CN102184371A - Detecting method and system for database operation authority of SQL (Structured Query Language) - Google Patents
Detecting method and system for database operation authority of SQL (Structured Query Language) Download PDFInfo
- Publication number
- CN102184371A CN102184371A CN2011100951094A CN201110095109A CN102184371A CN 102184371 A CN102184371 A CN 102184371A CN 2011100951094 A CN2011100951094 A CN 2011100951094A CN 201110095109 A CN201110095109 A CN 201110095109A CN 102184371 A CN102184371 A CN 102184371A
- Authority
- CN
- China
- Prior art keywords
- database
- database manipulation
- detecting unit
- state
- manipulation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a detecting method and a system for database operation authority of SQL (Structured Query Language). The method includes the steps as follows: analyzing the current database operation so as to determine the database operation template corresponding to the current database operation and extracting the database operation abstract corresponding to the current database operation according to the template, wherein the database operation abstract corresponds to unique detection unit; and judging whether a detection unit is prestored in a system, if not, judging that the current database operation is illegal and sending out alarming information, if so, determining the state of the detection unit, and detecting the operation authority according to the state of the detection unit, wherein the states comprise a learning state, an activated state and a short-circuit state. Based on the syntax analysis of the SQL, the database operation abstract is generated and the abstract corresponds to one detection unit; and the purpose of dynamically monitoring unauthorized access is achieved by setting the state of a state machine to the 'learning state', the 'activated state' or the 'short-circuit state'.
Description
Technical field
The present invention relates to the database security administrative skill field of computing machine, relate in particular to a kind of database manipulation authority detection method and system of SQL statement.
Background technology
Data safety management is a content safety management most important parts; for nearly all government department today; the business of enterprises and institutions all is to be produced and preserved by the infosystem that network turns to the basis; financial data such as an enterprise; production data; office service data or the like data resource all is in the core-data management system of infosystem; therefore the IT administrative authority for each unit will step up to its responsibilities to it; guarantee the security and the credibility of its data resource, but the rank of the safety precautions of Database Systems being taked for most of users is also less than the rank of the safety precautions of operating system and network.The suffered active threat of data resource comprises in the Database Systems:
1) the certain sensitive data in the database is carried out visit, the download of big data quantity;
2) inside or external user carry out unauthorized direct visit to database, to the direct modification of data;
3) directly the database application system data are illegally deleted, destroy crucial application data, cause confusion, the pause of related service even directly cause the economic interests loss;
4) the unauthorized adjustment database configuration of keeper or invador causes Database Systems unusual;
5) invador utilizes security of system leak or the thin keeper of awareness of safety, sets up the back door of system by the special authority of giving domestic consumer, promotes the data base administration authority, and data are stolen, distorted and destroy;
6) malicious persons is obtained database access account number and encrypted message, can carry out unauthorized operation to database;
7) lack effective technical means, set up security incident confirmation of responsibility and follow-up mechanism.
The threat that more than destroys data integrity all comes from the leak of security strategy of database itself and the problem of use aspect, yet violation operation for the database validated user, and internal user is to problems such as the intentional leakage of data resource or destructions, more serious to the harm meeting that enterprise brings, loss also can be quite huge.
At the demand, the database auditing system of a lot of Network Based or daily records is arranged in the market, they are provided with fixing detection strategy by artificial participation, produce warning information or database manipulation blocked to satisfy the demand that the data drainage is leaked.
Summary of the invention
The object of the present invention is to provide a kind of database manipulation authority detection method and system of SQL statement,, generate detection strategy, adjust detection (audit) strategy of database manipulation authority automatically unauthorized database manipulation with by study automatically.
On the one hand, the invention discloses a kind of database manipulation authority detection method of SQL statement, comprise the steps: extraction step, operation is analyzed to current database, determine that described current database operates pairing database manipulation template, according to described template, extract described current database and operate pairing database manipulation summary; And, the corresponding unique detecting unit of described database manipulation summary; The authority determining step judges that whether store described detecting unit in advance: if not, then described current database is operating as illegally, sends warning message in the detection module of system; If, then determine the state of described detecting unit, described state comprises learning state, state of activation and short-circuit condition; Carry out the detection of operating right according to the state of detecting unit.
Above-mentioned database manipulation authority detection method, in the preferred described authority determining step, if described detecting unit is in short-circuit condition, then described current database is operating as legal operation.
Above-mentioned database manipulation authority detection method, in the preferred described authority determining step, if described detecting unit is in state of activation, then judge: whether the described detecting unit of storage in advance comprises described current database is operated pairing database manipulation template, if then described current database is operating as legal operation; If not, then described current database is operating as illegally, sends warning message.
Above-mentioned database manipulation authority detection method, in the preferred described authority determining step, if described detecting unit is in learning state, then: determine database manipulation templates all in the described detecting unit, whether the quantity of judging database manipulation template in the described detecting unit surpasses predetermined threshold: if, then the state with described detecting unit switches to short-circuit condition, determines that described current database is operating as legal operation; If not, whether the time of then judging learning state exceeds the schedule time or whether the operation template fission of learning is not upgraded for a long time:
If then the state with described detecting unit switches to state of activation, be in the detection that state of activation is carried out operating right according to described detecting unit; If not, the corresponding database manipulation template of described current database operation is added in the described detecting unit; Simultaneously, determine that described current database is operating as legal operation.
Above-mentioned database manipulation authority detection method, in the preferred described extraction step, described database manipulation summary is that database manipulation type and database object are formed the right ordered set of meaning guest; Wherein, described database manipulation type list shows the mode of database manipulation; Described database object table is shown an entity in the database.
Above-mentioned database manipulation authority detection method, in the preferred described extraction step, described database manipulation summary obtains in the following way: by database journal as resolving foundation, based on context, SQL statement is resolved to the database manipulation template, according to described database manipulation template, obtain the database manipulation summary.
On the other hand, the invention discloses a kind of database manipulation authority detection system of SQL statement, comprising: extraction module and authority judge module.Wherein, extraction module is used for current database operation is analyzed, and determines that described current database operates pairing database manipulation template, according to described template, extracts described current database and operates pairing database manipulation summary; And, the corresponding unique detecting unit of described database manipulation summary; The authority judge module is used for judging the detection module of system, whether stores described detecting unit in advance: if not, then described current database is operating as illegally, sends warning message; If, then determine the state of described detecting unit, described state comprises learning state, state of activation and short-circuit condition; Carry out the detection of operating right according to the state of detecting unit.
Above-mentioned database manipulation authority detection system, in the preferred described authority judge module, if described detecting unit is in short-circuit condition, then described current database is operating as legal operation.
Above-mentioned database manipulation authority detection system, in the preferred described authority judge module, if described detecting unit is in state of activation, then judge: whether the described detecting unit of storage in advance comprises described current database is operated pairing database manipulation template, if then described current database is operating as legal operation; If not, then described current database is operating as illegally, sends warning message.
Above-mentioned database manipulation authority detection system, in the preferred described authority judge module, if described detecting unit is in learning state, then:
Determine database manipulation templates all in the described detecting unit, whether the quantity of judging database manipulation template in the described detecting unit surpasses predetermined threshold: if, then the state with described detecting unit switches to short-circuit condition, determines that described current database is operating as legal operation; If not, whether the time of then judging learning state exceeds the schedule time or whether the operation template fission of learning is not upgraded for a long time:
If then the state with described detecting unit switches to state of activation, be in the detection that state of activation is carried out operating right according to described detecting unit; If not, the corresponding database manipulation template of described current database operation is added in the described detecting unit; Simultaneously, determine that described current database is operating as legal operation.
Above-mentioned database manipulation authority detection system, in the preferred described extraction module, described database manipulation summary is that database manipulation type and database object are formed the right ordered set of meaning guest; Wherein, described database manipulation type list shows the mode of database manipulation; Described database object table is shown an entity in the database.
Above-mentioned database manipulation authority detection system, in the preferred described extraction module, described database manipulation summary obtains in the following way: by database journal as resolving foundation, based on context, SQL statement is resolved to the database manipulation template, according to described database manipulation template, obtain the database manipulation summary.
Compared with prior art, the present invention is based on grammatical analysis to SQL statement, produce the database manipulation summary info, the corresponding state machine of each database manipulation summary info, this state machine can be understood as a unit of a detection module, be set at " learning state ", " state of activation ", " short-circuit condition " by state, reach the non-purpose of awarding visit of dynamic monitoring state machine.
Therefore, the present invention can generate the detection strategy to unauthorized database manipulation by study automatically, adjusts detection (audit) strategy of database manipulation authority automatically.
Description of drawings
Fig. 1 is the flow chart of steps of the database manipulation authority detection method embodiment of SQL statement of the present invention;
Fig. 2 is the flow chart of steps of the database manipulation authority detection method preferred embodiment of SQL statement of the present invention;
Fig. 3 is detection module, detecting unit, database manipulation summary, database manipulation template and each relation between objects of SQL;
Fig. 4 is the view of detecting unit, comprises learning state, state of activation and short-circuit condition;
Fig. 5 is the deployment way of the database manipulation authority detection system of SQL statement of the present invention, and this detection system is deployed in the probe module;
Fig. 6 is the structured flowchart of the database manipulation authority detection system embodiment of SQL statement of the present invention.
Embodiment
For above-mentioned purpose of the present invention, feature and advantage can be become apparent more, the present invention is further detailed explanation below in conjunction with the drawings and specific embodiments.
For a large-scale application system, the generation overwhelming majority of database manipulation is produced by application system, is to be understood that the operation that produces for application system is through authorizing.How to judge automatically that non-application system (or claiming non routine operation) is exactly an a great problem.
The database manipulation authority detection method embodiment of SQL statement
With reference to Fig. 1, Fig. 1 comprises the steps: for the flow chart of steps of the database manipulation authority detection method embodiment of SQL statement of the present invention
Extraction step S110 analyzes current database operation, determines that described current database operates pairing database manipulation template, according to described template, extracts described current database and operates pairing database manipulation summary; And, the corresponding unique detecting unit of described database manipulation summary.
Authority determining step S120 judges whether store described detecting unit in the system in advance, if not, and execution in step S130A, if, execution in step S130B.
Step S130A determines that current database is operating as illegally, sends warning message;
Step S130B determines the state of described detecting unit, and described state comprises learning state, state of activation and short-circuit condition; Carry out the detection of operating right according to the state of detecting unit.
The foregoing description is by making a summary to producing database manipulation, and the corresponding detecting unit (state machine) of should making a summary, by the setting state with state machine is " learning state ", " state of activation " or " short-circuit condition ", reaches the non-purpose of awarding visit of dynamic monitoring.
In addition; need to prove; the foregoing description is a kind of optimization to system for the application of database manipulation template; purpose is the stored number that reduces data in EMS memory storehouse operation (SQL), and directly application data base Action Summary correspondence database is operated and reached similar purpose also within protection scope of the present invention.
Preferred embodiment
Below in conjunction with Fig. 2, Fig. 3 and Fig. 4, the preferred embodiments of the present invention are described.
With reference to Fig. 2, Fig. 2 is the flow chart of steps of the database manipulation authority detection method preferred embodiment of SQL statement of the present invention.The database manipulation authority detection method of this SQL statement comprises the steps:
1) by database journal as resolving foundation, based on context, SQL statement is resolved to the database manipulation template, according to the database manipulation template, obtain the database manipulation summary; The corresponding unique detecting unit of database manipulation summary.The database manipulation summary is that database manipulation type and database object are formed the right ordered set of meaning guest; Wherein, described database manipulation type list shows the mode of database manipulation; Described database object table is shown an entity in the database.
2) judge in the detection module of system, whether store above-mentioned detecting unit in advance:
If not, then described current database is operating as illegally, sends warning message;
If, then determine the state of described detecting unit, described state comprises learning state, state of activation and short-circuit condition; Carry out the detection of operating right according to the state of detecting unit.
Below to 2) be elaborated:
A), 2) in, if detecting unit is in short-circuit condition, then described current database is operating as legal operation.
B) 2) in, if detecting unit is in state of activation, then judge:
Whether Cun Chu detecting unit comprises described current database and operates pairing database manipulation template in advance, if then current database is operating as legal operation; If not, then current database is operating as illegally, sends warning message.
C) 2) in, if detecting unit is in learning state, then:
The database manipulation template of determining in the detecting unit to be comprised judges whether to satisfy short circuit condition, and promptly whether the quantity of these database manipulation templates surpasses predetermined threshold:
I) if then the state with detecting unit switches to short-circuit condition, determines that described current database is operating as legal operation;
Ii) if not, then judge whether meet activation condition at present, activation condition is, whether the time of learning state exceeds the schedule time or whether the operation template fission of learning is not upgraded for a long time:
If then the state with detecting unit switches to state of activation, be in the detection that state of activation is carried out operating right according to the appeal detecting unit;
If not, the corresponding database manipulation template of current database operation is added in the described detecting unit; Simultaneously, determine that described current database is operating as legal operation.
Below, database manipulation template and database summary are described.
The database manipulation template: (Oracle company is referred to as Parsed SQL, other local temporary transient find unanimity or approaching definition therewith) make a summary with respect to database manipulation, the database manipulation template is another the standardization processing mode to database manipulation (SQL statement), the data division that is characterized in all SQL statement be replaced by special symbol (for example question mark "? "), the SQL key word of SQL statement and database object are defined by unified upper case or lower case form, meetings such as a plurality of blank characters of SQL statement (" r " " n " " t ") are by unified space or other special symbols of replacing to, thereby make and have only SQL statement form difference, the different SQL statement of the numerical value of SQL parameter has unique statement.
For example: SQL statement " SELECT TABLE1.COL1 from TABLE1 whereTABLE1.ID=' Zhang San ' " and SQL statement " SELECT TABLE1.COL1 FROMTABLE1 WHERE TABLE1.ID=' Li Si ' " the database manipulation template all is " select tabl1.col1 from table1 where table1.id=? " the certain corresponding unique database manipulation template of the SQL statement of a database manipulation, but a database manipulation template can be mated a plurality of SQL statement.
The database manipulation summary
● the database manipulation type: the mode of expression database manipulation is SELECTUPDATE DELETE INSERT etc. for example.
● database object: an entity in the expression database can be a table, a view, a trigger etc.
● database manipulation meaning guest is right: the database object by a database action type and an operation is formed.
● database manipulation summary: call guests to forming by one or more database manipulations.
For example:
It is right that database manipulation summary " (SELECT, TABLE1) " comprises a database manipulation meaning guest: the expression query manipulation acts on the database object TABLE1 table; The database manipulation summary " (SELECT, TABLE1) (UPDATE, TABLE2) " it is right to comprise two each and every one database manipulation meaning guests: the expression query manipulation acts on the database object TABLE1 table, upgrades acting on the database object TABLE2.
Each database manipulation (SQL statement) only can mate a database Action Summary, but a database Action Summary can mate a plurality of database manipulations (SQL statement): " SELECT*from TABLE1 where ID=1 for example; " " SELECT name fromTABLE1 where ID=2; " all can mate (SELECT, TABLE1).
Suppose that a SQL statement detection model comprises a detection module, with reference to Fig. 3, Fig. 3 is detection module, detecting unit, database manipulation summary, database manipulation template and each relation between objects of SQL.Be specially:
1) detection module can have a plurality of detecting units
2) corresponding unique database Action Summary of detecting unit
3) corresponding unique state of detecting unit
4) detecting unit can corresponding a plurality of database manipulation templates
5) corresponding SQL statement of database manipulation template, the only corresponding database manipulation template of SQL statement.
Below in conjunction with Fig. 4, learning state, state of activation and short-circuit condition are described.
1) learning state
Illustrate that the corresponding detecting unit of certain database manipulation summary is in the middle of the process of continuous collection database manipulation template, if system has found a new database manipulation template by certain database manipulation being carried out grammatical analysis, system can gather central with new database manipulation template is positioned over and can not produce warning information.
Need to prove that under the default situations, the new corresponding detecting unit of database manipulation summary is in the middle of the learning state.Afterwards, the automatic or manual participation by system can make detecting unit be in state of activation or short-circuit condition.
2) state of activation:
Illustrate that the corresponding detecting unit of certain database manipulation summary is in the monitoring state of unauthorized access, if database Action Summary of a database manipulation coupling of system discovery, in the middle of the database manipulation template of this detecting unit was done tabulation, but system can not produce the abnormality alarming of unauthorized access to the database manipulation template of this database manipulation.When detecting unit is in learning state after a period of time (system think that the database manipulation template of certain database manipulation summary of coupling all collect) system can be with the state of change detection unit to state of activation.
3) short-circuit condition
If database manipulation of system discovery mates the corresponding detecting unit of this database summary and database manipulation summary and is in short-circuit condition under this state, this database manipulation " is let slip " in system's meeting, and does not trigger warning information (no matter this database manipulation whether in the middle of the pairing database manipulation template list of making a summary at this database manipulation).System can be when a database Action Summary state machine be in the corresponding database behaviour template of learning state and database manipulation summary and does tabulation enough big (surpassing certain threshold values), and the detecting unit of database manipulation summary correspondence is switched to short-circuit condition.Short-circuit condition has very big meaning for the authorization database visit coupling under SQL statement (matching database Action Summary, still each real database manipulation template the is all inequality) situation of dynamic generation.
This embodiment has following advantage:
(1) dynamically sets up the detection strategy.
(2) can accomplish zero manual intervention in theory.
(3) because the database manipulation summary can be explained out professional meanings such as authority, its main body sign as strategy has better readability.
(4) because the structuring characteristic of database manipulation summary can be the pointed function extended capability of system (such as the fragment of certain database manipulation summary of artificial definition or database manipulation summary) easily.
The database manipulation authority detection system embodiment of SQL statement
With reference to Fig. 5, illustrated topology is resolved the reduction SQL statement with the network traffics of the mode monitored data storehouse client of bypass, database of record operation and other association attributeses.Among the figure, comprise audit server 51, probe 52, the network equipment 53 and database 54.The database manipulation authority detection system of SQL statement is arranged in probe module 52.
With reference to Fig. 6, Fig. 6 is the structured flowchart of the database manipulation authority detection system embodiment of SQL statement.Comprise: extraction module 60 and authority judge module 62.Wherein,
Extraction module 60 is used for current database operation is analyzed, and determines that described current database operates pairing database manipulation template, according to described template, extracts described current database and operates pairing database manipulation summary; And, the corresponding unique detecting unit of described database manipulation summary.Authority judge module 62 is used for judging the detection module of system, whether stores described detecting unit in advance: if not, then described current database is operating as illegally, sends warning message; If, then determine the state of described detecting unit, described state comprises learning state, state of activation and short-circuit condition; Carry out the detection of operating right according to the state of detecting unit.
The foregoing description is by making a summary to producing database manipulation, and the corresponding detecting unit (state machine) of should making a summary, by the setting state with state machine is " learning state ", " state of activation " or " short-circuit condition ", reaches the non-purpose of awarding visit of dynamic monitoring.
In addition; need to prove; the foregoing description is a kind of optimization to system for the application of database manipulation template; purpose is the stored number that reduces data in EMS memory storehouse operation (SQL), and directly application data base Action Summary correspondence database is operated and reached similar purpose also within protection scope of the present invention.
Below, the foregoing description is described further.
In the foregoing description, in the authority judge module 62, if described detecting unit is in short-circuit condition, then described current database is operating as legal operation.
In the foregoing description, in the authority judge module 62, if described detecting unit is in state of activation, then judge: whether the described detecting unit of storage in advance comprises described current database is operated pairing database manipulation template, if then described current database is operating as legal operation; If not, then described current database is operating as illegally, sends warning message.
In the foregoing description, in the authority judge module 62, if described detecting unit is in learning state, then: the quantity of all database manipulation templates in the true detecting unit, judge whether the quantity of database manipulation template in the described detecting unit surpasses predetermined threshold:
I) if then the state with described detecting unit switches to short-circuit condition, determines that described current database is operating as legal operation;
Ii) if not, whether the time of then judging learning state exceeds the schedule time or whether the operation template fission of learning is not upgraded for a long time:
If then the state with described detecting unit switches to state of activation, be in the detection that state of activation is carried out operating right according to described detecting unit;
If not, the corresponding database manipulation template of described current database operation is added in the described detecting unit; Simultaneously, determine that described current database is operating as legal operation.
In addition, the database manipulation summary is that database manipulation type and database object are formed the right ordered set of meaning guest; Wherein, described database manipulation type list shows the mode of database manipulation; Described database object table is shown an entity in the database.This database manipulation summary can obtain in the following way: as resolving foundation, based on context, SQL statement is resolved to the database manipulation template by database journal, according to described database manipulation template, obtain the database manipulation summary.
In addition, need to prove that the principle of the database manipulation authority detection system embodiment of SQL statement is identical with the database manipulation authority detection method of SQL statement, relevant part is mutually with reference to getting final product, and the present invention does not repeat them here.
More than the database manipulation authority detection method and the system of a kind of SQL statement provided by the present invention described in detail, used specific embodiment among the present invention principle of the present invention and embodiment are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, part in specific embodiments and applications all can change.In sum, this description should not be construed as limitation of the present invention.
Claims (12)
1. the database manipulation authority detection method of a SQL statement is characterized in that, comprises the steps:
Extraction step is analyzed current database operation, determines that described current database operates pairing database manipulation template, according to described template, extracts described current database and operates pairing database manipulation summary; And, the corresponding unique detecting unit of described database manipulation summary;
The authority determining step is judged in the detection module of system, whether stores described detecting unit in advance:
If not, then described current database is operating as illegally, sends warning message;
If, then determine the state of described detecting unit, described state comprises learning state, state of activation and short-circuit condition; Carry out the detection of operating right according to the state of detecting unit.
2. database manipulation authority detection method according to claim 1 is characterized in that, in the described authority determining step, if described detecting unit is in short-circuit condition, then described current database is operating as legal operation.
3. database manipulation authority detection method according to claim 2 is characterized in that, in the described authority determining step, if described detecting unit is in state of activation, then judges:
Whether the described detecting unit of storage in advance comprises described current database is operated pairing database manipulation template, if then described current database is operating as legal operation; If not, then described current database is operating as illegally, sends warning message.
4. database manipulation authority detection method according to claim 3 is characterized in that, in the described authority determining step, if described detecting unit is in learning state, then:
Determine database manipulation templates all in the described detecting unit, judge whether the quantity of database manipulation template in the described detecting unit surpasses predetermined threshold:
If then the state with described detecting unit switches to short-circuit condition, determine that described current database is operating as legal operation;
If not, whether the time of then judging learning state exceeds the schedule time or whether the operation template fission of learning is not upgraded for a long time:
If then the state with described detecting unit switches to state of activation, be in the detection that state of activation is carried out operating right according to described detecting unit;
If not, the corresponding database manipulation template of described current database operation is added in the described detecting unit; Simultaneously, determine that described current database is operating as legal operation.
5. according to each described database manipulation authority detection method in the claim 1 to 4, it is characterized in that, in the described extraction step,
Described database manipulation summary is that database manipulation type and database object are formed the right ordered set of meaning guest; Wherein, described database manipulation type list shows the mode of database manipulation; Described database object table is shown an entity in the database.
6. database manipulation authority detection method according to claim 5 is characterized in that, in the described extraction step, described database manipulation summary obtains in the following way:
As resolving foundation, based on context, SQL statement is resolved to the database manipulation template by database journal,, obtain the database manipulation summary according to described database manipulation template.
7. the database manipulation authority detection system of a SQL statement is characterized in that, comprising:
Extraction module is used for current database operation is analyzed, and determines that described current database operates pairing database manipulation template, according to described template, extracts described current database and operates pairing database manipulation summary; And, the corresponding unique detecting unit of described database manipulation summary;
The authority judge module is used for judging the detection module of system whether to store described detecting unit in advance:
If not, then described current database is operating as illegally, sends warning message;
If, then determine the state of described detecting unit, described state comprises learning state, state of activation and short-circuit condition; Carry out the detection of operating right according to the state of detecting unit.
8. database manipulation authority detection system according to claim 7 is characterized in that, in the described authority judge module, if described detecting unit is in short-circuit condition, then described current database is operating as legal operation.
9. database manipulation authority detection system according to claim 8 is characterized in that, in the described authority judge module, if described detecting unit is in state of activation, then judges:
Whether the described detecting unit of storage in advance comprises described current database is operated pairing database manipulation template, if then described current database is operating as legal operation; If not, then described current database is operating as illegally, sends warning message.
10. database manipulation authority detection system according to claim 9 is characterized in that, in the described authority judge module, if described detecting unit is in learning state, then:
Determine database manipulation templates all in the described detecting unit, judge whether the quantity of database manipulation template in the described detecting unit surpasses predetermined threshold:
If then the state with described detecting unit switches to short-circuit condition, determine that described current database is operating as legal operation;
If not, whether the time of then judging learning state exceeds the schedule time or whether the operation template fission of learning is not upgraded for a long time:
If then the state with described detecting unit switches to state of activation, be in the detection that state of activation is carried out operating right according to described detecting unit;
If not, the corresponding database manipulation template of described current database operation is added in the described detecting unit; Simultaneously, determine that described current database is operating as legal operation.
11. according to each described database manipulation authority detection system in the claim 7 to 10, it is characterized in that, in the described extraction module,
Described database manipulation summary is that database manipulation type and database object are formed the right ordered set of meaning guest; Wherein, described database manipulation type list shows the mode of database manipulation; Described database object table is shown an entity in the database.
12. database manipulation authority detection system according to claim 11, it is characterized in that, in the described extraction module, described database manipulation summary obtains by database journal in the following way as resolving foundation, based on context, SQL statement is resolved to the database manipulation template,, obtain the database manipulation summary according to described database manipulation template.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100951094A CN102184371B (en) | 2011-04-15 | 2011-04-15 | Detecting method and system for database operation authority of SQL (Structured Query Language) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100951094A CN102184371B (en) | 2011-04-15 | 2011-04-15 | Detecting method and system for database operation authority of SQL (Structured Query Language) |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102184371A true CN102184371A (en) | 2011-09-14 |
| CN102184371B CN102184371B (en) | 2013-03-20 |
Family
ID=44570546
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100951094A Expired - Fee Related CN102184371B (en) | 2011-04-15 | 2011-04-15 | Detecting method and system for database operation authority of SQL (Structured Query Language) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102184371B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104484621A (en) * | 2014-12-31 | 2015-04-01 | 中博信息技术研究院有限公司 | Data authority control method based on SQL (Structured Query Language) |
| CN105844176A (en) * | 2016-03-23 | 2016-08-10 | 上海上讯信息技术股份有限公司 | Security strategy generation method and equipment |
| CN105868591A (en) * | 2016-03-23 | 2016-08-17 | 上海上讯信息技术股份有限公司 | User identification method and equipment |
| CN105893376A (en) * | 2014-12-05 | 2016-08-24 | 广西大学 | Database access supervision method |
| CN109766686A (en) * | 2018-04-25 | 2019-05-17 | 新华三大数据技术有限公司 | Rights management |
| CN114491649A (en) * | 2022-04-07 | 2022-05-13 | 北京安华金和科技有限公司 | Database filing access control method and system |
| CN115795444A (en) * | 2023-01-31 | 2023-03-14 | 北京微步在线科技有限公司 | Detection method and device for MSSQL backdoor |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101196926A (en) * | 2007-12-29 | 2008-06-11 | 中国建设银行股份有限公司 | Database access platform and access method thereof |
| US7437352B2 (en) * | 2004-09-24 | 2008-10-14 | International Business Machines Corporation | Data plotting extension for structured query language |
| CN101609493A (en) * | 2009-07-21 | 2009-12-23 | 国网电力科学研究院 | A kind of database SQL infusion protecting method based on self study |
| CN101788992A (en) * | 2009-05-06 | 2010-07-28 | 厦门东南融通系统工程有限公司 | Method and system for converting query sentence of database |
-
2011
- 2011-04-15 CN CN2011100951094A patent/CN102184371B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7437352B2 (en) * | 2004-09-24 | 2008-10-14 | International Business Machines Corporation | Data plotting extension for structured query language |
| CN101196926A (en) * | 2007-12-29 | 2008-06-11 | 中国建设银行股份有限公司 | Database access platform and access method thereof |
| CN101788992A (en) * | 2009-05-06 | 2010-07-28 | 厦门东南融通系统工程有限公司 | Method and system for converting query sentence of database |
| CN101609493A (en) * | 2009-07-21 | 2009-12-23 | 国网电力科学研究院 | A kind of database SQL infusion protecting method based on self study |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105893376A (en) * | 2014-12-05 | 2016-08-24 | 广西大学 | Database access supervision method |
| CN104484621A (en) * | 2014-12-31 | 2015-04-01 | 中博信息技术研究院有限公司 | Data authority control method based on SQL (Structured Query Language) |
| CN104484621B (en) * | 2014-12-31 | 2017-09-29 | 中博信息技术研究院有限公司 | Data permission control method based on SQL |
| CN105844176A (en) * | 2016-03-23 | 2016-08-10 | 上海上讯信息技术股份有限公司 | Security strategy generation method and equipment |
| CN105868591A (en) * | 2016-03-23 | 2016-08-17 | 上海上讯信息技术股份有限公司 | User identification method and equipment |
| CN109766686A (en) * | 2018-04-25 | 2019-05-17 | 新华三大数据技术有限公司 | Rights management |
| CN114491649A (en) * | 2022-04-07 | 2022-05-13 | 北京安华金和科技有限公司 | Database filing access control method and system |
| CN115795444A (en) * | 2023-01-31 | 2023-03-14 | 北京微步在线科技有限公司 | Detection method and device for MSSQL backdoor |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102184371B (en) | 2013-03-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102184371B (en) | Detecting method and system for database operation authority of SQL (Structured Query Language) | |
| US20120284790A1 (en) | Live service anomaly detection system for providing cyber protection for the electric grid | |
| CN112765245A (en) | Electronic government affair big data processing platform | |
| CN106778253A (en) | Threat context aware information security Initiative Defense model based on big data | |
| Sikos | AI in digital forensics: Ontology engineering for cybercrime investigations | |
| KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
| CN104767757A (en) | Multiple-dimension security monitoring method and system based on WEB services | |
| CN103763124A (en) | Internet user behavior analyzing and early-warning system and method | |
| CN103413083A (en) | Security defending system for single host | |
| CN104168459A (en) | Remote monitoring system | |
| CN106779485B (en) | SOA architecture-based comprehensive management system and data processing method | |
| CN112598368A (en) | Sewage treatment online supervision platform | |
| CN103369486A (en) | System and method for preventing fraud SMS (Short message Service) message | |
| CN111274276A (en) | Operation auditing method and device, electronic equipment and computer-readable storage medium | |
| CN112036995A (en) | Large-scale enterprise financial data management method and system based on block chain and readable storage medium | |
| CN113032793A (en) | Intelligent reinforcement system and method for data security | |
| CN111782481B (en) | Universal data interface monitoring system and monitoring method | |
| CN110826094A (en) | Information leakage monitoring method and device | |
| CN112714118B (en) | Network traffic detection method and device | |
| CN112149112A (en) | Enterprise information security management method based on authority separation | |
| CN110378120A (en) | Application programming interfaces attack detection method, device and readable storage medium storing program for executing | |
| KR101973728B1 (en) | Integration security anomaly symptom monitoring system | |
| KR20120007841A (en) | System for prenventing inner users from leaking the personal information by returnning results and the detection of anomaly pattern | |
| CN113852641A (en) | Network attack tracing system, method and equipment based on graph database | |
| CN106897619A (en) | Mobile terminal from malicious software cognitive method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Detecting method and system for database operation authority of SQL (Structured Query Language) Effective date of registration: 20140807 Granted publication date: 20130320 Pledgee: Haidian Beijing science and technology enterprise financing Company limited by guarantee Pledgor: Captech Information Auditing System Technology (Beijing) Co., Ltd. Registration number: 2014990000640 |
|
| PLDC | Enforcement, change and cancellation of contracts on pledge of patent right or utility model | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20150928 Granted publication date: 20130320 Pledgee: Haidian Beijing science and technology enterprise financing Company limited by guarantee Pledgor: Captech Information Auditing System Technology (Beijing) Co., Ltd. Registration number: 2014990000640 |
|
| PLDC | Enforcement, change and cancellation of contracts on pledge of patent right or utility model | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130320 Termination date: 20160415 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |