CN112231733A - MAC protection enhancement system of object proxy feature database - Google Patents
MAC protection enhancement system of object proxy feature database Download PDFInfo
- Publication number
- CN112231733A CN112231733A CN202011187622.1A CN202011187622A CN112231733A CN 112231733 A CN112231733 A CN 112231733A CN 202011187622 A CN202011187622 A CN 202011187622A CN 112231733 A CN112231733 A CN 112231733A
- Authority
- CN
- China
- Prior art keywords
- database
- security
- proxy
- class
- agent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 123
- 238000013461 design Methods 0.000 claims abstract description 14
- 239000003795 chemical substances by application Substances 0.000 claims description 255
- 238000007726 management method Methods 0.000 claims description 94
- 230000006870 function Effects 0.000 claims description 58
- 230000008569 process Effects 0.000 claims description 53
- 238000007689 inspection Methods 0.000 claims description 38
- 239000013598 vector Substances 0.000 claims description 33
- 238000012986 modification Methods 0.000 claims description 24
- 230000004048 modification Effects 0.000 claims description 24
- 230000003993 interaction Effects 0.000 claims description 16
- 238000012795 verification Methods 0.000 claims description 16
- 230000004927 fusion Effects 0.000 claims description 13
- 238000012545 processing Methods 0.000 claims description 13
- 238000012360 testing method Methods 0.000 claims description 13
- 238000011217 control strategy Methods 0.000 claims description 5
- 230000026676 system process Effects 0.000 claims description 4
- 230000002708 enhancing effect Effects 0.000 claims description 3
- 230000002452 interceptive effect Effects 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 3
- 238000013499 data model Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000003416 augmentation Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000011112 process operation Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The MAC protection enhancement system of the object agent characteristic database provided by the invention designs a database MAC model based on the object agent characteristics, and designs a set of strict database object access control rules and database object security level restriction rules on the basis of the model; a security level management model of the database object is designed, and a strategy and a method for fusing and uniformly managing the security level of the database object are provided; a virtual attribute security level subdivision method based on a data source is provided, and a fine-grained access control method of a plurality of data source agents is designed; a protection enhancement system in an object proxy database is designed to provide MAC functionality. The result shows that the invention obtains good effect in the object proxy database, provides safer and more flexible access control for the objects in the object proxy database, and improves the safety performance of the object proxy.
Description
Technical Field
The invention relates to an access control method for an object agent database, in particular to an MAC protection enhancement system for an object agent characteristic database, and belongs to the technical field of database protection enhancement.
Background
With the rapid development of computers and information technologies, various application data types are gradually changed from structuralization to semi-structuralization and unstructured, and the efficient and ordered management of massive complex data brings about a great revolution in the field of databases. After the relational data model and the object-oriented data model are born, the object agent model which combines the advantages of the relational data model and the object-oriented data model and is more fit with the real world entity characteristics is generated, and the object agent database which is designed and realized based on the object agent model provides good complex data management support for a plurality of fields. However, as the demand of the modern society for protecting data privacy is continuously increased, the prior art only provides an object agent database based on autonomous access control of roles and is subject to more and more serious tests, the prior art cannot realize higher efficiency and accuracy, the protection time and space resources of the database are more limited, the system generally cannot be in a specific field, and meanwhile, the defects of weak interaction performance, low intelligent degree, low expandability, low protection speed and precision and the like exist, and the defects of safety and protection performance become soft ribs which hinder the popularization and application of the object agent database.
In order to further improve the security level of the object proxy database, a MAC (mandatory access control) module needs to be implemented in the object proxy database, although the prior art has some MAC model research applications in the database field, because the object proxy database has database objects such as unique proxy classes and virtual attributes and special methods for processing the objects, if the models in the prior art are directly applied to the object proxy database, there are many incompatible places, still large security holes and hidden dangers exist, the hidden dangers faced by the object proxy characteristic database cannot be removed, the quality of a protection system is low, the protection capability is poor, the user experience is not good, and the stability and reliability of the database are also seriously reduced.
The problems in prior art object proxy access control are: in the database object agent, after a user establishes a safe database connection, the safety access control for protecting user data is autonomous access control based on roles, and access requests of the user are controlled by using an Access Control List (ACL) to perform access control management on objects, so that the data safety of the object agent database object agent can be ensured only to a certain extent by the autonomous access control method, and potential safety hazards and limitations still exist in many aspects:
firstly, the security performance of the autonomous access control is limited, data leakage caused by improper authority management exists in the access control method in the prior art, attacks such as Trojan horse attack and the like cannot be blocked, a super user also exists in the object agent, the super user has all authority operations on all database objects after logging in a system, all access control of a local object agent can be bypassed, and threats are brought to the data security of the object agent.
Secondly, the coarse-grained access control lacks flexibility, the minimum granularity of the database object which can be subjected to access control in the object proxy access control is a class, and the access of a database user to the database column-level object and the database row-level object cannot be limited by using an access control list in the object proxy, so that the access control method of the object proxy is not flexible enough.
Third, the agent relation database object lacks the unified safety management, there are multilayer complicated agent relations in the object agent database, namely the basic class can be acted by the agent class, the agent class can be regarded as the source class of other agent classes again, the real attribute content that is stored physically in basic class and agent class is got through visiting one or more agent classes, this provides the chance for data leakage, and lack the unified safety management of fusion of the content in these agent classes in the role-based access control, bring greater potential safety hazard.
The multiple data sources proxy class access control problem is as follows: the virtual attribute of the UNION agent class has a plurality of data sources, each virtual attribute of the UNION agent class only corresponds to one security level, namely, each virtual attribute only has one security label, and the data inherited from the source classes on the virtual attribute is protected by the uniform security level; in order to prevent the attribute content of high-security level in the source class from being accessed by the user of low-security level, the security level of the virtual attribute inherited with a plurality of source class data needs to be set to be not lower than the highest security level of the corresponding attribute in all the source classes, when the UNION proxy class is subjected to MAC under the MAC model based on the object proxy characteristics, the security level of the database user main body is compared with the security levels of the proxy class and the virtual attribute, so that the user of which the security level is not enough to access the high-security level data in the source class can be prevented from accessing the content of the corresponding attribute in the source class by accessing the virtual attribute in the proxy class. However, for the same inherited attribute in a plurality of source classes of the UNION proxy class, if the security levels of the attribute contents are different, the attribute contents with lower security levels in the source classes cannot be obtained by the user who originally can access the corresponding contents in the source classes through the UNION proxy class, and the application of the UNION proxy class is influenced. The MAC on the UNION proxy class prevents a user with the access right of the source class data from accessing the source class data through the UNION proxy class under certain conditions, and the use of the UNION proxy class under actual conditions is influenced.
Disclosure of Invention
The MAC protection enhancement system of the object agent characteristic database provided by the invention is used for designing a database MAC model based on object agent characteristics aiming at the safety problem existing in the object agent access control module of the object agent database at present, and designing a set of strict database object access control rules and database object safety level restriction rules on the basis of the model; aiming at special multilayer complex agent relations and data organization modes in an object agent database, designing a security level management model of database objects, and providing a strategy and a method for carrying out fusion unified management on the security levels of the database objects; aiming at the problem of access limitation caused by a single security level on a virtual attribute of multiple data sources in an object agent multiple data source agent class, a data source-based virtual attribute security level subdivision method is provided, and a fine-grained access control method of the multiple data source agent class is designed; a protection enhancement system in an object proxy database is designed to provide MAC functionality. The result shows that the invention obtains good effect in the object proxy database, provides safer and more flexible access control for the objects in the object proxy database, and improves the safety performance of the object proxy.
In order to achieve the technical effects, the technical scheme adopted by the invention is as follows:
the MAC protection enhancement system of the object agent characteristic database is characterized in that an MAC model suitable for the object agent database is provided based on object agent characteristics, and an access control rule of a main body to a database object and an agent relation database object security level restriction rule are designed on the basis of the MAC model; meanwhile, the method provides the database object with the integrated and unified security level management, and provides a database object security level management model and a set of security level management method based on the multilayer proxy relationship;
the invention provides a data source-based multi-data source agent virtual attribute security level subdivision method, which enables attribute contents inherited from different data sources to have respective security levels, and provides a fine-grained access control method of multi-data source agents on the basis, and the multi-security level of virtual attributes is utilized to carry out mutually independent access authority inspection on the attribute contents inherited from different data sources, so that the flexibility of multi-data source agent MAC in an object agent is improved;
the invention designs and realizes a protection enhancement system for providing an MAC function in an object agent database, the protection enhancement system provides fusion and unified security level management for database objects in an object agent and provides strict MAC for various database objects; the MAC method based on the object proxy characteristics is well applied to the object proxy, the realized protection enhancement system provides correct MAC for the database object in the object proxy, and the safety performance of the object proxy database is improved;
the method comprises the steps that a protection enhancement system with an MAC function in an object agent database provides MAC except for original autonomous access control for database objects in an object agent while supporting object agent characteristics, a SELinux module in a Linux kernel in a protection enhancement system framework serves as a security server for distributing default security context to partial objects in the object agent database and providing access control decisions based on security policies, the protection enhancement system serves as a client of the SELinux security server, the SELinux serves as a security server of the object agent database protection enhancement system, the SELinux-based MLS model of the security server is the implementation of an MAC method based on a Bell-La-Padula model, and the security context distribution supporting the database objects and a set of MLS security policies for generating the access control decisions are further provided in the model; when a user creates some special database objects or modifies the security context of an agent relation database object, the object agent database protection enhancement system performs fusion and unified management on the generation and modification of the object security contexts according to a security level management rule based on the object agent characteristics;
when the object proxy database system analyzes and executes SQL sentences input by a user, a logic module of the object proxy database protection enhancement system is called to carry out access right inspection, after the logic module of the object proxy database protection enhancement system processes database object information which is requested to be accessed by the user, security contexts of the database objects and the user are obtained and are sent to a SELinux security server as parameters, the SELinux security server searches for security policies according to the types of the database objects, the database objects and the security contexts of the user to make access control decisions and returns the access control decisions to the object proxy database protection enhancement system, the object proxy database protection enhancement system judges whether the operation of the user on the database objects meets the security policies according to the access control decisions provided by the SELinux security server, if the object operation requests the security policies in SELinux, the object proxy database protection enhancement system prevents database users from carrying out related operations on database objects;
in the process of executing access right inspection by the object proxy database protection enhancement system, interaction with the SELinux security server is performed as little as possible; and storing a user access vector in an access control decision obtained by a user by recently accessing the database in a user access right vector cache uAVC, and interacting with the SELinux security server to obtain the access control decision only when the object proxy database protection enhancement system logic module cannot find the access right vector of the same access request in the uAVC.
The MAC protection enhancement system of the object agent characteristic database, further, the MAC security model of the object agent database is based on BLP security model, every database object in the database system is assigned a security label, this security label reflects the security level of the database object, except that database, basic class, agent class database object are assigned security labels, the real attribute of the basic class, the virtual attribute and the real attribute of the agent class are also assigned security labels, the main body operating and visiting the database is also granted a security label, wherein the main body is the entity requesting database resources, including database users, user groups and processes, the security label on the main body reflects the main body has the access authority to which security level database objects;
the MAC model of the object agent comprises an access rule of a main body operation database object and an object security level management rule, and judges the legality of the database object security label according to the object security level management rule in the generation and modification processes of the database object security label; on the basis of ensuring that the security level of the database object conforms to the management rule, when the main body accesses the database object, comparing whether the security labels of the two conform to the management rule of the main body accessing the database object, and then determining whether the main body has the access authority of the database object.
The MAC protection enhancement system of the object agent characteristic database is further based on the database access control rule of the object agent characteristic:
firstly, the management rule of security level between objects, the virtual attribute of object proxy database in the database object active class and proxy class, proxy class and the corresponding attribute in the source class of proxy relation, the database system sets the following management rule of security level between objects with proxy relation as the processing procedure of the operation request of user on the basic class and proxy class: the security level of the virtual attribute in the agent class is greater than or equal to the security level of the corresponding attribute in each source class, and the category range of the virtual attribute in the agent class comprises the category range of the corresponding attribute in each source class; the security level of the agent class is less than or equal to the security level of all the virtual attributes in the agent class, and the class range of the agent class is contained in the class range of all the virtual attributes in the agent class; thirdly, the security level of all real attributes of the proxy class is more than or equal to that of the proxy class, and the category range of all real attributes of the proxy class comprises the category range of the proxy class;
secondly, the subject accesses the database object management rule, follows the rules of downward reading in BLP, and adopts the rules of no reading, no writing, and only peer writing, which are described as follows: firstly, when the security level of the database object is less than or equal to the security level of the main body and the category range of the database object is contained in the category range of the main body, the main body only has the right to read the database object; and secondly, when the security level of the database object is equal to that of the main body and the category range of the database object is equal to that of the main body, the main body only has the right of writing the database object.
The MAC protection enhancement system of the object proxy characteristic database, further, the database object security level management method:
firstly, generating agent class attribute security labels, wherein the number of source classes corresponding to the agent classes is different according to different types of the agent classes, the number of attributes in the source classes corresponding to virtual attributes is different, the virtual attributes possibly correspond to the attributes in a plurality of source classes, and in any case, a virtual attribute security label generation algorithm is adopted; the generation of the real-attribute security label in the proxy class is not different from the generation of the real-attribute security label in the basic class, and only the requirement that the security level of the real-attribute security label is not less than the class to which the real-attribute security label belongs is met;
and secondly, modifying the agent class attribute security label, wherein the real-attribute security label in the agent class needs to consider the security label of the agent class and the security label inheriting the corresponding attribute of the attribute part content in the lower-level agent class, and the modification of the virtual-attribute security label in the agent class needs to consider not only the security label of the agent class but also the security label corresponding to the attribute in the source class and the security label inheriting the corresponding attribute of the attribute content in the lower-level agent class.
The MAC protection enhancement system of the object agent characteristic database further provides a fine-grained access control method aiming at multiple data source agents, so that MAC of multiple data source virtual attributes in UNION agents is more flexible, the basis of the fine-grained access control method is subdivision of the security level of the virtual attributes in the multiple data source agents, security tags of the virtual attributes subjected to security level subdivision in the UNION agents are a set, when a database user tries to access partial attribute contents in the virtual attribute va in the UNION agents, the fine-grained access control method performs more specific access control by acquiring one or more security tags corresponding to the attribute contents to be accessed, and the specific process is as follows:
firstly, obtaining the security label SecL of the user requesting to access the multi-data source proxy classsubTo obtain its security level SLsubAnd class range CRsub;
Secondly, acquiring the virtual attribute security label set SecL requested to be accessed in the agent class to be accessedUDC.vaObtaining the minimum security level among all the security labels
Intersection with class Range
Thirdly, comparing the user security label SecLsubAnd security tags of virtual attributes to be accessed in multiple data source proxy UDCs, if any
Or
Then the security label is SecLsubThe user does not have the access right of any attribute content in the va, and the user is prevented from accessing the multi-data source agent class; otherwise, the following operations are executed;
fourthly, acquiring the content of the virtual attribute va in all the instances meeting the user request condition q in the UDC as a preliminary access result PreResvaIf there are instances satisfying q, then
Wherein
In order to satisfy one example of q,
n represents the number of the initial access results and is more than or equal to 1;
fifthly, for preliminary access result PreResvaEach virtual attribute content in (2)
Obtain the security label of the packet in which it is located if
Belong to a group
Then
The security tag is
Sixthly, comparing the security label SecL of the usersubAnd
security tag of
If it is
Or
Then the slave prerevaIn which is removed
Seventhly, the result PreRes is obtained after the preliminary accessvaAfter all the attribute values of the middle attribute va are judged, if so, the judgment is carried out
Then no va attribute content is returned for useA household; otherwise, the preliminary access result PreResvaThe remaining attribute contents are returned to the user as the final access result.
An object agent database protection enhancement system, further, the object agent database protection enhancement system is a bridge that uses SELinux security policy to perform MAC on database objects in an object agent, that is, the object agent database protection enhancement system interacts with SELinux to form safe and efficient access control on database objects while supporting the object agent database characteristics, and the object agent database protection enhancement system is characterized in that:
the method comprises the steps that firstly, a hook entrance is realized, an object proxy database protection enhancement system is a plug-in for providing security service, MAC decision making is made for various operations in the object proxy system, the creation of a database object and the access of the database object both need to be controlled by the object proxy database protection enhancement system, hooks need to be added into modules in the original system of an object proxy for executing various operations so as to call functions in the object proxy database protection enhancement system to carry out real security access control operation, and the hook entrance needs to control various database operations in the object proxy database protection enhancement system;
secondly, generating, storing and managing security context, in the object proxy database system, the effective execution of MAC does not leave the correct management of the security context of each database object, the multilayer complex proxy relationship existing in the object proxy database further increases the difficulty of the management of the security context, the security context of the database object is fused and managed uniformly, the protection enhancement system of the object proxy database is a subsystem for providing MAC support, and the flexible and uniform centralized management is adopted for the generation, storage and maintenance of the security context of various database objects;
thirdly, interactive support is provided between the user space and the SELinux, the SELinux is used as a security server for providing security policy and permission test, and expression modes of various operations and database objects in the database user space cannot be directly identified, so that the object proxy database protection enhancement system converts various database information in the database user space into expression modes which can be understood by the SELinux and transmits the expression modes to the SELinux for permission test, an executable permission result generated by the SELinux according to the security policy is also an expression mode which cannot be identified by the object proxy database, and the object proxy database protection enhancement system converts the permission result returned by the SELinux into a mode which can be identified by the object proxy database, thereby realizing MAC of the database object;
and fourthly, managing user space access vector cache, wherein the object proxy database protection enhancement system adopts the user space access vector cache uAVC to store the result of the operation which is recently subjected to the permission test, so as to reduce the number of times of interaction between the object proxy database protection enhancement system and the SELinux and reduce the loss of the MAC to the database operation performance, the uAVC needs to be inquired in each permission test in the object proxy database protection enhancement system, and meanwhile, the storage and dynamic management of the access vector in the uAVC also need to be supported by the object proxy database protection enhancement system, so that the high-efficiency execution of the MAC is ensured.
The system comprises a hook entry module, a uAVC operation module, a user security context operation module, a security context system table operation module, a data definition authority verification module, an object security context management module and a data operation authority verification module, wherein after an object agent user inputs an SQL statement, an executor of the system finds an entry for actual access operation authority verification in the object agent database protection enhancement system according to a hook function ok in the SQL execution process, and the MAC of an object is delivered to the object agent database protection enhancement system for processing;
the Hook entry module is provided with three Hook entries which are respectively a user authentication module, a data definition permission inspection module and a data operation permission inspection module, wherein the modules for executing the operations correspond to a user security context operation module, a data definition permission inspection module and a data operation permission inspection module in a graph, the user security context module is used for setting and acquiring security contexts of a user process, the data definition permission inspection module is used for realizing the permission inspection when a user executes CREATE, DROP and ALTER operations and the generation and modification of security contexts of database objects, the data operation permission inspection module is used for realizing the permission inspection when the user executes SELECT, INSERT, UPDATE and DELETE operations, and the security context system table operation module is used for reading and writing contents in a system table for realizing the MAC newly added security context of a storage object;
defining various database objects and internal codes which can be identified by SELinux and correspond to operations on the database objects in a SELinux interaction module, interacting with a SELinux security server to obtain default security context of a newly-built database object and operations which can be executed by a user on the database object, namely access control decisions, searching contents in a user space access control vector cache for storing the recently-generated access control decisions by a uAVC operation module, obtaining contents which do not exist in the uAVC by calling an interface in the SELinux interaction module and writing the contents into the uAVC, judging whether the operations of the user on data in the database accord with an access control strategy or not according to the access control decisions, wherein the data definition authority verification module and the data operation authority verification module both need the support of a security context system table operation module and a uAVC operation module; and designing an object security context management module, wherein the module limits the generation and modification of the security context according to a security context management rule based on the object proxy characteristics, and ensures that the generated and set security context does not violate the security context management rule.
The MAC protection enhancement system of the object agent characteristic database further realizes the MAC of the object agent database and designs two protection enhancement system tables: the system table od _ seclabel and the system table od _ attrdeplay are associated, wherein the od _ seclabel stores security context of database objects, the od _ attrdeplay stores corresponding relations of all attributes under a multilayer proxy relation, and the system table od _ seclabel and the system table od _ deputyattetr are associated;
the method comprises the steps that firstly, a system table od _ seclabel is used for storing the security context of each object based on the MAC method of selinux, the system table od _ seclabel is used for executing MAC on database objects, the system table od _ seclabel capable of assisting in controlling the whole access control method from the global perspective is designed, and the security context and relevant information of each object are stored;
and the system table od _ attrdeplay is obtained by accessing virtual attributes of a plurality of agent classes to actual physically stored real attributes, the security context of the attributes in the classes under the multilayer complex agent relationship is subjected to fusion and unified management, and the system table od _ attrdeplay for storing the corresponding relationship of each attribute under the multilayer agent relationship is designed.
The MAC protection enhancement system of the object agent characteristic database, further, the object agent language grammar expands:
first, setting a security context when creating a database object:
creating a DATABASE, wherein the expanded created DATABASE SQL is CREATE DATABASE dbname SECURITY _ LABEL which is 'context of DATABASE', and represents that a DATABASE with a SECURITY context as set content is created, and the premise of successful execution of the statement is that a user creating the DATABASE has the authority to CREATE the DATABASE with the SECURITY context, and the SECURITY context which is partially expressed as a user process and the SECURITY context which is set for a newly created DATABASE conform to the SECURITY policy related to creating the DATABASE in SELinux;
the second is that the SQL of the created basic class after the basic class expansion represents that a class and the security context of the real attribute are created as the basic class of the set content, and the premise of successful execution of the statement is that the user creating the basic class has the authority of creating the basic class with the specified security context and the real attribute;
creating an agent class, wherein the expanded created agent class SQL represents that a class and a security context with real attributes are created as the agent class of set contents, and the statement is successfully executed on the premise that a user creating the agent class has the authority of creating a basic class with the designated security context and the real attributes, and the user needs to have access authority on a source class and related attributes appearing in an agent rule of the agent class, and the security context with the virtual attributes in the newly created agent class is not designated by the user but is jointly determined according to the agent rule and the security context of the agent class in which the agent rule is located;
second, modify the security context of the database object:
firstly, the security context of the database is modified, and the SQL for modifying the security context of the database after expansion is as follows: the method comprises the steps that (1) the ALTER DATABASE dbname SECURITY _ LABEL is 'context of DATABASE', the SECURITY context of the existing DATABASE is modified into set content, and the statement is executed successfully on the premise that a user modifying the DATABASE has the right of modifying the DATABASE of the current SECURITY context, and the user has the right of setting the SECURITY context of the DATABASE as the specified SECURITY context;
the SQL of the modified class and the attribute security context represents that the security context of one class and the attribute thereof is modified into set content, wherein the class comprises a basic class and an agent class, and the attribute can be a real attribute or a virtual attribute; the premise that the statement is successfully executed is that a user modifying the class has the permission to modify the class or the attribute of the current security context, and the user has the permission to set the security context of the class or the attribute as the specified security context; the object proxy has a multilayer complex proxy relationship, the modification of the security context on the proxy class and the attribute thereof must be restricted by the source class and the lower-level proxy class, and the content of the security context set by the user must be checked correspondingly to finally determine whether the security context of the class or the attribute can be modified into the set content except for the permission.
The system for enhancing MAC protection of the object proxy characteristic database further provides the unified management of the fusion of the security context of the database object, including the generation, the storage and the modification of the security context, and simultaneously, on the basis that the database object meets the security level management rule, the operation of any user on the database object is MAC carried out by adopting the security strategy of SELinux;
the process of creating the SECURITY context of the newly created database object CREATEs a SELECT proxy class for the user, and adds a SECURITY _ LABEL clause in the CREATE command to set the SECURITY context of the proxy class, and the execution process after the executor part transfers to the setext _ object _ access function of the hook entry module according to the hook function after performing autonomous access control is as follows:
firstly, the method includes that the setatem _ object _ access enters a branch for processing and creating database object access right check, and the setatem _ object _ post _ create function is called to process by using oid and the type of the proxy class as input parameters;
secondly, the security context of the user process is obtained by calling the function setatemgetClientLabel of the user security context operation module through setatemObjectpCreatesCreatesCreatesThe function setatesContext of the user security context operation module, and the branch for establishing the proxy access authority check is entered.
Compared with the prior art, the invention has the following contributions and innovation points:
firstly, the MAC protection enhancement system of the object agent characteristic database provided by the invention is used for solving the safety problem existing in the access control module of the object agent database in the prior art and the limitation of the application of an MAC model to an object agent, providing the MAC model suitable for the object agent database based on the object agent characteristic, and designing an access control rule of a main body to a database object and an agent relation database object safety level restriction rule on the basis of the MAC model; meanwhile, the database object is provided with integrated security level management, a database object security level management model and a security level management method based on multilayer proxy relations are provided, the model can effectively prevent the problem that the security level of the database object of the proxy relations in the object proxy is not set properly, data leakage caused by the object proxy is avoided, the MAC protection enhancement quality is improved, the performance of the object proxy feature database is optimized, and good use experience of the object proxy feature database is provided for users;
secondly, the MAC protection enhancement system of the object agent characteristic database provided by the invention provides a data source-based multi-data source agent virtual attribute security level subdivision method aiming at the problem that partial attribute content access of multi-data source agent virtual attributes of multi-data source agents in the object agent database is limited due to a single security level, so that the attribute contents inherited from different data sources have respective security levels, and provides a fine-grained access control method of the multi-data source agents on the basis, the multi-security level of the virtual attributes is utilized to carry out mutually independent access authority check on the attribute contents inherited from different data sources, the flexibility of the multi-data source agent MAC in the object agent is effectively improved, the MAC protection capability of the agent characteristic database is strong, and the protection accuracy is obviously improved;
thirdly, the MAC protection enhancement system of the object agent characteristic database provided by the invention designs a protection enhancement system for realizing the MAC function provided in the object agent database, and the protection enhancement system provides integrated and unified security level management for database objects in the object agent and provides strict MAC for various database objects; the MAC method based on the object proxy characteristics is well applied to the object proxy, the realized protection enhancement system provides correct MAC for the database object in the object proxy, the safety performance of the object proxy database is improved, the protection enhancement system is practical, efficient, easy to expand, accurate and high-speed, the protection safety problem of the object proxy characteristic database is solved, and the MAC protection enhancement system based on the object proxy characteristic database has obvious innovation and outstanding advantages;
fourth, the MAC protection enhancement system of the object proxy characteristic database specially designs database objects with unique proxy classes, virtual attributes and the like aiming at the object proxy database and a special method for processing the objects, is applied to the object proxy database, has good compatibility, overcomes the potential safety holes and hidden dangers in the prior art, greatly improves the stability and reliability of the database, has high operation speed, high protection precision and good language transplanting capability, and has huge utilization value and market application space.
Drawings
Fig. 1 is a schematic diagram of the object proxy database MAC security model of the present invention.
Fig. 2 is a schematic diagram of the MAC framework based on the object proxy database according to the present invention.
Fig. 3 is a block diagram of a protection enhancement system for providing MAC functionality in an object proxy database.
Detailed Description
The technical solution of the MAC protection enhancement system for the object proxy feature database provided by the present invention is further described below with reference to the accompanying drawings, so that those skilled in the art can better understand the present invention and can implement the same.
Aiming at the safety problem existing in the access control module of the object agent database in the prior art and the limitation of the application of the MAC model to the object agent, the invention provides the MAC model suitable for the object agent database based on the object agent characteristics, and designs the access control rule of a main body to the database object and the safety level restriction rule of the agent relation database object on the basis of the MAC model; the invention provides a database object security level management model based on multilayer proxy relationship and a set of security level management method, which can effectively prevent the problem that the security level of the database object of the proxy relationship in the object proxy is not set properly and avoid data leakage caused by the object proxy.
Aiming at the problem that the access of partial attribute contents is limited due to the single security level of the multi-data source virtual attribute of the multi-data source agent class in the object agent database, the invention provides a method for subdividing the security level of the multi-data source agent class virtual attribute based on a data source, so that the attribute contents inherited from different data sources have respective security levels, and provides a fine-grained access control method of the multi-data source agent class on the basis of the method, the multi-security level of the virtual attribute is utilized to carry out mutually independent access authority check on the attribute contents inherited from different data sources, and the flexibility of MAC (media access control) of the multi-data source agent class in the object agent database is effectively improved.
The invention designs and realizes a protection enhancement system for providing an MAC function in an object agent database, the protection enhancement system provides fusion and unified security level management for database objects in an object agent and provides strict MAC for various database objects; the MAC method based on the object proxy characteristics is well applied to the object proxy, the realized protection enhancement system provides correct MAC for the database object in the object proxy, and the safety performance of the object proxy database is improved.
MAC method in object proxy database
Database MAC security model based on object proxy characteristics
The object agent database MAC security model is mainly based on the BLP security model, the content of which is shown in figure 1, each database object in the database system is assigned with a security label, the security label reflects the security level of the database object, except that the database, the base class and the agent class database object are assigned with the security label, the real attribute of the base class, the virtual attribute and the real attribute of the agent class are also assigned with the security label, and a main body for operating and accessing the database is also assigned with the security label, wherein the main body is an entity for requesting database resources and comprises database users, user groups and processes, and the security label on the main body reflects the authority of the main body for accessing the database objects with the security levels.
The object proxy database has a multi-layer complex proxy relationship, and the security level relationship between proxy relational database objects needs to be strictly limited to ensure the security of associated data. Therefore, the MAC model of the object proxy contains object security level management rules in addition to the access rules of the subject operation database object. And in the generation and modification processes of the database object security label, judging the legality of the database object security label according to the object security level management rule. On the basis of ensuring that the security level of the database object conforms to the management rule, when the main body accesses the database object, comparing whether the security labels of the two conform to the management rule of the main body accessing the database object, and then determining whether the main body has the access authority of the database object.
(II) database access control rules based on object proxy characteristics
1. The method comprises the following steps that an inter-object security level management rule, an object proxy database stores corresponding attributes in an active class and a proxy class, a virtual attribute in the proxy class and a source class of a database object of a proxy relation, and a database system processes operation requests of users on the basic class and the proxy class in the same way, so that the following inter-object security level management rules with the proxy relation are set for preventing database users from accessing the proxy class to obtain data in the basic class without access authority: the security level of the virtual attribute in the agent class is greater than or equal to the security level of the corresponding attribute in each source class, and the category range of the virtual attribute in the agent class comprises the category range of the corresponding attribute in each source class; the security level of the agent class is less than or equal to the security level of all the virtual attributes in the agent class, and the class range of the agent class is contained in the class range of all the virtual attributes in the agent class; and thirdly, the security level of all real attributes of the proxy class is greater than or equal to that of the proxy class, and the category range of all real attributes of the proxy class comprises the category range of the proxy class.
2. The main body accesses the database object management rule, follows the rule of reading downwards in the BLP, but because the rule of writing upwards in the BLP can destroy the integrity and the security of the high-security level data in the database, the rule of writing with the same level but not reading is adopted, and the two rules are described as follows: firstly, when the security level of the database object is less than or equal to the security level of the main body and the category range of the database object is contained in the category range of the main body, the main body only has the right to read the database object; and secondly, when the security level of the database object is equal to that of the main body and the category range of the database object is equal to that of the main body, the main body only has the right of writing the database object.
Database object security level management method
A database object security level management model based on object proxy characteristics provides a quantifiable benchmark for unified object security level management of an object proxy database, and specific measures for performing security level management on proxy classes and attributes thereof are provided on the basis of the model, the security levels of database objects are embodied by security tags owned by the database objects, and the security level management is implemented on the management of the security tags.
1. Generating agent class attribute security labels, wherein the generation of the virtual attribute security labels of the agent classes is influenced by the agent class security labels and the corresponding attribute security labels in each source class of the agent classes; according to different types of the proxy classes, the number of the source classes corresponding to the proxy classes is different, the number of the source classes corresponding to the virtual attributes is also different, and the virtual attributes may correspond to the attributes in a plurality of source classes. In any case, however, a virtual attribute security tag generation algorithm is adopted; the generation of the real-attribute security label in the proxy class is not different from the generation of the real-attribute security label in the basic class, and only the requirement that the security level of the real-attribute security label is not less than the class to which the real-attribute security label belongs is met.
2. Modifying the agent class attribute security label, wherein the real-attribute security label in the agent class needs to consider the security label of the agent class and the security label inheriting the corresponding attribute of the attribute part content in the lower-level agent class, and the modification of the virtual-attribute security label in the agent class needs to consider not only the security label of the agent class but also the security label corresponding to the attribute in the source class and the security label inheriting the corresponding attribute of the attribute content in the lower-level agent class.
Fine-grained access control method for two-data source and multi-data source agents
In the MAC model based on the object proxy characteristics, the security labels of class level objects and attribute levels in the database are managed by an object security level management model based on a multilayer proxy relationship, so that a database user can be well ensured not to obtain the contents of basic classes and real attributes which are not accessed by the security level of the database user through accessing the proxy classes and virtual attributes. However, in the practical application of the database object proxy, a user can generate different types of proxy classes according to different use purposes by adopting corresponding proxy rules, wherein the proxy classes include a SELECTED selection type proxy class, a JOIN connection type proxy class, a UNION merging type proxy class and a GROUP grouping type proxy class, for the proxy classes with a plurality of data sources, only one uniform security label is distributed on the attribute of the proxy classes, which may cause that data of a part of source classes cannot be accessed by legal users through the proxy classes, in order to enable the MAC model based on the object proxy characteristics to provide more convenient and flexible access control for the multi-data source proxy classes, and for the characteristics of the multi-data source proxy classes in theory and practical application, the security level management of attribute level objects in various proxy classes is provided from finer granularity, and a proxy class fine-grained access control process is provided on the basis.
The MAC method based on the object proxy characteristics in the object proxy database supports the MAC of the attribute level database object, controls the user operation by judging whether the security level of the attributes in the user and the class conforms to the access control rule, protects the attribute content from being acquired by the user without access authority, and strictly limits that the security level of the virtual attribute in the proxy class is not lower than the security level of the corresponding attribute in the source class by the security level management method for uniformly managing the attribute level object with the proxy relationship, thereby ensuring the correct application of the method in the object proxy database. However, there are UNION proxy classes of multiple source classes in the object proxy database, and the content of the virtual attribute comes from multiple data sources, i.e. inherits the content of the corresponding attribute in multiple source classes. In order to ensure the security of the source class data, the security level of the UNION proxy class virtual attribute is not lower than the highest security level of the corresponding attribute in all the source classes, so that users with the access authority of the lower security level attribute in part of the active classes cannot access the data in the attributes through the UNION proxy class.
In order to further improve the usability of UNION agents on the premise of ensuring the data security in a plurality of source classes, the invention provides a fine-grained access control method aiming at the multi-data source agents, so that the MAC of the multi-data source virtual attributes in the UNION agents is more flexible, the basis of the fine-grained access control method is the subdivision of the security level of the virtual attributes in the multi-data source agents, the security label of the virtual attributes which is subdivided and processed by the security level in the UNION agents is a set, when a database user tries to access partial attribute content in the virtual attribute va in the UNION agents, the fine-grained access control method carries out more specific access control by acquiring one or more security labels corresponding to the attribute content to be accessed, and the specific process is as follows:
firstly, obtaining the security label SecL of the user requesting to access the multi-data source proxy classsubTo obtain its security level SLsubAnd class range CRsub;
Secondly, acquiring the virtual attribute security label set SecL requested to be accessed in the agent class to be accessedUDC.vaObtaining the minimum security level among all the security labels
Intersection with class Range
Thirdly, comparing the user security label SecLsubAnd security tags of virtual attributes to be accessed in multiple data source proxy UDCs, if any
Or
Then the security label is SecLsubThe user does not have the access right of any attribute content in the va, and the user is prevented from accessing the multi-data source agent class; otherwise, the following operations are performed.
Fourthly, acquiring the content of the virtual attribute va in all the instances meeting the user request condition q in the UDC as a preliminary access result PreResvaIf there are instances satisfying q, then
Wherein
In order to satisfy one example of q,
n represents the number of the initial access results and is more than or equal to 1;
fifthly, for preliminary access result PreResvaEach virtual attribute content in (2)
Obtain the security label of the packet in which it is located if
Belong to a group
Then
The security tag is
Sixthly, comparing the security label SecL of the usersubAnd
security tag of
If it is
Or
Then the slave prerevaIn which is removed
Seventhly, the result PreRes is obtained after the preliminary accessvaAfter all the attribute values of the middle attribute va are judged, if so, the judgment is carried out
No va attribute content is returned to the user; otherwise, the preliminary access result PreResvaThe residual attribute content is used as a final access result and returned to the user;
in a virtual attribute security label set obtained by processing according to a data source-based security level subdivision method, security labels of content groups inheriting attributes corresponding to different source classes in the same virtual attribute are closely related to security labels of source class attributes corresponding to the content groups, and the access of a user to the content of the source classes is controlled by judging the access authority of the user to each content group in the virtual attribute, so that the secure fine-grained mandatory access control is realized.
Protection enhancement system for providing MAC function in object proxy database
In order to overcome the limitation and security vulnerability threats of the current access control mechanism of the object proxy database and increase the flexibility of system access control, the invention designs and realizes a protection enhancement system for providing an MAC function in the object proxy database, performs centralized and unified security level management on objects in the object proxy database and provides a safe and efficient MAC for the objects in the object proxy database.
Protection enhanced system architecture design
The MAC framework based on the data of the object proxy database is shown in fig. 2, the protection enhancing system providing the MAC function in the object proxy database provides MAC except for the original autonomous access control for the database object in the object proxy while supporting the object proxy feature, and the database operation of the user is detected by two methods: one is the existing role-based autonomous access control in the object proxy database, and the other is the MAC provided by the object proxy database protection enhancement system, in the object proxy database protection enhancement system, any user can not bypass the MAC to the database, and even the object proxy database super-user must accept the authority check.
The SELinux module in a Linux kernel in the architecture is used as a security server for distributing default security context to partial objects in an object proxy database and providing access control decisions based on security policies, a protection enhancement system is regarded as a client of the SELinux security server, an MLS model based on the SELinux of the security server adopting the SELinux as the object proxy database protection enhancement system is a mature implementation of an MAC method based on a Bell-La-Padula model, and the model also provides security context distribution supporting database objects and a set of MLS security policies for generating the access control decisions; when a user creates some special database objects or modifies the security context of an agent relation database object, the object agent database protection enhancement system performs fusion and unified management on the generation and modification of the object security contexts according to the security level management rule based on the object agent characteristics.
When the object proxy database system analyzes and executes SQL sentences input by a user, a logic module of the object proxy database protection enhancement system is called to carry out access right inspection, after the logic module of the object proxy database protection enhancement system processes database object information which is requested to be accessed by the user, security contexts of the database objects and the user are obtained and are sent to a SELinux security server as parameters, the SELinux security server searches for security policies according to the types of the database objects, the database objects and the security contexts of the user to make access control decisions and returns the access control decisions to the object proxy database protection enhancement system, the object proxy database protection enhancement system judges whether the operation of the user on the database objects meets the security policies according to the access control decisions provided by the SELinux security server, if the object operation requests the security policies in SELinux, the object proxy database protection enhancement system prevents database users from performing relevant operations on database objects.
In order to reduce the loss of MAC provided by the object proxy database protection enhancement system to the performance of the object proxy system, the interaction with the SELinux security server is performed as little as possible in the process of performing the access right inspection by the object proxy database protection enhancement system; storing a user access vector in an access control decision obtained by a user by recently accessing a database in a user access permission vector cache uAVC, and avoiding repeated security policy inspection on the same operation of the same user on the same object; and only when the logic module of the object proxy database protection enhancement system cannot find the access right vector of the same access request in the uAVC, the logic module interacts with the SELinux security server to obtain an access control decision.
(II) protection enhancement system module design
The object agent database protection enhancement system is a bridge for performing MAC on a database object in an object agent by using a SELinux security policy, namely the object agent database protection enhancement system supports the characteristics of an object agent database and performs interaction with the SELinux to form safe and efficient access control on the database object, and the object agent database protection enhancement system is characterized in that:
the method comprises the steps that firstly, a hook entrance is realized, an object proxy database protection enhancement system is a plug-in for providing security service, MAC decision making is made for various operations in the object proxy system, the creation of a database object and the access of the database object both need to be controlled by the object proxy database protection enhancement system, hooks need to be added into modules in the original system of an object proxy for executing various operations so as to call functions in the object proxy database protection enhancement system to carry out real security access control operation, and the hook entrance is needed to control various database operations in the object proxy database protection enhancement system.
And secondly, generating, storing and managing security context, in the object proxy database system, the effective execution of MAC does not leave the correct management of the security context of each database object, the difficulty of the management of the security context is further increased by the multi-layer complex proxy relationship existing in the object proxy database, the security context of the database object is fused and managed uniformly, and the object proxy database protection enhancement system is a subsystem for providing MAC support and adopts flexible and uniform centralized management for the generation, storage and maintenance of the security context of various database objects.
And thirdly, interactive support between the user space and the SELinux is realized, the SELinux is used as a security server for providing security policy and permission test, and expression modes of various operations and database objects in the database user space cannot be directly identified, so that the object proxy database protection enhancement system converts various database information in the database user space into expression modes which can be understood by the SELinux and transmits the expression modes to the SELinux for permission test, an executable permission result generated by the SELinux according to the security policy is also an expression mode which cannot be identified by the object proxy database, and the object proxy database protection enhancement system converts the permission result returned by the SELinux into a mode which can be identified by the object proxy database, thereby realizing the MAC of the database object.
And fourthly, managing user space access vector cache, wherein the object proxy database protection enhancement system adopts the user space access vector cache uAVC to store the result of the operation which is recently subjected to the permission test, so as to reduce the number of times of interaction between the object proxy database protection enhancement system and the SELinux and reduce the loss of the MAC to the database operation performance, the uAVC needs to be inquired in each permission test in the object proxy database protection enhancement system, and meanwhile, the storage and dynamic management of the access vector in the uAVC also need to be supported by the object proxy database protection enhancement system, so that the high-efficiency execution of the MAC is ensured.
The module design of the protection enhancement system of the object proxy database is shown in fig. 3, the protection enhancement system of the object proxy database consists of eight modules, namely a hook entry module, a uAVC operation module, a user security context operation module, a security context system table operation module, a data definition authority verification module, an object security context management module and a data operation authority verification module, after an object proxy user inputs an SQL statement, an executor of the system finds an entry for actual access operation authority verification in the protection enhancement system of the object proxy database according to a hook function in the process of executing the SQL, and the MAC of an object is delivered to the protection enhancement system of the object proxy database for processing.
The Hook entry module has three Hook entries, namely user authentication, data definition permission inspection and data operation permission inspection, wherein the modules for executing the operations correspond to a user security context operation module, a data definition permission inspection module and a data operation permission inspection module in a graph, the user security context module is used for setting and acquiring security context of a user process, the data definition permission inspection module is used for realizing permission inspection when a user executes CREATE, DROP and ALTER operations and generation and modification of database object security context, the data operation permission inspection module is used for realizing permission inspection when the user executes SELECT, INSERT, UPDATE and DELETE operations, and the security context system table operation module is used for reading and writing contents in a system table for realizing MAC newly added storage object security context.
The SELinux interaction module defines various database objects and internal codes which can be identified by SELinux and correspond to operations on the database objects, interacts with a SELinux security server to obtain default security context of a newly-built database object and operations which can be executed by a user on the database object, namely access control decisions, the uAVC operation module searches contents in a user space access control vector cache for storing the recently-generated access control decisions, obtains contents which are not in the uAVC by calling an interface in the SELinux interaction module and writes the contents into the uAVC, and judges whether the operations of the user on data in the database accord with an access control strategy or not according to the access control decisions, and the data definition authority verification module and the data operation authority verification module both need the support of a security context system table operation module and a uAVC operation module; the data definition authority verification module also relates to the generation and modification of the object security context, so that an object security context management module is designed, and the module limits the generation and modification of the security context according to the security context management rule based on the object proxy characteristic, ensures that the generated and set security context does not violate the security context management rule, and becomes an important support module of the data definition authority verification module.
Protection enhancement system table design
In order to realize MAC of the object proxy database, two protection enhancement system tables are designed: the system table od _ seclabel and the system table od _ attrdeplay are used for storing security context of the database object, the od _ attplay is used for storing corresponding relations of all attributes under the multilayer proxy relation, the system table od _ seclabel and the system table od _ deputyatr are associated, and the od _ deputyatt is used for associating all tuples which are independent of each other in the od _ seclabel.
1. The system table od _ seclabel is used for storing the security context of each object based on the MAC method of selinux, executing MAC on the database object, designing the system table od _ seclabel capable of assisting in controlling the whole access control method from the global perspective, and storing the security context and the related information of each object.
2. And the system table od _ attrdeplay can also be used as a source class of the agent class according to the characteristics of the object agent database, the actual physical stored real attributes are obtained by accessing the virtual attributes of a plurality of agent classes, and the system table od _ attrdeplay for storing the corresponding relation of each attribute in the multilayer complex agent relation is designed for carrying out fusion and unified management on the security context of the attributes in the classes in the multilayer complex agent relation.
(IV) protection enhancement System implementation
1. Object proxy language grammar augmentation
The object agent database protection enhancement system supports the MAC method by allocating a security context representing the security level of each database object, the SQL grammar of the object agent language also needs to be correspondingly promoted and expanded, the security context of most database objects is automatically allocated with default security context by the interaction of the object agent database protection enhancement system and the SELinux after the database system is initialized, but the security context of some objects is set and modified by users, and the expansion of the related SQL grammar:
first, setting a security context when creating a database object:
firstly, a DATABASE is created, the created DATABASE SQL after being expanded is CREATE DATABASE db name SECURITY _ LABEL: 'context of DATABASE', which represents that a DATABASE with a SECURITY context as the set content is created, the premise that the user creating the DATABASE has the authority to CREATE the DATABASE with the SECURITY context is successful in implementing the SECURITY context expressed as the user process and the SECURITY context set for the newly created DATABASE, which conform to the SECURITY policy of creating the DATABASE in SELinux.
The second is that the SQL of the created basic class after the creation of the basic class expansion represents the creation of a class and the security context of the real attribute as the basic class of the set content. The premise of successful statement execution is that the user creating the base class has the right to create the base class with the specified security context and real attributes.
And thirdly, creating an agent class, wherein the expanded created agent class SQL represents that a class and a security context with real attributes are created as the agent class of the set content, and the premise of successful execution of the statement is that a user creating the agent class has the authority of creating a basic class with the specified security context and the real attributes, the user needs to have access authority on a source class and related attributes appearing in the agent rule of the agent class, and the security context with the virtual attributes in the newly created agent class is not specified by the user but is determined according to the agent rule and the security context of the agent class where the agent rule is located.
Second, modify the security context of the database object:
firstly, the security context of the database is modified, and the SQL for modifying the security context of the database after expansion is as follows: the "context of DATABASE" indicates that the SECURITY context of the existing DATABASE is modified to be the set content, and the statement is executed successfully on the premise that the user modifying the DATABASE has the right to modify the DATABASE of the current SECURITY context, and the user has the right to set the SECURITY context of the DATABASE to be the designated SECURITY context.
The SQL of the modified class and the attribute security context represents that the security context of one class and the attribute thereof is modified into set content, wherein the class comprises a basic class and an agent class, and the attribute can be a real attribute or a virtual attribute; the premise that the statement is successfully executed is that a user modifying the class has the permission to modify the class or the attribute of the current security context, and the user has the permission to set the security context of the class or the attribute as the specified security context; the object proxy has a multilayer complex proxy relationship, the modification of the security context on the proxy class and the attribute thereof must be restricted by the source class and the lower-level proxy class, and the content of the security context set by the user must be checked correspondingly to finally determine whether the security context of the class or the attribute can be modified into the set content except for the permission.
2. Data organization method of protection enhancement system
The method comprises the steps that 1, a SELinux _ catalog structural body, names of database objects and expression modes SELinux systems operating on the database objects in an object proxy database kernel cannot recognize the names and the expression modes SELinux systems, in order to enable an access control strategy of SELinux to control various objects in an object proxy database, the names and operations of the database objects are converted into codes which can be recognized by the SELinux, the SELinux _ catalog structural body is designed, the SELinux _ catalog structural body constructs a set of mapping relations, and the names of various database objects and access vectors of various operations on the database objects correspond to internal codes.
An avc _ cache structure, wherein each time a user operates a database object, an object proxy feature database protection enhancement subsystem acquires an access control decision which can be made on the corresponding database object by the user by acquiring a security context of the user and a security context of the database object and calling a SELinux system function, and an executable operation in the access control decision is expressed in the form of an access vector.
3. Principal function of the protection enhancement system
(1) hook entry module
1) The function is the realization of a ClientAutomation _ hook function, namely after the user authentication module of the object proxy database executes the user identity authentication, the function is called to set the security context of the user process.
2) And the setatem _ object _ access is realized by an object _ access _ hook function, namely after the object access module of the object proxy executes the generation, deletion and modification of the object, the function is called to carry out the permission check of the user process execution data definition.
3) The function is the realization of an ExecutionCheckPerms _ hook function, namely the function is called to carry out the authority check of the data in the user process operation database object before the SQL statement for operating the data is compiled and executed.
(2) User security context operation module
1) And after the user identity is verified, the function calls a getpeeercon _ raw system function to obtain the security context of the socket port corresponding to the user process as the security context of the user process, and assigns a global variable client _ label _ peer.
2) And when the user accesses the database object, the access authority of the security context of the user process needs to be acquired, and the function returns the global variable client _ label _ peer set after the user performs identity authentication as the security context of the user process.
(3) Selinux interaction module
1) When a user creates a new database object, according to the security context of the current user process, the security context of the upper-level object of the database object to be created and the type of the database object to be created, a security _ computer _ create _ name _ raw system function is called to generate a default security context which accords with the SELinux access control strategy and is used as the default security context of the new database object to be created to return.
2) When a user requests to perform an access operation on a database object, according to the security context of the current user process and the security context of the database object to be accessed, a security _ computer _ av _ flags _ raw system function is called to obtain an access control decision avd conforming to the SELinux security policy, and all legal operations of the current user process on the database object requested to be accessed are included in avd.
(4) uAVC operation module
1) And setotem _ avc _ init, which initializes the user space access vector cache, and the set parameters include cache context and cache number.
2) And (4) setatem _ avc _ hash, executing hash operation, and mapping the hash operation to a cache entry determined by the storage access vector according to parameters such as the user process context, the database object context, the object type and the like.
3) The method comprises the steps of finding a corresponding cache entry in a user space access vector cache according to a result of a setext _ avc _ hash operation, and returning a result stored in the cache if the entry is found; if not, the call setatem _ avc _ computer generates an access vector decision return.
4) And the setatem _ avc _ computer calls a setatem _ computer _ avd function according to parameters such as user process security context, database object security context, object type and the like to generate an access vector decision, and the access vector decision is added into the user space access vector cache.
5) And (2) calling a setext _ avc _ lookup function to search an access vector in the user space access vector cache according to the user process security context, the database object security context and the access request vector parameters to determine whether the request of the user for operating the data meets the access control rule or not.
(5) Data definition authority verification module
1) When a user creates a new database object, after a default security context is allocated to the database object, whether the user has the authority to create the database object needs to be judged, and the function enters a corresponding branch to execute security context allocation and authority check according to the type and id of the database object.
2) And the setatem _ object _ drop judges whether the user has the authority to delete the database object when the user deletes a new database object, and the function enters a corresponding branch to execute the authority check to delete the database object according to the type and the id of the database object.
3) And the setatem _ object _ alter judges whether the user has the authority to modify the database object when the user modifies the database object, and enters a corresponding branch to execute the authority check for modifying the database object according to the type and the id of the database object.
4. Implementation process of protection enhancement system
The object agent database protection enhancement system provides unified management for fusing the security context of the database object, including generation, storage and modification of the security context, and simultaneously performs MAC on the operation of any user on the database object by adopting a SELinux security policy on the basis that the database object meets the security level management rule.
(1) Generation of object security context
The process of creating the SECURITY context of the newly created database object CREATEs a SELECT proxy class for the user, and adds a SECURITY _ LABEL clause in the CREATE command to set the SECURITY context of the proxy class, after the executor part performs autonomous access control, the execution process after transferring to the setext _ object _ access function of the hook entry module according to the hook function is as follows:
firstly, the method includes that the setatem _ object _ access enters a branch for processing and creating database object access right check, and the setatem _ object _ post _ create function is called to process by using oid and the type of the proxy class as input parameters;
secondly, the security context of the user process is obtained by calling the function setatemgetClientLabel of the user security context operation module through setatemObjectpCreatesCreatesCreatesThe function setatesContext of the user security context operation module, and the branch for establishing the proxy access authority check is entered.
(2) Modification of object security context
The user tries to modify the SECURITY context of the virtual attribute in an agent class, an ALTER command with a SECURITY _ LABEL clause is used, and the subsequent execution process after the executor part transfers to a setext _ object _ access function of a hook entry module according to a hook function after autonomous access control is carried out is as follows:
firstly, the setotem _ object _ access enters a branch for processing and modifying the access permission check of the database object, and oid of an agent class, oid of a virtual attribute, a security context ra _ newcontext set by a user and an object type are used as input parameters to call a setotem _ object _ alter function of a data definition permission check module for processing;
secondly, the session _ object _ alter calls the user security context operation module session _ get _ client _ label function to obtain the security context of the user process, and enters a branch of the access authority check of the modified attribute security context.
(3) Verification of object access rights
After a user inputs an operation request, all types of data operation statements are converted into an executable query tree, nodes containing database objects in the query tree need to be subjected to access control inspection, a basic class and an agent class can be used as nodes of the query tree, for each class contained in the query tree, specific operation access control permission inspection is carried out according to a process, the type of each node is RangetBlEntry, the members of the node comprise node types, class ids, bit mask requiredPerms corresponding to the operation requested by the user on the class, attribute selectedCols related to SELECT operation in the class, and attribute modifiedCols related to INSERT/UPDATE operation in the class.
After the actuator part performs autonomous access control, a subsequent execution process after transferring to a setem _ exec _ check _ perms function of a hook entry module according to a hook function is as follows:
firstly, the setext _ exec _ check _ perms calls a setext _ dml _ privileges function of a data operation authority checking module to process by taking RanetablEntry as an input parameter;
secondly, the setotem _ dml _ privileges calls a setatem _ get _ client _ label function of the user security context operation module to obtain the security context of the user process, acquires each parameter in the RangeTblEntry, converts requiredPerms into an internal code form required which can be identified by selinux, and calls a check _ class _ privilees function to judge the authority by taking classid, required, selectedCols and modifiedCols as input parameters.
Claims (10)
1. The MAC protection enhancement system of the object agent characteristic database is characterized in that an MAC model suitable for the object agent database is provided based on the object agent characteristic, and an access control rule of a main body to a database object and an agent relation database object security level restriction rule are designed on the basis of the MAC model; meanwhile, the method provides the database object with the integrated and unified security level management, and provides a database object security level management model and a set of security level management method based on the multilayer proxy relationship;
the invention provides a data source-based multi-data source agent virtual attribute security level subdivision method, which enables attribute contents inherited from different data sources to have respective security levels, and provides a fine-grained access control method of multi-data source agents on the basis, and the multi-security level of virtual attributes is utilized to carry out mutually independent access authority inspection on the attribute contents inherited from different data sources, so that the flexibility of multi-data source agent MAC in an object agent is improved;
the invention designs and realizes a protection enhancement system for providing an MAC function in an object agent database, the protection enhancement system provides fusion and unified security level management for database objects in an object agent and provides strict MAC for various database objects; the MAC method based on the object proxy characteristics is well applied to the object proxy, the realized protection enhancement system provides correct MAC for the database object in the object proxy, and the safety performance of the object proxy database is improved;
the method comprises the steps that a protection enhancement system with an MAC function in an object agent database provides MAC except for original autonomous access control for database objects in an object agent while supporting object agent characteristics, a SELinux module in a Linux kernel in a protection enhancement system framework serves as a security server for distributing default security context to partial objects in the object agent database and providing access control decisions based on security policies, the protection enhancement system serves as a client of the SELinux security server, the SELinux serves as a security server of the object agent database protection enhancement system, the SELinux-based MLS model of the security server is the implementation of an MAC method based on a Bell-La-Padula model, and the security context distribution supporting the database objects and a set of MLS security policies for generating the access control decisions are further provided in the model; when a user creates some special database objects or modifies the security context of an agent relation database object, the object agent database protection enhancement system performs fusion and unified management on the generation and modification of the object security contexts according to a security level management rule based on the object agent characteristics;
when the object proxy database system analyzes and executes SQL sentences input by a user, a logic module of the object proxy database protection enhancement system is called to carry out access right inspection, after the logic module of the object proxy database protection enhancement system processes database object information which is requested to be accessed by the user, security contexts of the database objects and the user are obtained and are sent to a SELinux security server as parameters, the SELinux security server searches for security policies according to the types of the database objects, the database objects and the security contexts of the user to make access control decisions and returns the access control decisions to the object proxy database protection enhancement system, the object proxy database protection enhancement system judges whether the operation of the user on the database objects meets the security policies according to the access control decisions provided by the SELinux security server, if the object operation requests the security policies in SELinux, the object proxy database protection enhancement system prevents database users from carrying out related operations on database objects;
in the process of executing access right inspection by the object proxy database protection enhancement system, interaction with the SELinux security server is performed as little as possible; and storing a user access vector in an access control decision obtained by a user by recently accessing the database in a user access right vector cache uAVC, and interacting with the SELinux security server to obtain the access control decision only when the object proxy database protection enhancement system logic module cannot find the access right vector of the same access request in the uAVC.
2. The system of claim 1, wherein the object proxy database MAC security model is based on the BLP security model, each database object in the database system is assigned a security label that reflects the security level of the database object, the database system is assigned a security label except for the database, base class, proxy class database objects, real attribute of base class, virtual attribute and real attribute of proxy class are also assigned security labels, and the agent that operates and accesses the database is also granted a security label, wherein the agent is the entity that requests the database resource and includes database users, user groups and processes, and the security label on the agent reflects the rights that the agent has access to those security level database objects;
the MAC model of the object agent comprises an access rule of a main body operation database object and an object security level management rule, and judges the legality of the database object security label according to the object security level management rule in the generation and modification processes of the database object security label; on the basis of ensuring that the security level of the database object conforms to the management rule, when the main body accesses the database object, comparing whether the security labels of the two conform to the management rule of the main body accessing the database object, and then determining whether the main body has the access authority of the database object.
3. The MAC protection enhancement system of an object proxy feature database according to claim 1, wherein the object proxy feature-based database access control rule:
firstly, the management rule of security level between objects, the virtual attribute of object proxy database in the database object active class and proxy class, proxy class and the corresponding attribute in the source class of proxy relation, the database system sets the following management rule of security level between objects with proxy relation as the processing procedure of the operation request of user on the basic class and proxy class: the security level of the virtual attribute in the agent class is greater than or equal to the security level of the corresponding attribute in each source class, and the category range of the virtual attribute in the agent class comprises the category range of the corresponding attribute in each source class; the security level of the agent class is less than or equal to the security level of all the virtual attributes in the agent class, and the class range of the agent class is contained in the class range of all the virtual attributes in the agent class; thirdly, the security level of all real attributes of the proxy class is more than or equal to that of the proxy class, and the category range of all real attributes of the proxy class comprises the category range of the proxy class;
secondly, the subject accesses the database object management rule, follows the rules of downward reading in BLP, and adopts the rules of no reading, no writing, and only peer writing, which are described as follows: firstly, when the security level of the database object is less than or equal to the security level of the main body and the category range of the database object is contained in the category range of the main body, the main body only has the right to read the database object; and secondly, when the security level of the database object is equal to that of the main body and the category range of the database object is equal to that of the main body, the main body only has the right of writing the database object.
4. The MAC protection enhancement system of an object proxy feature database according to claim 1, wherein the database object security level management method comprises:
firstly, generating agent class attribute security labels, wherein the number of source classes corresponding to the agent classes is different according to different types of the agent classes, the number of attributes in the source classes corresponding to virtual attributes is different, the virtual attributes possibly correspond to the attributes in a plurality of source classes, and in any case, a virtual attribute security label generation algorithm is adopted; the generation of the real-attribute security label in the proxy class is not different from the generation of the real-attribute security label in the basic class, and only the requirement that the security level of the real-attribute security label is not less than the class to which the real-attribute security label belongs is met;
and secondly, modifying the agent class attribute security label, wherein the real-attribute security label in the agent class needs to consider the security label of the agent class and the security label inheriting the corresponding attribute of the attribute part content in the lower-level agent class, and the modification of the virtual-attribute security label in the agent class needs to consider not only the security label of the agent class but also the security label corresponding to the attribute in the source class and the security label inheriting the corresponding attribute of the attribute content in the lower-level agent class.
5. The system for enhancing MAC protection of an object proxy feature database according to claim 1, wherein a fine-grained access control method for multiple data source proxy classes is proposed to make MAC of multiple data source virtual attributes in a UNION proxy class more flexible, the fine-grained access control method is based on subdivision of security levels of virtual attributes in multiple data source proxy classes, security tags of virtual attributes in the UNION proxy class, which are subdivided by security levels, are a set, when a database user attempts to access a part of attribute contents in virtual attribute va in the UNION proxy class, the fine-grained access control method performs more specific access control by obtaining one or more security tags corresponding to attribute contents to be accessed, and the specific process is as follows:
firstly, obtaining the security label SecL of the user requesting to access the multi-data source proxy classsubTo obtain its security level SLsubAnd class range CRsub;
Secondly, acquiring the virtual attribute security label set SecL requested to be accessed in the agent class to be accessedUDC.vaObtaining the minimum security level among all the security labels
Intersection with class Range
Thirdly, comparing the user security label SecLsubAnd security tags of virtual attributes to be accessed in multiple data source proxy UDCs, if any
Or
Then the security label is SecLsubThe user does not have the access right of any attribute content in the va, and the user is prevented from accessing the multi-data source agent class; otherwise, the following operations are executed;
fourthly, acquiring the content of the virtual attribute va in all the instances meeting the user request condition q in the UDC as a preliminary access result PreResvaIf there are instances satisfying q, then
Wherein
In order to satisfy one example of q,
n represents the number of the initial access results and is more than or equal to 1;
fifthly, for preliminary access result PreResvaEach virtual attribute content in (2)
Obtain the security label of the packet in which it is located if
Belong to a group
Then
The security tag is
Sixthly, comparing the security label SecL of the usersubAnd
security tag of
If it is
Or
Then the slave prerevaIn which is removed
Seventhly, the result PreRes is obtained after the preliminary accessvaAfter all the attribute values of the middle attribute va are judged, if so, the judgment is carried out
No va attribute content is returned to the user; otherwise, the preliminary access result PreResvaThe remaining attribute contents are returned to the user as the final access result.
6. The MAC protection enhancement system for an object proxy feature database according to claim 1, wherein the object proxy database protection enhancement system is a bridge that performs MAC on a database object in an object proxy using a SELinux security policy, that is, the object proxy database protection enhancement system interacts with SELinux to form a secure and efficient access control on the database object while supporting the object proxy database feature, and the object proxy database protection enhancement system is characterized in that:
the method comprises the steps that firstly, a hook entrance is realized, an object proxy database protection enhancement system is a plug-in for providing security service, MAC decision making is made for various operations in the object proxy system, the creation of a database object and the access of the database object both need to be controlled by the object proxy database protection enhancement system, hooks need to be added into modules in the original system of an object proxy for executing various operations so as to call functions in the object proxy database protection enhancement system to carry out real security access control operation, and the hook entrance needs to control various database operations in the object proxy database protection enhancement system;
secondly, generating, storing and managing security context, in the object proxy database system, the effective execution of MAC does not leave the correct management of the security context of each database object, the multilayer complex proxy relationship existing in the object proxy database further increases the difficulty of the management of the security context, the security context of the database object is fused and managed uniformly, the protection enhancement system of the object proxy database is a subsystem for providing MAC support, and the flexible and uniform centralized management is adopted for the generation, storage and maintenance of the security context of various database objects;
thirdly, interactive support is provided between the user space and the SELinux, the SELinux is used as a security server for providing security policy and permission test, and expression modes of various operations and database objects in the database user space cannot be directly identified, so that the object proxy database protection enhancement system converts various database information in the database user space into expression modes which can be understood by the SELinux and transmits the expression modes to the SELinux for permission test, an executable permission result generated by the SELinux according to the security policy is also an expression mode which cannot be identified by the object proxy database, and the object proxy database protection enhancement system converts the permission result returned by the SELinux into a mode which can be identified by the object proxy database, thereby realizing MAC of the database object;
and fourthly, managing user space access vector cache, wherein the object proxy database protection enhancement system adopts the user space access vector cache uAVC to store the result of the operation which is recently subjected to the permission test, so as to reduce the number of times of interaction between the object proxy database protection enhancement system and the SELinux and reduce the loss of the MAC to the database operation performance, the uAVC needs to be inquired in each permission test in the object proxy database protection enhancement system, and meanwhile, the storage and dynamic management of the access vector in the uAVC also need to be supported by the object proxy database protection enhancement system, so that the high-efficiency execution of the MAC is ensured.
7. The MAC protection enhancement system of the object proxy characteristic database according to claim 6, wherein the object proxy database protection enhancement system is composed of eight modules, namely a hook entry module, a uAVC operation module, a user security context operation module, a security context system table operation module, a data definition permission inspection module, an object security context management module and a data operation permission inspection module, after an object proxy user inputs an SQL statement, an executor of the system finds an entry for actual access operation permission inspection in the object proxy database protection enhancement system according to a hook function in the process of executing SQL, and the MAC of an object is delivered to the object proxy database protection enhancement system for processing;
the Hook entry module is provided with three Hook entries which are respectively a user authentication module, a data definition permission inspection module and a data operation permission inspection module, wherein the modules for executing the operations correspond to a user security context operation module, a data definition permission inspection module and a data operation permission inspection module in a graph, the user security context module is used for setting and acquiring security contexts of a user process, the data definition permission inspection module is used for realizing the permission inspection when a user executes CREATE, DROP and ALTER operations and the generation and modification of security contexts of database objects, the data operation permission inspection module is used for realizing the permission inspection when the user executes SELECT, INSERT, UPDATE and DELETE operations, and the security context system table operation module is used for reading and writing contents in a system table for realizing the MAC newly added security context of a storage object;
defining various database objects and internal codes which can be identified by SELinux and correspond to operations on the database objects in a SELinux interaction module, interacting with a SELinux security server to obtain default security context of a newly-built database object and operations which can be executed by a user on the database object, namely access control decisions, searching contents in a user space access control vector cache for storing the recently-generated access control decisions by a uAVC operation module, obtaining contents which do not exist in the uAVC by calling an interface in the SELinux interaction module and writing the contents into the uAVC, judging whether the operations of the user on data in the database accord with an access control strategy or not according to the access control decisions, wherein the data definition authority verification module and the data operation authority verification module both need the support of a security context system table operation module and a uAVC operation module; and designing an object security context management module, wherein the module limits the generation and modification of the security context according to a security context management rule based on the object proxy characteristics, and ensures that the generated and set security context does not violate the security context management rule.
8. The system of claim 1, wherein the MAC of the object proxy feature database is implemented by designing two protection enhancement system tables: the system table od _ seclabel and the system table od _ attrdeplay are associated, wherein the od _ seclabel stores security context of database objects, the od _ attrdeplay stores corresponding relations of all attributes under a multilayer proxy relation, and the system table od _ seclabel and the system table od _ deputyattetr are associated;
the method comprises the steps that firstly, a system table od _ seclabel is used for storing the security context of each object based on the MAC method of selinux, the system table od _ seclabel is used for executing MAC on database objects, the system table od _ seclabel capable of assisting in controlling the whole access control method from the global perspective is designed, and the security context and relevant information of each object are stored;
and the system table od _ attrdeplay is obtained by accessing virtual attributes of a plurality of agent classes to actual physically stored real attributes, the security context of the attributes in the classes under the multilayer complex agent relationship is subjected to fusion and unified management, and the system table od _ attrdeplay for storing the corresponding relationship of each attribute under the multilayer agent relationship is designed.
9. The MAC protection enhancement system of an object proxy feature database of claim 1, wherein the object proxy language syntax augments:
first, setting a security context when creating a database object:
creating a DATABASE, wherein the expanded created DATABASE SQL is CREATE DATABASE dbname SECURITY _ LABEL which is 'context of DATABASE', and represents that a DATABASE with a SECURITY context as set content is created, and the premise of successful execution of the statement is that a user creating the DATABASE has the authority to CREATE the DATABASE with the SECURITY context, and the SECURITY context which is partially expressed as a user process and the SECURITY context which is set for a newly created DATABASE conform to the SECURITY policy related to creating the DATABASE in SELinux;
the second is that the SQL of the created basic class after the basic class expansion represents that a class and the security context of the real attribute are created as the basic class of the set content, and the premise of successful execution of the statement is that the user creating the basic class has the authority of creating the basic class with the specified security context and the real attribute;
creating an agent class, wherein the expanded created agent class SQL represents that a class and a security context with real attributes are created as the agent class of set contents, and the statement is successfully executed on the premise that a user creating the agent class has the authority of creating a basic class with the designated security context and the real attributes, and the user needs to have access authority on a source class and related attributes appearing in an agent rule of the agent class, and the security context with the virtual attributes in the newly created agent class is not designated by the user but is jointly determined according to the agent rule and the security context of the agent class in which the agent rule is located;
second, modify the security context of the database object:
firstly, the security context of the database is modified, and the SQL for modifying the security context of the database after expansion is as follows: the method comprises the steps that (1) the ALTER DATABASE dbname SECURITY _ LABEL is 'context of DATABASE', the SECURITY context of the existing DATABASE is modified into set content, and the statement is executed successfully on the premise that a user modifying the DATABASE has the right of modifying the DATABASE of the current SECURITY context, and the user has the right of setting the SECURITY context of the DATABASE as the specified SECURITY context;
the SQL of the modified class and the attribute security context represents that the security context of one class and the attribute thereof is modified into set content, wherein the class comprises a basic class and an agent class, and the attribute can be a real attribute or a virtual attribute; the premise that the statement is successfully executed is that a user modifying the class has the permission to modify the class or the attribute of the current security context, and the user has the permission to set the security context of the class or the attribute as the specified security context; the object proxy has a multilayer complex proxy relationship, the modification of the security context on the proxy class and the attribute thereof must be restricted by the source class and the lower-level proxy class, and the content of the security context set by the user must be checked correspondingly to finally determine whether the security context of the class or the attribute can be modified into the set content except for the permission.
10. The MAC protection enhancement system for an object proxy feature database according to claim 1, wherein the object proxy database protection enhancement system provides unified management of fusion of security contexts of database objects, including generation, storage, and modification of security contexts, and performs MAC on any user's operation on a database object by using a SELinux security policy on the basis that the database object satisfies a security level management rule;
the process of creating the SECURITY context of the newly created database object CREATEs a SELECT proxy class for the user, and adds a SECURITY _ LABEL clause in the CREATE command to set the SECURITY context of the proxy class, after the executor part performs autonomous access control, the execution process after transferring to the setext _ object _ access function of the hook entry module according to the hook function is as follows:
firstly, the method includes that the setatem _ object _ access enters a branch for processing and creating database object access right check, and the setatem _ object _ post _ create function is called to process by using oid and the type of the proxy class as input parameters;
secondly, the security context of the user process is obtained by calling the function setatemgetClientLabel of the user security context operation module through setatemObjectpCreatesCreatesCreatesThe function setatesContext of the user security context operation module, and the branch for establishing the proxy access authority check is entered.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011187622.1A CN112231733A (en) | 2020-10-29 | 2020-10-29 | MAC protection enhancement system of object proxy feature database |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011187622.1A CN112231733A (en) | 2020-10-29 | 2020-10-29 | MAC protection enhancement system of object proxy feature database |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112231733A true CN112231733A (en) | 2021-01-15 |
Family
ID=74122663
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011187622.1A Pending CN112231733A (en) | 2020-10-29 | 2020-10-29 | MAC protection enhancement system of object proxy feature database |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112231733A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116663042A (en) * | 2023-08-01 | 2023-08-29 | 北京长扬软件有限公司 | Access control method, device, equipment and storage medium of multi-user-level directory |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1858738A (en) * | 2006-02-15 | 2006-11-08 | 华为技术有限公司 | Method and device for access data bank |
| US20080184335A1 (en) * | 2007-01-26 | 2008-07-31 | Xinwen Zhang | Method and system for extending selinux policy models and their enforcement |
| CN102118320A (en) * | 2011-04-18 | 2011-07-06 | 北京神州数码思特奇信息技术股份有限公司 | Method for protocol identification and flow control |
| KR101414580B1 (en) * | 2013-01-24 | 2014-07-16 | 한남대학교 산학협력단 | A Secured Linux Operationg System Using Multi-level Security |
| CN104680075A (en) * | 2013-11-27 | 2015-06-03 | 通用汽车环球科技运作有限责任公司 | Framework for fine-grain access control from high-level application permissions |
| CN108509807A (en) * | 2018-04-13 | 2018-09-07 | 南京新贝金服科技有限公司 | A kind of the table data authority control system and method for based role |
| CN111767572A (en) * | 2020-06-28 | 2020-10-13 | 北京天融信网络安全技术有限公司 | Method and device for safely accessing database |
-
2020
- 2020-10-29 CN CN202011187622.1A patent/CN112231733A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1858738A (en) * | 2006-02-15 | 2006-11-08 | 华为技术有限公司 | Method and device for access data bank |
| US20080184335A1 (en) * | 2007-01-26 | 2008-07-31 | Xinwen Zhang | Method and system for extending selinux policy models and their enforcement |
| CN102118320A (en) * | 2011-04-18 | 2011-07-06 | 北京神州数码思特奇信息技术股份有限公司 | Method for protocol identification and flow control |
| KR101414580B1 (en) * | 2013-01-24 | 2014-07-16 | 한남대학교 산학협력단 | A Secured Linux Operationg System Using Multi-level Security |
| CN104680075A (en) * | 2013-11-27 | 2015-06-03 | 通用汽车环球科技运作有限责任公司 | Framework for fine-grain access control from high-level application permissions |
| CN108509807A (en) * | 2018-04-13 | 2018-09-07 | 南京新贝金服科技有限公司 | A kind of the table data authority control system and method for based role |
| CN111767572A (en) * | 2020-06-28 | 2020-10-13 | 北京天融信网络安全技术有限公司 | Method and device for safely accessing database |
Non-Patent Citations (1)
| Title |
|---|
| 申少帅;张明扬;: "数据库安全增强模型研究", 沈阳理工大学学报, no. 03 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116663042A (en) * | 2023-08-01 | 2023-08-29 | 北京长扬软件有限公司 | Access control method, device, equipment and storage medium of multi-user-level directory |
| CN116663042B (en) * | 2023-08-01 | 2023-10-13 | 北京长扬软件有限公司 | Access control method, device, equipment and storage medium of multi-user-level directory |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7661141B2 (en) | Systems and methods that optimize row level database security | |
| JP4398371B2 (en) | How to control access to a relational database | |
| US8555403B1 (en) | Privileged access to managed content | |
| US8122484B2 (en) | Access control policy conversion | |
| US8019784B2 (en) | Managing external routines in a database management system | |
| US8930382B2 (en) | High performance secure data access in a parallel processing system | |
| US6934758B2 (en) | Stack-based access control using code and executor identifiers | |
| US7478094B2 (en) | High run-time performance method for setting ACL rule for content management security | |
| US5355474A (en) | System for multilevel secure database management using a knowledge base with release-based and other security constraints for query, response and update modification | |
| US7644086B2 (en) | Computer-implemented authorization systems and methods using associations | |
| US9430665B2 (en) | Dynamic authorization to features and data in JAVA-based enterprise applications | |
| US8095557B2 (en) | Type system for access control lists | |
| US7370344B2 (en) | Computer-implemented data access security system and method | |
| US20120131646A1 (en) | Role-based access control limited by application and hostname | |
| US10104087B2 (en) | Access control for user accounts using a parallel search approach | |
| US10360264B2 (en) | Access control for user accounts using a bidirectional search approach | |
| CN112231733A (en) | MAC protection enhancement system of object proxy feature database | |
| US9009731B2 (en) | Conversion of lightweight object to a heavyweight object | |
| CN115022020B (en) | Access control method and system based on multidimensional set calculation | |
| Kumar et al. | Security implications of distributed database management system models | |
| US8560572B2 (en) | System for lightweight objects | |
| CN112953950A (en) | Improved role-based access control method and system | |
| CN110188573B (en) | Partition authorization method, partition authorization device, partition authorization equipment and computer readable storage medium | |
| US7987470B1 (en) | Converting heavyweight objects to lightwight objects | |
| CN115514506A (en) | Cloud platform resource management method and device and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |