基于Web的网络数据库安全技术研究
|
摘要
在信息全球化的今天,网络数据库的应用使得资源共享和数据通信得以实现,对于人们提高工作效率、节约劳动成本有着及其重要的意义。然而由于互联网络是一个面向社会各界的开放的信息资源库,网络数据库在方便人们办公的同时,也产生了许多安全问题。这使人们通过网络数据库正常的工作活动受到极大威胁。因此,如何保证网络数据库的安全,便成为设计数据库时需要重点考虑的问题。
本文以中国粉体工业信息网网站的建设为背景,对网络数据库安全性进行了分析与设计,主要包括以下内容:
1.分析了当前网络数据库安全研究现状,提出了网络数据库安全模型。
2.分析了当前网站安全的常用技术,重点研究了网站的防火墙防御系统的功能组成,并对网络隔离技术进行了仔细研究,提出了中国粉体工业网网站的网络安全结构。该网络安全结构具有良好的安全性。
3.给出了网站数据库的简要设计,并在此基础上对智能卡认证技术进行了深入研究。在研究基于RSA密钥算法智能卡认证技术的基础上,提出了基于散列函数的智能卡访问认证方法。秘密信息和智能卡结合的身份认证是一种适用于向数据库请求敏感信息所采用的新型身份认证技术,能够实现通信数据的安全。
4.分析了基于角色的存取控制技术。提出了基于角色控制安全数据库管理系统模型。根据模型,本文按照“角色”把用户分为一般用户,会员用户和网站管理员三类,赋予不同的访问权限。一般用户拥有访问网站一般信息权限;会员用户拥有访问网站一般信息和敏感信息权限;网站管理员拥有网站的最高控制管理权限。
根据以上内容,本文建立了用户—角色映射表和角色授权表。通过角色授权表中的角色数字,认证服务器能够对不同用户动态地采用不同安全级别的认证技术,并能根据认证结果做出授权判断。这种方法可通过应用程序实现授权而不需依赖于具体数据库。
最后,本文详细介绍了数据库安全系统的实现。该系统能够提供身份认证、角色授权和日志记录等功能。本文提出的网络数据库安全模型能够保障网络数据库的安全。
In the information-globalized days, the application of network database makes resource and data communications share to be realized, which is very significant for people to enhance work efficiency and economize work cost. However, because Internet is an information resource open to different class in society, while network database brings people convenience, it also results in many secure problems. This threatens people's natural work activity from network database greatly. Thus, how to ensure the security of network database becomes a significant problem when us design it.
On the ground of the construction of China Powder Industry Information Web, this paper analyzes and designs the security of network database, and it mainly includes the following content:
1. The paper analyzes the current research actuality of network database, and brings forward the general security model of network database.
2. The paper analyzes the current usual technologies of Web, and studies the functional structure of firewall defense system of the Web emphatically and network isolation technology particularly, then puts forward the network security structure of the Web. The network security system structure has sound security.
3. The paper realizes the design of Web database. On the basis of the database, studies smart card identity identification technology thoroughly. On the basis of study of secret key algorithm RSA based smart card identity identification technology then puts forward HASH function based smart card identity identification method. The identification of secret information combined with Smart Card is new kind identity identification technology adapting to requesting database for sensitive information, which can acquire secure data communications.
4.The paper analyzes role-based access control (RBAC) technologies and puts forward role-based control secure database management system model. According to the model, the paper divides client accessing the web database into ordinary user, member user and web administrator three types with different authorities. Ordinary user owns ordinary information authority of accessing to web; member user has the authority of accessing to both ordinary and sensitive information; while web administrator owns the super administration authority.
On the basis of the above resolution, the paper constructs user-role mapping table and role authorization table. By the role number of role authorization table, Certification Server can use different security-class identification technologies according to diverse users dynamically, and decides responding authorization with the identification results. This method can be realized by program without dependence on concrete database.
In the end, the paper introduces the realization of database security system. The system
can offer such functions as identity identification, role authorization and log records. The network database security resolution presenting by the paper can safeguard the security of network database completely.
本文以中国粉体工业信息网网站的建设为背景,对网络数据库安全性进行了分析与设计,主要包括以下内容:
1.分析了当前网络数据库安全研究现状,提出了网络数据库安全模型。
2.分析了当前网站安全的常用技术,重点研究了网站的防火墙防御系统的功能组成,并对网络隔离技术进行了仔细研究,提出了中国粉体工业网网站的网络安全结构。该网络安全结构具有良好的安全性。
3.给出了网站数据库的简要设计,并在此基础上对智能卡认证技术进行了深入研究。在研究基于RSA密钥算法智能卡认证技术的基础上,提出了基于散列函数的智能卡访问认证方法。秘密信息和智能卡结合的身份认证是一种适用于向数据库请求敏感信息所采用的新型身份认证技术,能够实现通信数据的安全。
4.分析了基于角色的存取控制技术。提出了基于角色控制安全数据库管理系统模型。根据模型,本文按照“角色”把用户分为一般用户,会员用户和网站管理员三类,赋予不同的访问权限。一般用户拥有访问网站一般信息权限;会员用户拥有访问网站一般信息和敏感信息权限;网站管理员拥有网站的最高控制管理权限。
根据以上内容,本文建立了用户—角色映射表和角色授权表。通过角色授权表中的角色数字,认证服务器能够对不同用户动态地采用不同安全级别的认证技术,并能根据认证结果做出授权判断。这种方法可通过应用程序实现授权而不需依赖于具体数据库。
最后,本文详细介绍了数据库安全系统的实现。该系统能够提供身份认证、角色授权和日志记录等功能。本文提出的网络数据库安全模型能够保障网络数据库的安全。
In the information-globalized days, the application of network database makes resource and data communications share to be realized, which is very significant for people to enhance work efficiency and economize work cost. However, because Internet is an information resource open to different class in society, while network database brings people convenience, it also results in many secure problems. This threatens people's natural work activity from network database greatly. Thus, how to ensure the security of network database becomes a significant problem when us design it.
On the ground of the construction of China Powder Industry Information Web, this paper analyzes and designs the security of network database, and it mainly includes the following content:
1. The paper analyzes the current research actuality of network database, and brings forward the general security model of network database.
2. The paper analyzes the current usual technologies of Web, and studies the functional structure of firewall defense system of the Web emphatically and network isolation technology particularly, then puts forward the network security structure of the Web. The network security system structure has sound security.
3. The paper realizes the design of Web database. On the basis of the database, studies smart card identity identification technology thoroughly. On the basis of study of secret key algorithm RSA based smart card identity identification technology then puts forward HASH function based smart card identity identification method. The identification of secret information combined with Smart Card is new kind identity identification technology adapting to requesting database for sensitive information, which can acquire secure data communications.
4.The paper analyzes role-based access control (RBAC) technologies and puts forward role-based control secure database management system model. According to the model, the paper divides client accessing the web database into ordinary user, member user and web administrator three types with different authorities. Ordinary user owns ordinary information authority of accessing to web; member user has the authority of accessing to both ordinary and sensitive information; while web administrator owns the super administration authority.
On the basis of the above resolution, the paper constructs user-role mapping table and role authorization table. By the role number of role authorization table, Certification Server can use different security-class identification technologies according to diverse users dynamically, and decides responding authorization with the identification results. This method can be realized by program without dependence on concrete database.
In the end, the paper introduces the realization of database security system. The system
can offer such functions as identity identification, role authorization and log records. The network database security resolution presenting by the paper can safeguard the security of network database completely.
引文
[1] 查月华,许建真,胡建彰.基于防火墙的网络安全实现.有线网络.2002.6
[2] 卿斯汉.密码学与计算机网络安全.清华大学出版社,2001.7
[3] 李伦,尹兰.一种改进的应用网关防火墙系统.计算机工程与应用,2003年第五期
[4] 郝玉洁,常征.网络安全与防火墙技术.电子科技大学学报(社科版),2002年第一期
[5] 叶忠杰,洪波,杨志平.从信息安全技术谈数据库系统开发.浙江交通职业技术学院学报,第2卷第3期,2001年9月
[6] 赵庆松,孙玉芳,孙波.RPRDM:基于重复和部分角色的转授权模型.计算机研究与发展,2003年第二期
[7] 余辉,刘亚军.基于角色访问控制的研究与实现,微机发展,2003年第一期
[8] 王九明,耿国华.网络数据库角色代理安全模型,控制工程.2002.5
[9] 王惠琴,李明,王燕.基于Web的数据库安全管理技术与实现.计算机应用研究,2002年第三期
[10] 陆静平,何玉林.基于SQL Server视图的数据库安全模型的研究.计算机工程与应用.2002.9
[11] 胡长建,郑力,李志忠等.基于角色建模实现网络应用服务的访问控制.成组技术与生产现代化,2002年第一期
[12] 萨师煊,王珊.数据库系统概论.北京:高等教育出版社,2000年2月
[13] 斯海飞,赵国庆.入侵检测技术分析概述.电子对抗技术.2002年第17卷第2期
[14] 胡亮,康健,赵阔等.入侵检测系统.吉林大学学报(信息科学版).第20卷第4期2002年11月
[15] 王卓人,邓晋钧,刘宗祥.IC卡的技术与应用[M].电子工业出版社,1998
[16] 沈炜,陈纯.智能卡应用体系安全方案.2001.1
[17] 陈幼雷,王张宜,张焕国.智能卡系统的安全性研究.计算机工程.2002.7
[18] 袁时金,吕丽民.智能卡口令认证方案.计算机工程与科学,2002年第24卷第1期
[19] 曹天杰,张水平.基于智能卡的电子商务认证.现代计算机,2001.6
[20] 于浩,周培源.智能卡中椭圆曲线加密算法的应用.信息技术,2002.9
[21] 段斌.数字签名的智能卡实现.湘潭大学自然科学学报,2001.3
[22] 苏永生,宋韶辉,张永辉.IC智能卡的产生、应用和发展.信息技术,2002.9
[23] 段斌,周科.采用智能卡加密的数据通信设计.算机工程,2001.3
[24] 苏永生,宋韶辉,张永辉.IC卡的产生、应用和发展.信息技术.2002.2
[25] 高峰,卢尚琼.分布式防火墙与校园网络安全.计算机应用研究,2003年第一期
[26] 肖竟华.防火墙技术及其体系结构分析.微机发展,2003年第一期
[27] 卢正鼎,付秦华.智能卡加密签别协议.计算机应用,2002年第七期
[28] Aubert Benoit A, Hamel, Genevieve. Adoption of smart cards in the medical sector: the Canadian experience. Social Science and Medicine, Volume: 53,Issue: 7, October, 2001,
pp.879-894
[29] Guillou L. C., Ugon M., Quisquater J-J. Cryptographic authentication protocols for smart cards. Computer Networks Volume: 36,Issue 4,July 16,2001,pp.
[30] Blobel Bernd, Pharow Peter, Spiegel Volker, Engel Kjeld, Engelbrecht Rolf Securing interoperability between chip card based medical information systems and health networks. International Jounal of Medical Informatics. Volume: 64,Issue: 2-3,December, 2001,pp.401-415
[31] Praca Denis, Barral Claude. From smart cards to smart objects: the road to new smart technologies. Computer Networks, Volume: 36,Issue4, July 16,2001,pp.381-389
[32] Deloying the Common Access Card. Card technology today, Volume 15, Issue:3, March, 2003,pp. 11-12
[33] Domingo-Ferrer Josep, Hartel Pieter. Current directions in smart cards. Computer Networks Volume: 36, Issue: 4, July 16, 2001,pp.377-379
[34] Chien Hung-Yu, Jan Jinn-Ke, Tseng Yuh-min. An Efficient and Practical Solution to Remote Authentication: Smart Card. Computer and Security, Volume: 21, Issue: 4, August 1, 2002, PP.372-375
[35] Voice authentication smart card Network Security,Volume:2000,Issue: 10, October 1, 2000,pp.5
[36] User authentication via smart card. Network Security, Volume: 2000,Issue: 9,September 1,2000,pp.7
[37] Smith,Tim.Authentication by biometric smart card. Network Security, Volume: 2000,Issue: 6,June 1,2000,pp.5
[38] Hwang Min-Shiang, Lee Cheng-Chi, Tang Yuan-Liang. A Simple remote user authentication scheme. Mathematical and Computer Modelling, Volume: 36,Issue: 1-2,July, 2002,pp.103-107
[39] Maintaining security and timeliness in real-time database system.Joumal of Systems and Software, Volume: 61 .Issue: 1,March 1,2002, pp. 15-29
[40] The effect of the Bootstrap method on additive fixed data perturbation in statistical database. Omega, Volume: 30,Issue: 5,October, 2002, pp. 367-379
[41] Park Chanjung, Park Seog. The Freeze algorithms for concurrency controls in secure real-time database systems. Data and Knowledge Engineering, Volume: 45,Issue: 1,April, 2003,pp. 101-125
[42] Wiseman Simonm. Security for Distributed Databases. Information Security Technical Report, Volume: 6,Issue: 2,June 1,2001,pp.30-43
[43] HauserThomas H.,Ho Kalon K.L. Accuracy of on-line database in determining vital status. Journal of Clinical Epidemiology, Volume:54,Issue:12,December,2001,pp. 1267-1270
[44] Security in Federated Database Systems. Information Security Technical Report, Volume: 6,Issume: 2,June 1,2001,pp.69-79
[2] 卿斯汉.密码学与计算机网络安全.清华大学出版社,2001.7
[3] 李伦,尹兰.一种改进的应用网关防火墙系统.计算机工程与应用,2003年第五期
[4] 郝玉洁,常征.网络安全与防火墙技术.电子科技大学学报(社科版),2002年第一期
[5] 叶忠杰,洪波,杨志平.从信息安全技术谈数据库系统开发.浙江交通职业技术学院学报,第2卷第3期,2001年9月
[6] 赵庆松,孙玉芳,孙波.RPRDM:基于重复和部分角色的转授权模型.计算机研究与发展,2003年第二期
[7] 余辉,刘亚军.基于角色访问控制的研究与实现,微机发展,2003年第一期
[8] 王九明,耿国华.网络数据库角色代理安全模型,控制工程.2002.5
[9] 王惠琴,李明,王燕.基于Web的数据库安全管理技术与实现.计算机应用研究,2002年第三期
[10] 陆静平,何玉林.基于SQL Server视图的数据库安全模型的研究.计算机工程与应用.2002.9
[11] 胡长建,郑力,李志忠等.基于角色建模实现网络应用服务的访问控制.成组技术与生产现代化,2002年第一期
[12] 萨师煊,王珊.数据库系统概论.北京:高等教育出版社,2000年2月
[13] 斯海飞,赵国庆.入侵检测技术分析概述.电子对抗技术.2002年第17卷第2期
[14] 胡亮,康健,赵阔等.入侵检测系统.吉林大学学报(信息科学版).第20卷第4期2002年11月
[15] 王卓人,邓晋钧,刘宗祥.IC卡的技术与应用[M].电子工业出版社,1998
[16] 沈炜,陈纯.智能卡应用体系安全方案.2001.1
[17] 陈幼雷,王张宜,张焕国.智能卡系统的安全性研究.计算机工程.2002.7
[18] 袁时金,吕丽民.智能卡口令认证方案.计算机工程与科学,2002年第24卷第1期
[19] 曹天杰,张水平.基于智能卡的电子商务认证.现代计算机,2001.6
[20] 于浩,周培源.智能卡中椭圆曲线加密算法的应用.信息技术,2002.9
[21] 段斌.数字签名的智能卡实现.湘潭大学自然科学学报,2001.3
[22] 苏永生,宋韶辉,张永辉.IC智能卡的产生、应用和发展.信息技术,2002.9
[23] 段斌,周科.采用智能卡加密的数据通信设计.算机工程,2001.3
[24] 苏永生,宋韶辉,张永辉.IC卡的产生、应用和发展.信息技术.2002.2
[25] 高峰,卢尚琼.分布式防火墙与校园网络安全.计算机应用研究,2003年第一期
[26] 肖竟华.防火墙技术及其体系结构分析.微机发展,2003年第一期
[27] 卢正鼎,付秦华.智能卡加密签别协议.计算机应用,2002年第七期
[28] Aubert Benoit A, Hamel, Genevieve. Adoption of smart cards in the medical sector: the Canadian experience. Social Science and Medicine, Volume: 53,Issue: 7, October, 2001,
pp.879-894
[29] Guillou L. C., Ugon M., Quisquater J-J. Cryptographic authentication protocols for smart cards. Computer Networks Volume: 36,Issue 4,July 16,2001,pp.
[30] Blobel Bernd, Pharow Peter, Spiegel Volker, Engel Kjeld, Engelbrecht Rolf Securing interoperability between chip card based medical information systems and health networks. International Jounal of Medical Informatics. Volume: 64,Issue: 2-3,December, 2001,pp.401-415
[31] Praca Denis, Barral Claude. From smart cards to smart objects: the road to new smart technologies. Computer Networks, Volume: 36,Issue4, July 16,2001,pp.381-389
[32] Deloying the Common Access Card. Card technology today, Volume 15, Issue:3, March, 2003,pp. 11-12
[33] Domingo-Ferrer Josep, Hartel Pieter. Current directions in smart cards. Computer Networks Volume: 36, Issue: 4, July 16, 2001,pp.377-379
[34] Chien Hung-Yu, Jan Jinn-Ke, Tseng Yuh-min. An Efficient and Practical Solution to Remote Authentication: Smart Card. Computer and Security, Volume: 21, Issue: 4, August 1, 2002, PP.372-375
[35] Voice authentication smart card Network Security,Volume:2000,Issue: 10, October 1, 2000,pp.5
[36] User authentication via smart card. Network Security, Volume: 2000,Issue: 9,September 1,2000,pp.7
[37] Smith,Tim.Authentication by biometric smart card. Network Security, Volume: 2000,Issue: 6,June 1,2000,pp.5
[38] Hwang Min-Shiang, Lee Cheng-Chi, Tang Yuan-Liang. A Simple remote user authentication scheme. Mathematical and Computer Modelling, Volume: 36,Issue: 1-2,July, 2002,pp.103-107
[39] Maintaining security and timeliness in real-time database system.Joumal of Systems and Software, Volume: 61 .Issue: 1,March 1,2002, pp. 15-29
[40] The effect of the Bootstrap method on additive fixed data perturbation in statistical database. Omega, Volume: 30,Issue: 5,October, 2002, pp. 367-379
[41] Park Chanjung, Park Seog. The Freeze algorithms for concurrency controls in secure real-time database systems. Data and Knowledge Engineering, Volume: 45,Issue: 1,April, 2003,pp. 101-125
[42] Wiseman Simonm. Security for Distributed Databases. Information Security Technical Report, Volume: 6,Issue: 2,June 1,2001,pp.30-43
[43] HauserThomas H.,Ho Kalon K.L. Accuracy of on-line database in determining vital status. Journal of Clinical Epidemiology, Volume:54,Issue:12,December,2001,pp. 1267-1270
[44] Security in Federated Database Systems. Information Security Technical Report, Volume: 6,Issume: 2,June 1,2001,pp.69-79