining maximal availability in the presence of database update. Computers&Security ,2010 , 3(29):88-103.
[20] Hinke T.Inference aggregation detection in database management systems. IEEE On Security and Privacy,1998,2(33):96-106.
[21] R.Yip,K Levitt.Data level inference detection in database systems. IEEE Computer Security Foundation Workshop, 1998,11(2):179-189.
[22]朱虹.多级安全数据库管理系统研究, [博士学位论文].武汉:华中科技大学,2001.
[23] D.O’Leary. Some privacy issues in knowledge discovery:OECD personal privacy guidelines. IEEE Expert,1995,4(5):36-45.
[24] D.Maier.the Theory of Relational Database.Rockville. Computer Science Press,1983, 6(12):121-143.
[25] M.Stickel.Elimination of inference channels by optimal upgrading. IEEE Symposium on Security and Privacy,1994,2(15):87-101.
[26] B.Thuraisingham.Recursion theoretic properties of the inference problem. IEEE Third Computer Security Foundations Workshop,1990,11(3):97-120.
[27] D.Naor, M.Naor ,J.Lotspiech.Revocation . tracing schemes for stateless receivers,In Advances in Cryptology-Crypto,2001,34-56.
[28] T.Keefe,M.Thuraisinghm,W.Tsai .Secure query-processing strategies.IEEE Computer, 1989,22(3):63-70.
[29] B.Thuraisingham,Mandatory.security in object-oriented database systems .In proceedings of OOPSLA,1989:156-199.
[30]严蔚敏,吴伟民.数据结构(C语言版).北京:清华大学出版社,1996,2(9):54-60.
[31]严和平,王正飞,汪卫,施伯乐.基于推理的安全数据库审计框架.计算机研究与发展,2006, 43(9):1630-1638.
[32] Csilla Farkas,Sushil jajodia.The Inference Problem:A Survey. SIGKDD Explorations,1994,4(2): 6-11.
[33]邢红刚.关于SQL Server数据库的安全问题的思考.科技资讯,2008:1-89.
[34]王东升,徐鑫涛.SQL Server数据库安全配置探讨.中国科技信息,2007(2):6-9.
[35]史凌云.多级安全数据库系统集合推理问题研究, [硕士学位论文],武汉:华中科技大学, 2005.
[36] T.Marlene,H.William.Oracle Security.O’Reilly & Associations Inc,1998,2(4): 51-68.
[37] Oracle9i Database Security for eBusiness, http://www.oralce.com/technology/deploy/security/oracle9i.
[38]张敏,徐震,冯登国.数据库安全.北京:科学出版社,2005:107-142.
[39] R.Kumar,S.Rajagopalan ,A.Sahai.Coding constructions for blacklisting problems without computational constructions.In Advance in Cryptology Crypto’99 pp,1989: 609-623.
[40] M.Naor ,B.Pinkas. Efficient trace and revoke schemes.In Financial Cryptography, 2000:25-35.
[41]李专,王元珍,朱虹.基于属性关联的数据库推理控制,小型微型计算机系统,2006, 27(2):300-304.
[42] Tzong-An Su,Gultekin Ozsoyoglu.Controlling FD and MVD inferences in multilevel relational systems[J].IEEE Transactions on Knowledge and Data Engineering,1991,3(4):474-485.
[43]朱虹,冯玉才.DM3强制存取控制设计与实现,华中理工大学学报,2000,28(4):26-29.
[44]朱虹,冯玉才.S-DBMS的安全管理,计算机工程与应用,2000,36(1):99-100.
[45]朱虹,多级安全数据库管理系统研究,[博士学位论文],武汉:华中科技大学,2001.
[46] Global Development Group,Postgre SQL 7.3 Developer’s Guide,http://www.postgresql.org.
[47] T.A.Su,G.Ozsoyoglu.Multivalued Dependency Inferences in Multilevel Relational Database Systems. Database SecurityⅢ:Status and Prospects,1990:293-300.
[48] T.A.Su,G.Ozsoyoglu.Controlling FD and MVD Inferences in Multilevel Relational Database System.IEEE Transactions on Knowledge and Data Engineering,1991,3(4):474-485.