SQL Server数据库信息获取系统的设计与实现
摘要
数据库系统作为现代社会的信息主体,其安全性受到人们的广泛重视。本文首先分析了当前数据库系统面临的各种安全威胁,同时对国内外数据库安全产品进行了分析。通过对比分析,可以看出当前的产品还存在着获取数据库信息种类的单一性以及在加密网络环境当中的应用受限等缺点。有鉴于此,本文在原有的数据库安全监控演示系统的基础上,对其中的部分模块功能加以改进,同时引入了新的功能,进一步完善了系统。
本文主要对信息获取系统进行了研究,主要工作有(1)首次在利用现有数据库编程的接口之上,将VC与C#编程技术相融合,通过加载DLL文件,实现多进程开启、实时跟踪,获取用户针对数据库的各种操作信息以及数据库当前运行的实时状态、当前主机运行状态信息等,解决了信息来源单一的问题,并且由于其获取方式主要是基于主机的,因此不存在加密网络环境应用受限的问题:(2)将传统的数据库跟踪模板定义与指令控制相结合,实现了对于各种数据库操作信息中有效数据的萃取提炼,避免了信息的冗余传输,减少了系统的负荷量:(3)进程间通讯技术的应用则是在现有的管道技术基础上,对已有的函数再造重载,进行跨平台调用,保证所捕获的数据库操作信息的稳定传输:(4)应用守护进程的自启动和监控技术解决了数据库监控系统在无人值守的情况下断开后无法自动重连的问题,保证了信息获取系统工作状态的连续性;(5)描述了信息获认低车淖芴褰峁股杓啤⑷砑鞒淌迪忠约靶畔⒒袢∠低车敝懈鞲瞿?榈氖迪?包括代码说明、流程图以及工作原理;(6)通过设计测试方案对信息获取系统进行了功能性测试和性能测试,并对结果进行了分析,进一步印证了系统在信息获取、传输方面的可靠性。
最后对以上工作加以总结,指出了当前系统的不足之处,并指出了下一步努力的方向。
Database system which serves as the main information part in modern society is paid extensive attention about its security by people. This paper analyzes the current security threat that database system faces, while the domestic and international database security products are analyzed. Through comparative analysis, we can see that the current products still have some shortcomings such as the oneness of accessing database information, as well as the application limited in the types of encryption network environment. In view of this, on basis of original database monitoring system, some modules function are improved, as well as some new function are applied in this paper.
This paper mainly analyzes and introduces information access system. The main content are below: (1)By using existing database programming interfaces, integrate VC and C # programming technology integration for the first time, as well as through loading the DLL, realize Multi processes, real-time tracking and access various database operational information、database currently running status and the current host status information, also well resolve the problem of information source single, and because of its access is mainly based on the mainframe so there will be no question of encrypted network environment constrained;(2)By combining the traditional definition of the database tracking templates and command control, this system achieves the effective data extraction of various database operational information, avoiding redundant information transmission and reducing the load of the system;(3)The application of communications technology between process is overloading existing function on base of the pipeline technology and putting up cross-platform calls to ensure the stability of transmission of the database operation information that is captured;(4)By applying the self-launch of the guard process and monitoring technology, the problem that database monitoring system in unattended circumstances can not achieve automatic link after disconnected is well resolved and the continuity of the state of information access system is ensured;(5) The collectivity architecture design, software flow and the realization of the modules, including the code, flowcharts, as well as working principle in the information access system is presented;(6)Doing some functions testing and performance testing by carrying out testing program and the result is analyzed which further confirm the reliability in accessing information and transmission of this system.
Finally, the works above are sum up, with the current system inadequate pointing out, as well as the direction for the next step that should be done.
本文主要对信息获取系统进行了研究,主要工作有(1)首次在利用现有数据库编程的接口之上,将VC与C#编程技术相融合,通过加载DLL文件,实现多进程开启、实时跟踪,获取用户针对数据库的各种操作信息以及数据库当前运行的实时状态、当前主机运行状态信息等,解决了信息来源单一的问题,并且由于其获取方式主要是基于主机的,因此不存在加密网络环境应用受限的问题:(2)将传统的数据库跟踪模板定义与指令控制相结合,实现了对于各种数据库操作信息中有效数据的萃取提炼,避免了信息的冗余传输,减少了系统的负荷量:(3)进程间通讯技术的应用则是在现有的管道技术基础上,对已有的函数再造重载,进行跨平台调用,保证所捕获的数据库操作信息的稳定传输:(4)应用守护进程的自启动和监控技术解决了数据库监控系统在无人值守的情况下断开后无法自动重连的问题,保证了信息获取系统工作状态的连续性;(5)描述了信息获认低车淖芴褰峁股杓啤⑷砑鞒淌迪忠约靶畔⒒袢∠低车敝懈鞲瞿?榈氖迪?包括代码说明、流程图以及工作原理;(6)通过设计测试方案对信息获取系统进行了功能性测试和性能测试,并对结果进行了分析,进一步印证了系统在信息获取、传输方面的可靠性。
最后对以上工作加以总结,指出了当前系统的不足之处,并指出了下一步努力的方向。
Database system which serves as the main information part in modern society is paid extensive attention about its security by people. This paper analyzes the current security threat that database system faces, while the domestic and international database security products are analyzed. Through comparative analysis, we can see that the current products still have some shortcomings such as the oneness of accessing database information, as well as the application limited in the types of encryption network environment. In view of this, on basis of original database monitoring system, some modules function are improved, as well as some new function are applied in this paper.
This paper mainly analyzes and introduces information access system. The main content are below: (1)By using existing database programming interfaces, integrate VC and C # programming technology integration for the first time, as well as through loading the DLL, realize Multi processes, real-time tracking and access various database operational information、database currently running status and the current host status information, also well resolve the problem of information source single, and because of its access is mainly based on the mainframe so there will be no question of encrypted network environment constrained;(2)By combining the traditional definition of the database tracking templates and command control, this system achieves the effective data extraction of various database operational information, avoiding redundant information transmission and reducing the load of the system;(3)The application of communications technology between process is overloading existing function on base of the pipeline technology and putting up cross-platform calls to ensure the stability of transmission of the database operation information that is captured;(4)By applying the self-launch of the guard process and monitoring technology, the problem that database monitoring system in unattended circumstances can not achieve automatic link after disconnected is well resolved and the continuity of the state of information access system is ensured;(5) The collectivity architecture design, software flow and the realization of the modules, including the code, flowcharts, as well as working principle in the information access system is presented;(6)Doing some functions testing and performance testing by carrying out testing program and the result is analyzed which further confirm the reliability in accessing information and transmission of this system.
Finally, the works above are sum up, with the current system inadequate pointing out, as well as the direction for the next step that should be done.
引文
[1]王新海,邵良杉.企业信息系统建设面临的矛盾及对策[J].计算机系统应用,2004,10:24-26
[2]胡怡之,陈源.基于SQL和Oracle数据库安全分析[J].计算机与现代化,2004,12:150-152
[3]黄健,吴延海,刘晓佩,常淑娟.如何高效开发企业级的数据库信息系统[J].计算机工程与设计,2005,26(8):2168-2169
[4]钟勇,秦小麟.数据库入侵检测研究综述[J].计算机科学,2004,31(10):15-18
[5]王晋东,张明清,韩继红.信息系统安全技术策略研究[J].计算机应用研究,2001,18(5):61-63
[6]杨光,谭贤四,周烨.一种安全登录数据库的模型设计[J].微计算机信息,2007,27(11-2):150-154
[7]马应章.SQL标准发展概述[J].计算机应用与软件,2003,11:28-32
[8]Bertino E,Sandhu R.Database security concepts,approaches and challenges[J].IEEE Transactions on Dependable and Secure Computing,2005,2(1):2-19
[9]张超.SQL Server数据库入侵检测系统的研究[D].西安:西安电子科技大学,2004
[10]李镇江,戴英侠,陈越.IDS入侵检测系统研究[J].计算机工程,2001,27(4):7-9
[11]孟丽荣,夏思淝,陈驰,冯仕红.一种入侵容忍的安全数据库系统设计方案[J].山东大学学报(工学版).2003,33(2):176-179
[12]谷震离,杜根远.SQL Server数据库应用程序中数据库安全性研究[J].计算机工程与设计,2007,28(15):3717-3719
[13]朱良根,雷振甲,张玉清.数据库安全技术研究[J].计算机应用研究,2004,9:127-129
[14]Fulkerson C,Gonsoulin M,Walz D.Database Security:Controlling Access to Your Most Valuable Information Asset[J].Strategic Finance,2002,84(12):48-54
[15]David Morgan.Web application security SQL injection attacks[J].Network Security,2006,4:4-5
[16]Paul Lothian,Peter Wenham.Database security in a Web environment[J].Information Security Technical Report,2001,6(2):12-20
[17]Y.Deswarte,L.Blain,J.C.Fabre.Intrusion tolerance in distributed computing systems[J].Proc.of the International Symposium on Security and Privacy,1991,110-121
[18]牟青,陈松乔.异构数据集成采集交换平台中安全审计技术的设计与实现[J].计算机应用研究,2007,24(9):25-27
[19]David F,Ferraiolo,Sandhu R,Serban Gavrlia.Proposed NIST standard for rolebased access control[J].ACM Transactions on Information and Systems Security,2001,4(3):224-274
[20]Fulkerson C,Gonsoulin M,Walz D.Database Security:Controlling Access to Your Most Valuable Information Asset[J].Strategic Finance,2002,84(12):48-54
[21]金烨,曹珍富.一个新的用于移动代理的签名方案[J].计算机工程,2006,32(2):149-150
[22]陈丽,王亚弟,常朝稳.数据库安全模型的设计[J].微计算机信息,2007,23(9-3):94-96
[23]朱海卫.应用系统中的数据库安全性研究及实现[D].北京:北京邮电大学,2006
[24]Ammann P,Jajodia S,Liu P.Recovery from malicious transactions[J].IEEE Transactions on Knowledge and Data Engineering,2002,15(5):1167-1185
[25]Bhavani Thuraisingham.Security for distributed database[J].Information Security Technical Report,2000,6(2):95-102
[26]王静,易军凯.基于入侵检测的数据库安全模型研究[J].微计算机信息,2006,22(9-3):84-86
[27]张文超,张璟,李军怀.基于触发器机制的主动数据库模型研究[J].计算机应用,2006,26(10):2417-2420
[28]曹晖,王青青,马义忠,罗平.一种新型的数据库安全审计系统[J].计算机工程与应用,2007,43(5):163-171
[29]李佳静,徐辉,潘爱民.入侵检测系统中协议分析子系统的设计和实现[J].计算机工程与应用.2003,12:154-155
[30]邝祝芳.数据库入侵检测系统GKD-DBIDS的研究与实现[D].湖南:国防科技大学,2006
[31]黄晨,胡红云,蒋安东,谢俊元.分布式安全审计系统设计与实现[J].计算机工程与设计,2007,28(4):811-813
[32]刘冲.SQL SERVER入侵检测[D].北京:北京理工大学,2006
[33]陈新.基于Web的远程监控与数据采集系统[J].电子科技大学学报,2003,32(4):433-436
[34]ZHANG SC,ZHANG CQ.Anytime Mining for Multi User Applications[J].IEEE Transactions on Systems,Man and Cybernetics(Part A),2002,32(4):515-521
[35]S.Jajodia,P Samarati,M L Sapino,V Subrahmanian.Flexible Support for Multiple Access Control Policies[J].ACM Transactions on Database Systems,2001,26(2):214-260
[36]Steven D,Sabrina D C,Patrick L.Maximizing sharing of protected information[J].Journal of Computer and System Sciences,2002,64(3):496-541
[37]胡滨.基于Windows平台的底层网络数据包捕获技术[J].计算机工程与设计,2005,26(11):3037-3038
[38]李成华,周培源,张新访.基于主机内核的混合型入侵防御系统的设计与实现技术[J].计算机应用与软件,2006,23(7):117-120
[39]李之棠,杨红云.模糊入侵检测模型[J].计算机工程与科学,2000,22(2):49-53
[40]BASS T.Intrusion detection systems and multi sensor data fusion[J].Communications of the ACM,2000,43(4):99-105
[41]Chip Andrews,David Litchfield,Bill Grindlay.SQL Server安全性[M].北京:清华大学出版社,2004:89-94
[42]Quazi N Ahmed,Susan V Vrbsky.Maintaining security and timeliness in real-time database system[J].Journal of Systems and Software,2002,61(1):15-29
[43]Brian Blake,Gail Hamilton,Jeffrey Hoyt.Using Component-Based Development and Web Technologies to Support a Distributed Data Management System[J].Annals of Software Engineering,2002,(13):13-34
[44]曹元大,岳治宇.基于Servia的Web数据库接口系统的设计与实现[J].北京理工大学学报,2000,20(4):452-455
[45]刘怡文,李伟琴,韦卫.信息网格安全体系结构的研究[J].北京航空航天大学学报,2003,29(7):631-635
[46]邵佩英.数据库安全应用服务器的研究与实现[J].软件学报,2001,12(1):154-158
[47]Khanna,K.G.Database programming using ADO from VC++[J].Windows Developers Journal,2001,12(1):8-11
[48]王静.数据库安全增强系统模型的研究[D].北京:北京化工大学,2006
[49]Zeleznikow J,James R N.Using soft computing to build world intelligent decision support systems in uncertain domains[J].Decision Support.2001,31:263
[50]Shaw M J,Subramaniam C,Tan G W,Welge M E.Knowledge Management and Data Mining for Marketing[J].Decision Support Systems,2001,31(1):127-137
[2]胡怡之,陈源.基于SQL和Oracle数据库安全分析[J].计算机与现代化,2004,12:150-152
[3]黄健,吴延海,刘晓佩,常淑娟.如何高效开发企业级的数据库信息系统[J].计算机工程与设计,2005,26(8):2168-2169
[4]钟勇,秦小麟.数据库入侵检测研究综述[J].计算机科学,2004,31(10):15-18
[5]王晋东,张明清,韩继红.信息系统安全技术策略研究[J].计算机应用研究,2001,18(5):61-63
[6]杨光,谭贤四,周烨.一种安全登录数据库的模型设计[J].微计算机信息,2007,27(11-2):150-154
[7]马应章.SQL标准发展概述[J].计算机应用与软件,2003,11:28-32
[8]Bertino E,Sandhu R.Database security concepts,approaches and challenges[J].IEEE Transactions on Dependable and Secure Computing,2005,2(1):2-19
[9]张超.SQL Server数据库入侵检测系统的研究[D].西安:西安电子科技大学,2004
[10]李镇江,戴英侠,陈越.IDS入侵检测系统研究[J].计算机工程,2001,27(4):7-9
[11]孟丽荣,夏思淝,陈驰,冯仕红.一种入侵容忍的安全数据库系统设计方案[J].山东大学学报(工学版).2003,33(2):176-179
[12]谷震离,杜根远.SQL Server数据库应用程序中数据库安全性研究[J].计算机工程与设计,2007,28(15):3717-3719
[13]朱良根,雷振甲,张玉清.数据库安全技术研究[J].计算机应用研究,2004,9:127-129
[14]Fulkerson C,Gonsoulin M,Walz D.Database Security:Controlling Access to Your Most Valuable Information Asset[J].Strategic Finance,2002,84(12):48-54
[15]David Morgan.Web application security SQL injection attacks[J].Network Security,2006,4:4-5
[16]Paul Lothian,Peter Wenham.Database security in a Web environment[J].Information Security Technical Report,2001,6(2):12-20
[17]Y.Deswarte,L.Blain,J.C.Fabre.Intrusion tolerance in distributed computing systems[J].Proc.of the International Symposium on Security and Privacy,1991,110-121
[18]牟青,陈松乔.异构数据集成采集交换平台中安全审计技术的设计与实现[J].计算机应用研究,2007,24(9):25-27
[19]David F,Ferraiolo,Sandhu R,Serban Gavrlia.Proposed NIST standard for rolebased access control[J].ACM Transactions on Information and Systems Security,2001,4(3):224-274
[20]Fulkerson C,Gonsoulin M,Walz D.Database Security:Controlling Access to Your Most Valuable Information Asset[J].Strategic Finance,2002,84(12):48-54
[21]金烨,曹珍富.一个新的用于移动代理的签名方案[J].计算机工程,2006,32(2):149-150
[22]陈丽,王亚弟,常朝稳.数据库安全模型的设计[J].微计算机信息,2007,23(9-3):94-96
[23]朱海卫.应用系统中的数据库安全性研究及实现[D].北京:北京邮电大学,2006
[24]Ammann P,Jajodia S,Liu P.Recovery from malicious transactions[J].IEEE Transactions on Knowledge and Data Engineering,2002,15(5):1167-1185
[25]Bhavani Thuraisingham.Security for distributed database[J].Information Security Technical Report,2000,6(2):95-102
[26]王静,易军凯.基于入侵检测的数据库安全模型研究[J].微计算机信息,2006,22(9-3):84-86
[27]张文超,张璟,李军怀.基于触发器机制的主动数据库模型研究[J].计算机应用,2006,26(10):2417-2420
[28]曹晖,王青青,马义忠,罗平.一种新型的数据库安全审计系统[J].计算机工程与应用,2007,43(5):163-171
[29]李佳静,徐辉,潘爱民.入侵检测系统中协议分析子系统的设计和实现[J].计算机工程与应用.2003,12:154-155
[30]邝祝芳.数据库入侵检测系统GKD-DBIDS的研究与实现[D].湖南:国防科技大学,2006
[31]黄晨,胡红云,蒋安东,谢俊元.分布式安全审计系统设计与实现[J].计算机工程与设计,2007,28(4):811-813
[32]刘冲.SQL SERVER入侵检测[D].北京:北京理工大学,2006
[33]陈新.基于Web的远程监控与数据采集系统[J].电子科技大学学报,2003,32(4):433-436
[34]ZHANG SC,ZHANG CQ.Anytime Mining for Multi User Applications[J].IEEE Transactions on Systems,Man and Cybernetics(Part A),2002,32(4):515-521
[35]S.Jajodia,P Samarati,M L Sapino,V Subrahmanian.Flexible Support for Multiple Access Control Policies[J].ACM Transactions on Database Systems,2001,26(2):214-260
[36]Steven D,Sabrina D C,Patrick L.Maximizing sharing of protected information[J].Journal of Computer and System Sciences,2002,64(3):496-541
[37]胡滨.基于Windows平台的底层网络数据包捕获技术[J].计算机工程与设计,2005,26(11):3037-3038
[38]李成华,周培源,张新访.基于主机内核的混合型入侵防御系统的设计与实现技术[J].计算机应用与软件,2006,23(7):117-120
[39]李之棠,杨红云.模糊入侵检测模型[J].计算机工程与科学,2000,22(2):49-53
[40]BASS T.Intrusion detection systems and multi sensor data fusion[J].Communications of the ACM,2000,43(4):99-105
[41]Chip Andrews,David Litchfield,Bill Grindlay.SQL Server安全性[M].北京:清华大学出版社,2004:89-94
[42]Quazi N Ahmed,Susan V Vrbsky.Maintaining security and timeliness in real-time database system[J].Journal of Systems and Software,2002,61(1):15-29
[43]Brian Blake,Gail Hamilton,Jeffrey Hoyt.Using Component-Based Development and Web Technologies to Support a Distributed Data Management System[J].Annals of Software Engineering,2002,(13):13-34
[44]曹元大,岳治宇.基于Servia的Web数据库接口系统的设计与实现[J].北京理工大学学报,2000,20(4):452-455
[45]刘怡文,李伟琴,韦卫.信息网格安全体系结构的研究[J].北京航空航天大学学报,2003,29(7):631-635
[46]邵佩英.数据库安全应用服务器的研究与实现[J].软件学报,2001,12(1):154-158
[47]Khanna,K.G.Database programming using ADO from VC++[J].Windows Developers Journal,2001,12(1):8-11
[48]王静.数据库安全增强系统模型的研究[D].北京:北京化工大学,2006
[49]Zeleznikow J,James R N.Using soft computing to build world intelligent decision support systems in uncertain domains[J].Decision Support.2001,31:263
[50]Shaw M J,Subramaniam C,Tan G W,Welge M E.Knowledge Management and Data Mining for Marketing[J].Decision Support Systems,2001,31(1):127-137