RU2709288C1 - Secure method of access to database - Google Patents

Abstract

FIELD: information technology.

SUBSTANCE: invention relates to computer systems and methods for providing secure access to a database. Technical result is achieved due to that preset allowed IP addresses, HWID numbers and roles of users of structural elements of automated system in form of sets of IP_allow={IP₁, IP₂, …, IP_n}, H_allow={H₁, H₂, …, H_n} and R_allow={R₁, R₂, …, R_m} for high verification of access rights to the database, and after receiving information including a request and a user context, comparing IP addresses, HWID numbers and user roles from the user context with multiple allowed IP addresses, HWID numbers and user roles in the storage device. In case if at least one of conditions is not satisfied, then an alarm signal is generated and information is output in compliance with access right, and when all conditions are met, the selection of the row to be considered when constructing the query result, and in the absence of rows in the DB table, the result of the request is converted in accordance with the specified conversion function F(x) by the key X and the result of the request is output in accordance with the access right in the encoded form.

EFFECT: high level of protecting access to a database while reducing computational load on a database.

1 cl, 9 dwg

Description

FIELD OF THE INVENTION

The claimed invention relates to computing systems, and in particular to a method that is associated with computer databases (DB) and electronic storages to provide secure access to the database and secure output of information.

State of the art

a) Description of analogues

A known method of managing a multidimensional database (MDB) according to the patent of the Russian Federation No. 2389066 "Multidimensional database and method of managing a multidimensional database", (class G06F 13/14, declared. 05.28.2008). In the known method carry out multidimensional access to the database and describe a way to manage them.

The disadvantage of this method is the specialized narrowly focused information security in the database according to multidimensional vectors of security descriptors, which does not provide additional security measures.

A known method of storage and retrieval of information in a database management system (DBMS) according to the patent of the Russian Federation No. 2417424 "Method for compressing multidimensional data for storage and retrieval of information in a database management system and device for its implementation", (class G06F 17/30, decl. 12/30/2009). The known method allows you to compress indices, data, repeating parts of elements using the generated group dictionary, and also allows you to compress repeating parts of text strings, dates and other types of data using byte and bit patterns.

The disadvantage of this method is the relatively low security design of access to multidimensional data, while it is impossible to guarantee the reliability of information storage without its security.

b) Description of the closest analogue (prototype)

The closest in technical essence to the claimed one is the method of secure access to the database according to the patent of the Russian Federation No. 2373571 “Systems and methods implemented by means of access at the level of small structural units for managing data stored in relational databases”, (class G06F 12/14, declared July 26, 2004, published November 20, 2009, Bulletin No. 32). The prototype method includes the following sequence of actions. The information including the query and user context is received, the row to be considered when constructing the query result is selected, the line security descriptor is compared with the information from the user context, if they do not match, the remaining rows in the database table are checked, and if they match, the contribution is checked DB rows into the query result and, if there is none, go to the selection of the row to be considered when constructing the query result, and if it exists, use the above in order to build the query result and check for the remaining rows in the database table, if there are any, go to the selection of the row to be considered when constructing the query result, and if they are absent, output the query result in accordance with the access right.

Compared with analogues, the prototype method can be used in a wider field of application, including for multidimensional database structures.

The disadvantages of the prototype are:

1. Inadequate database security, due to the fact that maintenance and tuning of the database can be carried out by third parties, which may entail familiarization with the information in the database by persons who do not have direct access to it upon request.

2. The output of information is carried out in an open form, without data protection from familiarization with unauthorized persons.

3. No preventive measures are envisaged to prevent violations of security policy before searching for the required row in the database and reconciling access rights by the security descriptor, in accordance with the discretionary model of access rights delimitation.

The present invention provides a method for eliminating identified deficiencies.

Disclosure of the invention (its essence)

a) technical result, the achievement of which the invention is directed

The purpose of the claimed technical solution is to develop a way to provide secure access to the database, which allows to reduce the computing load on the database, to improve the protection of information in the database from internal and external intruders.

b) a set of essential features

This goal is achieved by accepting information including the query and user context, selecting the row to be considered when constructing the query result, comparing the line security descriptor with information from the user context, and if they do not match, check for the remaining rows in the database table, and if they coincide, they check the contribution of the database row to the query result and, if it is absent, proceed to selecting the row to be considered when constructing the query result and if it is available, use the mentioned line when constructing the query result and check for the remaining rows in the database table, if there are any, go to the selection of the row to be considered when constructing the query result, and if not, display the query result in accordance with the access right , characterized in that the allowed IP addresses, HWID numbers and user roles of structural elements of the automated system are pre-set in the form of sets IP _bit = {IP ₁ , IP ₂ , ..., IP _n }, H _bit = {H ₁ H ₂ , ..., H _n ) and R _rasp = {R ₁ , R ₂ , ..., R _m } for increased verification of access rights to the database, and after receiving information including the request and user context, compare the value of the IP address of the i-th structural element IP _i , the automated system from the user context with the values of IP addresses from the set of IP _bits , if they do not match, they generate an alarm and proceed to display the query result in accordance with the access right, and if the IP address of the i-th structural element IP _i , the automated system from user one context with the values of IP-addresses of a plurality of IP _bit compare value HWID-numbers i-th structural element H _i of the automated system of the user context with the values HWID-numbers of the plurality of N _bits, in case of mismatch proceeds to the formation of an alarm signal, and for values HWID-coincidence number i-th structural element H _i of the automated system of the user context with the values HWID-numbers of the plurality of N _bits is compared to the role of the user i-th structural element R _i automated second system from the user context with the values of user role from a plurality of R _pazp, in case of mismatch proceeds to the formation of an alarm signal, and the coincidence of the role of the user i-th structural element R _i of the automated system of the user context with the values of user role from a plurality of R _pazp go to the selection of the row to be considered when constructing the query result, and if there are no rows in the database table, the query result is converted using the encoded method I according to a predetermined conversion function F (x) by a key X, obtainable from the Certification Center and proceeds to conclusion query result in accordance with the access rights in encrypted form.

A comparative analysis of the proposed solutions with the prototype shows that the proposed method differs from the known:

- an additional preliminary assignment of permitted IP addresses, HWID numbers and user roles of structural elements of the automated system stored in the storage device in the form of sets IP _bit = {IP ₁ , IP ₂ , ..., IP _n }, N _bit = {H ₁ , H ₂ , ..., H _n } and R _bit = {R ₁ , R ₂ , ..., R _m } for increased verification of access rights to the database;

- checking that the current IP addresses, HWID numbers and user roles from the user context match the sets of allowed IP addresses, HWID numbers and user roles in the storage device;

- the formation of an alarm if at least one of the conditions of increased verification does not satisfy the permitted parameters;

- conversion of the query result by the encoding method in accordance with the specified conversion function F (x) using the key X received from the Certification Authority;

- output of the query result in accordance with the access right in encoded form.

c) a causal relationship between the signs and the technical result

Thanks to a new set of essential features, the claimed method provides increased protection of access to the database from the internal intruder by checking the identification number of physical equipment and logical addresses of the devices from which access is available, reducing the computational load on the database by preliminary increased verification of user roles for the right to generate this request , and improving the protection of information in the database from an external intruder by encoding the query result a.

The analysis of the prior art made it possible to establish that analogues that are characterized by a set of features identical to all the features of the claimed technical solution are absent, which indicates the compliance of the claimed method with the condition of patentability “novelty”.

Search results for known solutions in this and related fields of technology in order to identify features that match the distinctive features of the claimed object from the prototype showed that they do not follow explicitly from the prior art. The prior art also did not reveal the fame of the distinctive essential features that determine the same technical result that is achieved in the claimed method. Therefore, the claimed invention meets the condition of patentability "inventive step".

Brief Description of the Drawings

The claimed method is illustrated by drawings, which show:

FIG. 1 is a flowchart of a method for secure data access;

FIG. 2 is a diagram of a possible database table;

FIG. 3 is a diagram of a possible security descriptor table;

FIG. 4 is a flow diagram of a method for secure access to a database;

FIG. 5 is a table encoding algorithm in accordance with a given transform function F (x) by key X;

FIG. 6 - database table with the specified information fields;

FIG. 7 - table of the security descriptor with the specified parameters in the database;

FIG. 8 - database table with specified time parameters;

FIG. 9 is a database table with sets of allowed IP addresses, HWID numbers, and user roles.

The implementation of the invention

The implementation of the claimed method is explained as follows. In traditional database models, the initial search for information is carried out on demand by searching the database, which generates a large time cost of computing and fetching the necessary information when receiving an array of query result strings, which affects the speed of its receipt. The output of information also remains unprotected from familiarization with the database by third parties who do not have direct access to it upon request. The present invention provides a method for eliminating identified deficiencies.

The storage device stores a plurality of permitted IP addresses, HWID numbers, user roles, security information embodied by one or more security descriptors. Each set of IP addresses, HWID numbers, user roles, and security descriptors controls selective access to one or more of the sources that are associated with them.

An IP address is a number that uniquely identifies a host on a computer network. In a word - this is an identifier with which you can navigate through networks and exchange information with various services and devices. The address is four octets (8 bits) separated by a dot - the total length is 32 bits. The IP address itself consists of the network and host parts, which determine the network number and host number.

Hardware ID (HWID) is a computer identifier that is formed on the basis of equipment data. The complex of this data includes many components, such as the motherboard, RAM, processor, hard drives and so on. As a result, a unique identifier is generated for each computer. Rare coincidences are not excluded, but these are hundredths of a percent in the total mass of computers. When changing the PC hardware configuration (adding a new disk, RAM, reinstalling the OS, etc.), the HWID of the computer changes and access to the database may be terminated due to changes in the hardware.

In the improved role model, all objects are combined into a single "tree". Each object, except for a single root, has one parent object, and any number of children. A role can be assigned to a user in the context of any object. In this case, the user begins to play the assigned role in the entire branch of the "tree", which is formed by this object.

Thus, any application object can form a domain into which it and all its child objects will belong. Any of its child objects can also form a domain that is subordinate to the domain of the parent object. The list of roles that a user plays in a particular domain consists of the roles assigned to him in that domain, plus roles from a higher-level domain, and from an even higher-level domain, and so on, to the root domain of the application. The roles assigned to a user in the root domain are global, i.e. Valid in the context of each application object.

For example, the root object "enterprise" has ten subordinate objects of the type "department", under each of which, in turn, are documents related to this department. A user who is assigned the role of "boss" in the context of a particular department (or departments) has full access to all documents of his department, but does not have access to documents of other departments, since there he does not play a corresponding role. The user, who is the “boss” of the root object of the system, has full access to all documents of the enterprise, which fully complies with the considerations of elementary logic.

Security information embodied in a plurality of permitted IP addresses may include, for example, a list of items that indicate: (1) the allowed network IP address of the node; (2) the type of access (for example, full access, read-only and / or mixed access, as well as a ban on access to multiple IP addresses).

Security information embodied in a plurality of authorized HWID numbers of a user's hardware may include, for example, a list of items that indicate: (1) an authorized HWID number that comes in a user context, together with a request to search for information in DB (2) the type of access (for example, full access, read-only and / or mixed access), which can also be duplicated when configuring the set of allowed IP addresses.

The security information embodied in the many permitted user roles may include, for example, a list of items that indicate: (1) the role of the user (for example, department head, employee, programmer); (2) type of access (e.g. full access, read-only and / or mixed access).

The security information embodied in the security descriptor may include, for example, a list of items that indicate: (1) access is allowed or denied; (2) the type of access (for example, allowing, say, only reading and / or reading and access); and (3) the principal to whom the protection information applies. For example, the storage device may be an ordered set of access control objects.

The database processor receives the request information from the user. The request information includes the request to be executed in the database, and the user context associated with the initiator of the request (for example, username, user ID and / or user type, user IP address, HWID number, user role and user protection descriptor )

In an aspect of the present invention, it is provided that after receiving the request and the user context, before starting to retrieve information in the database to build the query result, access rights are checked at the 2nd, 3rd, 7th level of the OSI network model (open systems) interconnection basic reference model - a basic reference model for the interaction of open systems (EMVOS)), which prevents unauthorized access to information of unauthorized officials.

In an aspect of the present invention, as part of the technical characteristics of the strategy, an SQL programming language (for example, TSQL - Time SQL) is proposed, supplemented by a new set of statements that provide creation, modification and deletion of security descriptor (s), for example access control lists.

In order to achieve the above and related objectives, the concept of the present invention is provided herein in connection with the following description and the accompanying drawings. However, this concept characterizes only a few different ways in which the principles of the invention can be embodied, and the present invention should be considered to include all such aspects and their equivalents. Other advantages and features of the invention, with novelty, can be found in the following detailed description of the invention, considering it in conjunction with the drawings.

DETAILED DESCRIPTION OF THE INVENTION

Given the growing popularity of computers, more and more data is being stored in databases, such as relational databases. In relational databases, most data is stored as rows in one or more tables. Access to the database can be obtained using one of the totality of objects. Due to the nature of the data stored in the database, authorizing selective access (for example, denying access, access for reading and / or access for reading and writing) to this data is essential.

The popularity of relational databases is based on the ability to perform associative queries on tables. Access to sets of objects stored in tables is possible using the set processing language (for example, SQL, the structured query language). This language provides the specification of one or more tables as a data source and the output - if it occurs at all - of only that row or those rows that or which satisfy some given condition.

The terms “component”, “processing program”, “model”, “system”, etc. in the sense in which they are used in this application should be considered as related to a computer-related object or hardware, a combination of hardware and software software, software, or software in progress. For example, a component can be - but not in a restrictive sense - a process running on a processor, a processor, an object, an executable file, a thread of tasks, a program and / or computer. As an illustration, we note that the component can be both the active application on the server and the server itself. One or more components can constantly participate in the implementation of the process and / or the flow of tasks, and some component can be localized on one computer and / or distributed between two or more computers. In addition, these components can operate from various computer-readable media having various data structures recorded thereon. Components can communicate through local and / or remote processes, for example, in accordance with a signal having one or more data packets (for example, data from one component interacting with another component in a local system, distributed system, and / or interacting through a network such as the Internet, with other systems through this signal). In accordance with the present invention, computer components can be stored, for example, on computer-readable media, including, but not limited to, application-oriented integrated circuit (ASIC), compact disc (CD), digital video disc (DVD), read-only memory (ROM) ), flash drive, hard drive, electrically erasable programmable read-only memory (EEPROM) and memory stick.

In general, the structural elements of an automated system (AS) are a set of automated workplaces for officials, databases, communication equipment, combined by wired and wireless communication lines, allowing access to the database.

A flowchart 100 of a method for secure access to a database, in FIG. 1 provides secure access to the database 180 on the basis of block 110 enhanced access control at the 2nd, 3rd and 7th level of the OSI model, reconciliation of logical network addresses, physical numbers of equipment and user roles of forwarders with many trusted IP addresses , HWID numbers and user roles stored in the storage device 170. The increased access control unit 110 allows you to compare the value of the IP address of the i-th structural element IP _i AC from the user context with the values of IP addresses from the set of IP _bit , the value of HWID- nom the era of the i-th structural element H _i AC from the user context with the values of HWID numbers from the set H _bit , the role value of the user role of the i-th structural element R _i AC from the user context with the values of the roles of users from the set R _bit , if the data the conditions do not satisfy the specified parameters — they generate an alarm, if the verification conditions satisfy the parameters — they turn to the database to select the row to be considered when constructing the query result.

When a request is formulated to the query component 120, the query optimization unit 130 may determine the “best way” (“optimization”) of the response to this request. For example, the query component 120 can apply a cost optimization strategy, as a result of which the cheapest way to execute the request is selected as a plan, or an optimization strategy according to a time (temporal) interval, as a result of which selection through a time table occurs, which, in turn, reduces time access to necessary information.

Query component 120 may apply well-known techniques in listing possible plans and cutting off costly ones. Indexes in tables play an important role in reducing the cost of accessing data in these tables. You should take into account that you can apply the optimization process of any type suitable for the implementation of the present invention, and all such types of optimization technologies should be considered within the scope of the claims of the attached claims.

It will be appreciated that the query component 120, the query optimization block 130, and / or the query execution block 140 may be computer components in the sense in which this term is defined herein.

It is important that when accessing table rows protected by a security algorithm in the form of security descriptors, the database processor 150 — just before considering the lines for input when constructing the poll result — forces the security algorithm to execute by confirming that the requestor has permission to read the rows , based on the strategy defined by the security descriptor associated with each line.

In order to stop the problem of unauthorized access to the database at the same time and not to disrupt the optimization process, the present invention proposed a new algorithm that ensures that all access paths to the table include a column that has security descriptors, as well as performing increased access control at the 2nd, 3rd, 7th level of the OSI model, by reconciling the logical addresses of the network, the physical numbers of the equipment, and the roles of the users of the query forwarders with a list of trusted addresses, numbers and roles stored in the storage device 170.

The user session cache 160 stores the calculated result due to whether the current security context has a specified permission with respect to a certain IP address, HWID number, user role, and security descriptor. Therefore, the result of checking whether the principal has access to the object specified by these protection criteria for this object is evaluated only upon receipt of the request. If two rows of the table have the same protection strategy, i.e. have the same security descriptor, the result of checking whether the initiator of the request has access to the row or not is evaluated for the first time, and this result is stored in cache 160. The cached result is applied to the second row.

Cache 160 becomes an extremely useful tool when many lines have the same security algorithm, which can occur, for example, in file systems and similar applications.

It will be appreciated that a user session cache may be a computer component in the sense in which this term is defined herein.

The database processor 150 receives the request information, for example, from the user. The request information includes a request to be executed in the database 180 and a user context associated with the initiator of the request (for example, username, user ID and / or user type, user IP address, HWID number and user role).

When the query is executed, the database processor 150 receives request information from the query component. The request information includes the request to be executed in the database, and the user context associated with the initiator of the request (for example, username, user ID and / or user type, IP address of the requestor, HWID number of the terminal equipment, user role in hierarchical structure).

The database processor checks the IP address of the packet with the allowed IP address stored in the storage device, checks the HWID number of the equipment with the allowed HWID number stored in the storage device, checks the role of the user, the query builder, if the user had the right to generate a request to the database or not? If at least one of the conditions is not satisfied, an alarm 415 is generated and information is displayed in accordance with access right 480.

If all conditions are met, the database processor evaluates the security descriptor associated with the row (s) of the database 180 to which it is accessed and user context information associated with the request to determine if the user has requested access to the row. After that, the database processor 150 provides a response to the request information based on this request and, importantly, user context information. Thus, the request initiator is provided with information only from that database 180 for which the user has access rights (for example, viewing and / or changing data).

DB 180 stores data in a structured format. For example, database 180 may be a relational database, an object database, and / or an object-relational database, as well as a temporal database. In connection with relational databases, we note that a set of objects with the same structure is called a table, and each object is called a row. The components of a structure are called columns. A relational database may include one table or a set of tables.

Data in a database is almost always inextricably linked with time. This is true for transactional databases, and even more so for analytical databases (in particular, time is the most important measurement of OLAP cubes).

In accordance with an aspect of the present invention, at least one of the tables associated with OBD 180 includes a column that stores security information, say, a security descriptor (e.g., an identifier associated with security information stored in a storage device 170, discussed below).

Access to the database can be made both by ordinary SQL-queries and temporal TSQL-queries. In the case of the formation of a temporal query, the time required to search for information in the database is reduced by indicating the time period affecting the necessary event.

One of the most important issues when using a database is the efficiency of applications with the corresponding DBMS. To increase the speed of query processing in relational DBMSs, indexes are traditionally used to select data from tables, as well as statistics and various heuristics when choosing an algorithm for combining data from several tables. When developing temporal DBMSs, considerable attention was paid specifically to performance issues, since in the general case, a small fraction of “active” data from the constantly growing amount of information in the database led to a sharp decline in performance with heavy use and / or insufficient attention when developing the application.

Three types of temporal tables can be used - temporal tables with a program period, temporal tables with a system period, and bitemporal tables that combine all the characteristics of the first two types. The use of temporal tables allows us to simplify the service logic of the application, provide information for auditing changes in data, correct errors in data, and also increase the access time to data.

In traditional relational databases, protection algorithms are not associated with rows in tables. So, in accordance with an aspect of the present invention, to indicate that rows in a particular database table are protected by a security strategy, the SQL statements for creating and replacing tables are extended to indicate this fact. One of the columns in the definition of these tables is optionally expanded with some attribute that indicates that this column implements the security algorithm. The value of this column refers to the identification parameter of some security descriptor discussed earlier (for example, a four-byte code). In one example, if the column value is “zero”, then the row is not protected by any strategy. On the other hand, the access control strategy for this row is selected based on the corresponding security descriptor and related information stored in memory 170. In another example, the default value of the column can be set as the identification parameter of the security descriptor, which embodies the security strategy in the table .

It will be appreciated that the system 100, the OBD processor 150, the OBD 180, and / or the storage device 170 may be computer components in the sense in which this term is defined herein.

Block 190 performs the conversion of the displayed information by the encoding method in accordance with the specified conversion function F (x) using the key X received from the Certification Authority (CA).

CA users independently carry out the procedure for generating keys and generating requests for a public key certificate. These procedures are performed using the workstation of a registered user at the workplace.

Incoming requests for certificates of public keys of users are processed by the administrator of the CA using the workstation of the administrator of the Registration Center.

A diagram of a possible database table 200 is shown in FIG. 2 and it includes data columns 210 and data rows 220. In addition, table 200 includes a column 230 of security descriptors. For example, column 230 of security descriptors may store — for a particular row — the security descriptor associated with that row. In one example, the security descriptor is an identifier associated with the storage device 170.

A diagram of a possible security descriptor table 300 is depicted in FIG. 3 in accordance with an aspect of the present invention. Security descriptors 310 are stored in memory 300. In this example, a particular security descriptor 310 further includes a permission 330 that identifies the type of access associated with a particular security descriptor 310, for example, denied access, read-only access and / or read access and records. The security descriptor 310 further includes a principal (s) 340 to which the security descriptor 310 is applied (e.g., username (usernames) user group (user groups), user identifier (user identifiers) and / or user type ( user types).

A secure access method to the database 400 that can be implemented in accordance with the present invention is illustrated in FIG. 4. in accordance with an aspect of the present invention. At step 409, the allowed IP addresses, HWID numbers, and user roles of the structural elements of the AC are pre-set in the form of sets IP _bit = {IP ₁ , IP ₂ , ..., IP _n }, N _bit = {H ₁ , H ₂ , ..., H _n } and R _bit = {R ₁ , R ₂ , ..., R _m } for increased verification of access rights to the database. Information 410, including the request and user context, is received. The value 411 of the IP address of the i-th structural element IP _i АС from the user context is compared with the values of IP addresses from the set of IP _bits , if they do not match, an alarm 415 is generated, an automatic report is sent to the security service with a report on the attempt to enter from an unregistered IP addresses, and if the IP _i value matches the IP _bit value, further verification is carried out according to the algorithm of the invention.

The value 412 of the HWID number of the i-th structural element H _i AC from the user context is compared with the values of the HWID numbers from the set H _bit ; if they do not match, an alarm 415 is generated, an automatic report is sent to the security service with a report on an attempt to penetrate unregistered HWID-number, and if the IP _i value matches the IP _bit value - further verification is carried out according to the algorithm of the invention.

The value 413 of the user role of the i-th structural element R _i АС from the user context is _compared with the values of user roles from the set R _pp ; if they do not _match , an alarm 415 is generated, an automatic report is sent to the security service with a report on an attempt to create a request with the role , which does not correspond to the access right, and if the values of R _i coincide with the value of R _bit go to the choice of line 414, which should be considered when constructing the query result.

Compare the security descriptor 420 of the line with information from the user context, if the security descriptor of the line does not match the information from the user context, check for the remaining rows in the table at step 430. If the security descriptor of the line matches the information from the user context at 420, then go to step 440, which compares the information in the row of the table with the requested information from the query to build the result of the query. If there is no requested information in the line for constructing the query result, they return to step 414 of selecting the row to be considered when constructing the query result. If the requested information is in the line for constructing the result of the query, use the mentioned line to build the result of the query 450.

Check for the remaining rows 430 in the table, if there are more rows in the table, return to step 414 the selection of the row to be considered when constructing the query result. If there are no more lines left, they perform 470 conversion of the request result by encoding in accordance with the specified conversion function F (x) using the key X received from the Certification Authority (CA) and the result of the 480 request is displayed in accordance with the access right in encoded form according to his access rights.

For a detailed understanding of the process of converting the output information 470 by the encoding method, in accordance with the specified conversion function F (x) using the key X received from the CA, we turn to FIG. 5, where the initial data 501 is preliminarily set: the conversion function F (x) with the key X received from the CA and a set of tables with data T ₁ , T ₂ , ..., T _n as a result of a query to the MDB. The data obtained is transmitted to block 502, where the number of received tables N _k , the number of rows N _ki and columns N _kj for each table are counted, and the number of the processed table k is set. Next, check 503 to see if all the tables have been processed. If not all tables have been processed, they determine 504 the row number with which the processing of all rows of the k-th table begins.

Next, check 505 whether all rows of the k-th table are processed. If not all rows of the k-th table are processed - change the i-th row 506 in accordance with the specified conversion function F (x), select 507 a new row, for which they go to check block 505. In case all rows k -th table processed - determine the 508 column number from which the processing of all columns of the k-th table begins.

Next, check 509 whether all the columns of the kth table are processed. If not all columns of the k-th table are processed, change the j-th column 510 in accordance with the specified transformation function F (x), select 511 a new column, for which go to check block 509. If all columns k of the processed tables, select the following table 512, for which they go to the checker 503. If all the tables are processed, 513 sets of converted tables T ' ₁ T' ₂ , ..., T ' _n are output.

The conversion function F (x) permutes rows and columns in the tables by the key X, which is obtained centrally from the CA distribution of key information.

Based on the detailed description, we give an example with the specified information fields:

- in FIG. 6 shows a possible table 600 with the following information columns: full name 620, city 630, salary 640, security descriptor 650, each row (610 ₁ 610 ₂ , 610 ₃ ) describes specific users according to the information columns;

- in FIG. 7 illustrates a possible table having the following security descriptors 700 with predetermined parameters: security descriptor 720, access control list 730, and security descriptor lines (710 ₁ , 710 ₂ , 710 ₃ ) describing user access rights;

- in FIG. 8 shows a possible table 800, with the given time parameters: the appointment time 840 and the dismissal time 850 of the employee, full name 820 from department 830, each row (810 ₁ 810 ₂ , 810 ₃ ) describes specific users according to the information columns;

- in FIG. Figure 9 shows a possible table 900 with sets of allowed IP addresses 930, HWID numbers 940 and user roles 950, each line (910 ₁ 910 ₂ , 910 ₃ ) describes the access rights of a particular official, from a specific IP address, with a given HWID- line number and security descriptor 920.

All of these tables 600, 700, 800 and 900 are related. User roles can also be defined in separate tables with a hierarchical structure.

When the user Ivan requests the database 180 (table 600) for “all positions”, the word “Ivan” is the user context provided along with the request to the database processor 150. After that, the database processor 150 retrieves the security information stored in the storage device and compares, according to table 900, the IP address value of the i-th structural element IP _i AC from the user context with the IP address value from the column of table 930 IP _bit , the value of the HWID number of the i-th structural element H _i AC from the user context with the value of the HWID number from the column of the table 940 N _bit , the value of the user role of the i-th structural element R _i AC with the value of the user role R _razp from the column of the table 950, in case the data conditions do not satisfy etvoryayut specify parameters - form an alarm if the parameters satisfy the test conditions - the processor 150 queries database 180 and database previously receives all three rows. However, the database processor 150 then retrieves the security descriptor information stored in the storage device 170 associated with each of the three lines, and based on the user context returns only the first line, since user Ivan has the authority to only read this line. However, if the Administrator makes the same request (for example, “all positions”), then all three lines are returned, since the Administrator has the authority to read all lines and / or write to them. At the last stage, the information is converted by the permutation of rows and columns in the table by the conversion function F (x) with the key X.

Both user Ivan and the database administrator will receive rows with the requested data according to their security descriptors, however, this data will be mixed and illegible for semantic content. Only a user who has the key X received from the CA will be able to decrypt the resulting table with data using the conversion function F (x) and extract useful information from it.

If you even imagine that the attacker knows the password from the workplace of an authorized official, logs in from his personal computer, contacts the database from the approved IP address, observing all the roles, and tries to get information from the database, he will receive a response to the request in encoded form , which, without the daily key received from the CA will not represent any semantic load.

Based on the calculations and description, it is clear that in the process of secure access and presentation of information in the database, access to the database is protected, the computational load on the database is reduced, and the protection of information in the database from internal and external intruders is increased. This is achieved by checking that the IP address belongs to the set of allowed IP addresses from which access is made, the HWID number belongs to the set of allowed HWID numbers, increased checking of user roles for the right to form this request to the database, and also converting the displayed information in accordance with given by the transformation function F (x) with the key X obtained from the CA.

Claims (1)

The method of secure access to the database, which consists in accepting information that includes the request and user context, selects the line to be considered when constructing the result of the request, compares the security descriptor of the line with information from the user context and, if they do not match, check for the remaining rows in the database table, and if they match, check the contribution of the database row to the query result and, if there is none, go to the selection of the row to be considered when posting digging the query result, and if there is one, use the mentioned line when building the query result and check for the remaining rows in the database table, if there are any, go to the selection of the row to be considered when constructing the query result, and if not present, display the query result in according to the access rights, characterized in that the pre-set permitted IP addresses, HWID-nomepa user roles and structural elements of the automated system in the form of sets of _bit IP = IP _{1, IP _2, ..., I _n}, N _bits = {H _1, H _2, ... H _n} and R _pazp = {R _1, R _2, ..., R _m} for improved verification of access rights to the database, and receiving the information including the request and the user context, compare the IP address value of the i-th structural element IP _{i of the} automated system from the user context with the values of the IP addresses from the set of IP _bits , in case of mismatch, they generate an alarm and proceed to output the query result in accordance with the access right, and if the values of the IP address of the i-th structural element of the IP _i automate the system from the user context with the values of IP addresses from the set IP _bit compare the value of the HWID number of the i-th structural element Н _{i of the} automated system from the user context with the values of HWID numbers from the set Н _bit , in case of mismatch proceed to the formation of an alarm and when the values of the HWID number of the i-th structural element H _{i of the} automated system from the user context coincide with the values of the HWID numbers from the set H _bit , the role value of the user role of the i-th structure is compared of the element R _{i of the} automated system from the user context with the values of user roles from the set R _ra , in case of their mismatch proceed to the formation of an alarm, and if the value of the user role of the i-th structural element R _{i of the} automated system from the user context coincides with the values of the roles of the users a plurality of r _pazp transferred to the selection line to be considered in constructing the query result, and when there is no row in the database table operate transformation p query result encoding method in accordance with a predetermined conversion function F (x) by a key X, obtainable from the Certification Center and proceeds to conclusion query result in accordance with the access rights in encrypted form.

Images