At present , there is still a great deal of problem in the application of the secure model of the distributed database . under common circumstance , the secure usually is self - contradict with vivid in the database , while customer wanting to get stronger and vivid capability , needing the sacrifice to the database secure in some extent , vice versa . based on distributed database system and secure characteristic , this text analyzed its database safe strategy and related secure model , the system appearance and operate rule , the system appearance and operate rule , studied the customer role management , safe strategy and the role authorition problem , specially emphatically studied the bell . lapadula model . ( including its basic concept , system appearance , related operation and the secure rule gather ) . according to the actual application environment , this text carried bell . lapadula model to entity to turn , through a research discover that model adoption compulsory secure strategy , attain a vivid secure control not easily , so increase the secure strategy of the independent access control mechanism to carry on " flabby " to the original model , and relatedly increased rule , put forward a new kind of secure mechanism - ddm ( the distributed database discretionary mandatory ) . turn the rule principle according to the ddm secure mechanism and entity , designed a secure controller of database - dds ( the distributed database secure distribute ) controller adopted ddm secure mechanism , and established the secure control mechanism of the dds secure controller 拉帕丢拉模型进行实体化,通过研究发现该模型采用强制性安全策略,不易做到灵活的安全控制,因此添加自主存取控制机制的安全策略对原模型进行“松弛” ,并相应的增加了规则,提出一种新的安全机制? ? ddm ( distributeddatabasediscretionaryandmandatory ,分布式数据库自主与强制性)安全机制。基于实体化规则原理,设计了一个采用ddm安全机制的数据库控制器? ? dds ( distributeddatabasesecure ,分布式数据库安全)控制器,并设置了dds安全控制器的安全控制机制。通过dds安全控制器在实践中的应用,本文分析了dds安全控制器的各项功能和安全特点,设计了实际应用中dds控制器的管理方案,实现了分布式数据库安全控制。
This paper emphasize on the research of security strategy of large rdb based on b / s three - tier system structure , and discuss of the data security management strategy from every side of account management , authority management , view management , rule management , audit monitor , data dictionary track . this paper , which use orient - object model designing idea , design and realize a common data security control of application system 本论文侧重研究基于b s三层体系结构下的大型关系数据库的安全机制,从用户管理、授权机制、静态设置、角色管理、审计监控、数据跟踪,多侧面、多角度讨论了数据安全管理策略,并且利用面向对象建模思想,在《龙口港信息系统》中构建并实现这种通用模型? ?数据库安全控制器dbsc的设计理念。
In this paper , measures to ensure database safety and research about encrypted database are presented firstly . then , cryptography used in encrypted database system is discussed ; the qualification of encrypted database is presented ; advantages and disadvantages of two kinds of architecture and scheme are analysed ; encryption granularity , key management , ciphertext index , mandatory access control , encryption dictionary and integrity restriction are studied ; methods to realize encrypted database based on oracle8i are studied . at last , the transformation from ws9 cat database to encrypted database is realized and a wizard is coded to help people design encrypted database 本文首先介绍了数据库安全防护及密文数据库研究现状;然后阐述了密码学在密文数据库系统中的应用;提出了密文数据库设计要求;分析了两种结构体系和开发方式的优缺点;在详细研究了加密粒度、密钥管理、密文索引、强制访问控制、加密字典、完整性约束等技术的基础上,研究了基于oracle8i的密文数据库实现方法;实现ws9cat数据库向密文数据库的转化;设计了密文数据库开发向导。
Aimed at current c / s database application system , in chapter 5 , a new technology " databse security proxy " is introduced , which incorporate present security mechanisms including multi - level security 、 cryptology 、 authentication . its < wp = 8 > relization based on the insprise ' s midas ( multi - tier distributed application services suite ) of the insprise is discueesed and a practical database application is realized . 5 . a new approach to develop mls dbms is introduced in chapter 6 . the key idea is to make use of the characteristics of free software : its source code is open and can be modified freely 针对目前的c / s模式的数据库应用系统,提出了利用数据库安全代理< wp = 6 >综合应用多级安全、加密技术、用户身份认证、网络传输加密等安全机制增强数据库应用系统的安全性,研究了利用insprise公司的midas技术实现数据库安全代理的问题并结合一个实际系统“多级安全公文处理系统”进行了实现,为增强现有的商用dbms系统的安全性给出了一种新的途径。
Success d eveloped f or t he security s ystem , a11 he sa me t ime t he se curity s ystem h as g ood popularization prospects , ones that adopt rational company rose microsoft company visio and ca company erwin , the modeling software goes on the demand to analyze , business modeling , system modeling , designer modeling , demand and analyze software must have good figure ability , offer many kinds of language formulation ability of codes at the same time 由于系统设计技术较多,开发过程复杂,涉及到软件系统间的兼容问题、数据库安全问题等诸多问题,为保证系统开发的成功,同时保证系统具有良好的推广前景,采用rational公司的rose , microsoft的visio 、 ca的erwin等建模软件进行需求分析、业务建模、系统建模、设计建模,要求分析软件必须具有良好的图形功能,同时提供多种语言代码的生成能力。
After the usual construction way of distributed multilayer application system is given , the security guarantee methods of distributed multilayer application system is explored and researched . we put forward a systemic , full - scale and step by step guaranteed security model of the distributed multilayer application system . this model guarantee the distributed multilayer application system from the following : operation system security , network security , server security , application program security , database security , security management and computer virus prevention 在给出分布式多层应用系统构建的一般方法以后,对分布式多层应用系统的安全保障机制进行了研究和探索,提出了一个全面的、逐层保障的分布式多层应用系统的安全模型,此安全模型提出从操作系统安全、网络安全、服务器安全、应用程序安全、数据库安全以及企业安全管理与计算机病毒防范等多个层次、多个方面保障分布式多层应用系统的安全性,并提出了将分布式对象技术本身的安全性与其它安全技术相结合的思想。
The database security communication system includes the model of security channel , establishing the security channel realization and improving the rate of translating , the control of accessing of database ; including the security protocol , the algorithm of encrypt and parsing of database technology . the system have especially compatibility and it is a good reference to empolder security system under different operate system 数据库安全通信系统包含安全通道模型的建立、安全通道的实现及性能调优、数据库访问的权限控制;包含安全协议的选择,加密解密的算法,网络通信和数据库的语法分析等技术。数据库安全通信系统结合带ic卡读写器的安控电脑及数据加解密技术、认证技术、网络传输等技术,实现在大型异构系统中数据库安全通信。
Then this paper discusses the realization technique of awareness between multi - users , which use the cursor mark method . for the conference data , the paper provides a managing and recording method , which use access as the background database of application . and the solution of the database security was put forward 然后,在协同感知方面,结合光标标识法研究了手写笔协同工作中感知功能的具体实现;在会议信息数据处理方面,结合数据库技术,提出了使用access数据库中间件作为应用程序后台数据库,处理会议信息的解决方案并给出了相应的数据库安全管理的解决方法。
