In the chapter of component based database access agent , the component criterion for the agent is selected and the component frame of the agent is designed based on the discussion for the component development technology . in the chapter of the platform of network communication , its operational principle is discussed at first , then the program structure of the platform and the key technology of encrypted network transmission is focused . in the chapter of the design and implementation of the server of the agent , the operational principle is researched , the program structure is designed , and the key technologies of database flux control , data buffer , and database security are studied 基于组件的数据库访问代理设计介绍了组件开发技术、数据库访问代理的组件标准选择及数据库访问代理的组件框架设计;网络通信平台设计和实现研究了网络通信平台的工作原理、实现过程中使用的基本技术,论述了网络加密传输关键技术,设计了网络通信平台的程序结构;代理服务端设计和实现研究了代理服务端的工作原理,论述了数据库流量控制和访问优先级调度、数据缓冲及安全数据库支持等关键技术,设计了代理服务端的程序结构;代理客户端设计和实现研究了代理客户端的工作原理,设计了代理客户端的程序结构和组件接口。
Many overseas scholars have done much work on multilevel secure database management system and lots of high secure dbms have been implemented , however , for a long period of time , no commercial dbms is above b1 level , which indicates many problems are still left unresolved . the main content in this article is as follows 国外研究者已经对多级安全数据库管理系统的研究和实现做了大量的工作,尽管已经实现了许多高安全性的dbms原型系统,但是很长一段时间以来,一直没有出现b1级以上的高安全性的商用dbms ,表明还有许多问题没有得到很好地解决。
Security constraints are consistent by modifying security constraint definition , and an effective classification assignment algorithm is given in this paper . we analyze the problem of inference channel and give solution to solve the problem during database analysis and design period . by analyzing the problems resulting from extending single - level transactions to multilevel transactions , we also give a multilevel secure transaction schedule algorithm based multiversion snapshot graph 本文提出采用主从结构表的方法对blp模型加以改造,使得改造后的blp模型具有较高的可用性和安全性;通过修改安全约束的定义,使得安全约束之间始终是协调的,并给出一种高效的密级分配算法;讨论了推理通道问题,给出了在数据库分析、设计等阶段可以采用的对策;分析了事务从传统的单级扩展到多级面临的众多难题,给出了一种基于多版本串行化图的事务调度算法;根据上述理论,开发了一个多级安全数据库管理系统的原型系统。
The security of the common commercial database should be enough for general enterprises , but it is n ' t enogh for some special departments such as army , government , etc . so we must study the special database to guarantee the absolute security of their information , and we call it secure database 常见的商业数据库的安全性对于一般的企业应用来说是足够了,但是对于像军队、政府等特殊部门,必须研究特种数据库以确保其信息的绝对安全性,因此就产生了对安全数据库的需求。
Firstly , the paper introduces the background of database encryption research and the domestic and international research application situations ; then , introduces the characteristics and requirement of database encryption ; based on the above discussion , we talk about some kinds of database - encrypting methods , and choose the one that plus encryption system over the dbms as our solution ; with that , the paper introduces the java encryption technique ; finally , we put forward a secure database encrypting model sdsbj ( the security database system based on java ) on b / s architecture , and implement the software by the b / s structure on windows platform , employing the technique of standard java programming language , https protocol , jsp , java bean , java servlet and ssl 本文首先介绍了数据库加密研究背景及国内外研究应用状况,接着介绍了数据库加密的特点及要求,并在此基础之上介绍了多种数据库存储加密实现方案,并确定dbms核外加密为本文的选择;之后介绍了java安全技术,文章最后提出了基于b / s的安全数据库系统加密模型sdsbj ( securedatabasesystembasedonjava ) ,并使用标准java编程技术、 https协议、 jsp 、 javabean 、 javaservlet和ssl技术在windows平台下以b / s结构实现了该模型。
So the souece code of postgresql - a kind of free software dbms and its security capability are analyzed firstly , and then based on the carefully analyzing of tcsec & tdi ' s requirements and present mls dbms ' s architecture , technical scheme to retrofit postgresql to a b1 - level mls dbms is given , which including security subsystem and audit subsystem . then some revellent machanism and policy about security label and mac are discueesd 本文分析可信任计算机系统评价准则和可信数据库系统解释的具体要求,对linux环境下的免费数据库系统postgresql的源代码和各种功能进行了初步分析,确定了基于postgresql的b1级安全数据库系统的技术选择及系统结构,提出了安全子系统、审计子系统的总体设计方案,并对设计方案中的安全标示和强制访问控制的相关机制和处理策略进行了分析及论述。
