CN102622548A - Detection method for database covert channel - Google Patents
Detection method for database covert channel Download PDFInfo
- Publication number
- CN102622548A CN102622548A CN2012100725098A CN201210072509A CN102622548A CN 102622548 A CN102622548 A CN 102622548A CN 2012100725098 A CN2012100725098 A CN 2012100725098A CN 201210072509 A CN201210072509 A CN 201210072509A CN 102622548 A CN102622548 A CN 102622548A
- Authority
- CN
- China
- Prior art keywords
- main body
- database
- communication channel
- private communication
- signal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a detection method for a database covert channel. The method comprises the following steps of: firstly, establishing a database covert channel scene, which comprises corresponding database operation of sending signals 0 and 1 by a high safety level main body and receiving the signals 0 and 1 by a low safety level main body; secondly, performing database covert channel detection configuration; thirdly, according to the database covert channel scene, sending the signal 0 by the high safety level main body and receiving the signal 0 by the low safety level main body; sending the signal 1 by the high safety level main body and receiving the signal 1 by the low safety level main body; and determining that the database covert channel which can be realized by the scene exists when the high safety level main body can successfully send the signals 0 and 1 and the low safety level main body can simultaneously receive the signals 0 and 1, otherwise, determining that the database covert channel which can be realized by the scene does not exist. The detection method for the database covert channel is low in implement cost, and can be used for detecting the database covert channel caused by system defect.
Description
Technical field
The present invention relates to the analytical technology of private communication channel, particularly the sign of database private communication channel and detection method.
Background technology
To the demanding system of confidentiality (for example financial sector or military system), (such as top secret, secret is maintained secrecy, and is open) that the confidentiality of data is normally multi-level.Realize forcing the During Multilevel Secure Database management system of access control to realize this demand.In this system, each main body and data object are designated as the different security rank, and regulation low level security main body can not be visited the data of high safe level main body.But high safe level main body and low level security main body can be arranged a kind of coded system, utilize private communication channel to come illegal transmission information, thus the confidentiality of the system of threat.Safety assessment standard both domestic and external all requires the safety database product of high level of security to need private communication channel is analyzed.For example " information security technology data base management system (DBMS) safety assessment criterion " (GB/T 20009-2005) clearly stipulates: the fourth stage and above database product, must carry out covert channel analysis.
The sign of private communication channel is the core technology of covert channel analysis, is the prerequisite of channel metrics and disposal.The private communication channel identification method identifies potential private communication channel as far as possible up hill and dale through the source code or the formal top-level specification of analytic system, for its structure reasonably uses scene, confirms whether it really is utilized on this basis.Present existing identification method has syntactic information flow analysis method, semantic information flow analysis method, shared resource matrices method, noiseless analytic approach etc.Limitation below above-mentioned analytical approach exists.At first, the cost of exhaustive analysis formal top-level specification or source code is very big.Formal top-level specification often is not easy to obtain, and it is very big that source code is carried out the analytical work amount, and can produce a large amount of puppets illegally flows, and lacks automation tools.Therefore need the chronic of cost, for example utilize syntactic information flow analysis method to analyze the private communication channel of Secure Xenix system, need the time of cost two man-years.Secondly, the private communication channel that the private communication channel identification method brings in can only the tag system design, and some private communication channel utilization is the defective on system realizes, just can embody when moving in system.Once more, identification method can not be general in real system.Need sign again for different systems.
Summary of the invention
The technical matters that the present invention will solve is: proposed a kind of method that can carry out fast detecting to the database private communication channel, can the discovery system realize the database private communication channel that defective causes.
The present invention includes following steps:
1) sets up database private communication channel scene
The low level security main body that the database private communication channel comprises the database shared resource, can revise the high safe level main body of shared resource and can observe shared resource change, the safety label of the safety label domination low level security main body of said high safe level main body; Said database is for realizing forcing the database of access control.Set up following database private communication channel scene.
Send signal 0: high safe level main body is created an object and is licensed to the low level security main body to the access rights of this object;
Send signal 1: high safe level main body is deleted above-mentioned object;
Receive signal 0: the object of the high safe level main body of low level security principal access, the system of observing can't carry out safety inspection;
Receive signal 1: the object of the high safe level main body of low level security principal access observes object and does not exist.
2) carry out the database private communication channel and detect configuration
(1) configuration type of database to be detected;
(2) link information in configuration data to be tested storehouse;
(3) with system manager's identity login detected data storehouse; Create two main bodys; And compose the authority of giving the authority in these two principal access detected data storehouses and in this database, creating object, with tag control person's identity login detected data storehouse, create two safety labels then; One of them another safety label of safety label domination is composed two main bodys to new establishment to these two safety labels respectively.
3) login database to be detected with the identity of high safe level main body and the identity of low level security main body respectively.
4) high safe level main body is created an object and is licensed to the low level security main body to the access rights of this object, sends signal 0, and this object of low level security principal access when the system of observing can't carry out safety inspection, receives signal 0; This object of high safe level main body deletion sends signal 1, and low level security principal access object when observing object when not existing, receives signal 1.
5) if high safe level main body can successfully be sent signal 0 and signal 1 in the step 4); The low level security main body can successfully receive signal 0 and signal 1 simultaneously; The database private communication channel that then exists available this scene to realize, otherwise the database private communication channel that does not exist available this scene to realize.
Object according to the invention can be table.
Compare with prior art, the present invention has following advantage:
1. it is little to implement cost.Do not need data base management system (DBMS) to be detected that formal top-level specification or source code are provided based on database private communication channel detection method of the present invention, only need the service data base management system, can detect.The personnel that carry out the private communication channel detection need not have relevant professional knowledge, need not carry out formalization analysis to the data base management system, only need the operation detection system, can check testing result easily.
2. can find owing to realize the private communication channel that defective causes.The realization of Database Systems is not inconsistent with formal top-level specification sometimes, utilizes the formalization standard to carry out covert channel analysis, can can't find owing to realize the private communication channel that defective causes.Based on database private communication channel detection method of the present invention; Need the real-time running data base management system; Receiving unit is through the input sql command, and therefore the real operating result that the observed data base management system returns can be found owing to realize the private communication channel that defective causes.
3. has versatility.The database private communication channel scene utilization of setting up based on database private communication channel detection method of the present invention be shared resource common in the Database Systems; Comprise table; View; Major key constraints etc., existing realization force the database of access function all to realize above-mentioned mechanism, so this method has versatility.
Description of drawings
Fig. 1 database private communication channel detection system structural drawing
Fig. 2 database particular type private communication channel testing process figure
Embodiment
As shown in Figure 1, database private communication channel detection system comprises database private communication channel scene library, configuration component, sending assembly and receiving unit.
Database private communication channel scene library comprises a plurality of database private communication channel scenes, and each database private communication channel scene comprises sending assembly perform statement and receiving unit perform statement.The sending assembly perform statement comprises high safe level main body initialization context, and high safe level main body is sent signal 0, and high safe level main body is sent signal 1.The receiving unit perform statement comprises that low level security main body initialization context, low level security main body receive signal 0, the low level security main body receives signal 1, low level security main body recovery environment.
Database private communication channel detection configuration is carried out in acting as of configuration component.1) configuration needs type of database that detects and the database private communication channel scene that needs to detect.2) link information in configuration data to be tested storehouse comprises database name, IP address and port numbers.3) create high safe level main body and low level security main body.With system manager's identity login detected data storehouse; Create two main bodys; And compose the authority of giving the authority in these two principal access detected data storehouses and in this database, creating object, with tag control person's identity login detected data storehouse, create two safety labels then; One of them another safety label of safety label domination is composed two main bodys to new establishment to these two safety labels respectively.
Sending assembly goes to find in the private communication channel scene library corresponding database private communication channel scene according to data to be tested storehouse type and database private communication channel type.From database private communication channel scene, find the sending assembly perform statement.Receiving unit goes to find in the private communication channel scene library corresponding database private communication channel scene according to data to be tested storehouse type and database private communication channel type.From the private communication channel scene, find the receiving unit perform statement.
Sending assembly with high safe level subject identity login detected data storehouse, send signal 0 and send signal 1 through the shared resource of revising database.Receiving unit receives signal 0 and receives signal 1 through the change of observing shared resource with low level security subject identity login detected data storehouse.
The testing process of sending assembly and receiving unit is as shown in Figure 2:
A kind of method that detects the database private communication channel of particular type, its step comprises:
1) sending assembly and receiving unit initialization context
2) sending assembly sends signal 0
3) receiving unit receives signal 0
4) receiving unit recovers environment
5) sending assembly sends signal 1
6) receiving unit receives signal 1
7) as if step 1), 2), 3) and, 4), 5) and, 6) all run succeeded, then execution in step 8), otherwise jump to step 9)
8) there is the database private communication channel that realizes with the XX scene in output
9) there is not the database private communication channel that realizes with the XX scene in output
Experimental situation detects for homemade safety database BeyonDB being carried out the database private communication channel.Operation BeyonDB database is opened and is forced access function.Guaranteeing to carry out does not have other principal access BeyonDB database when private communication channel detects.
Provide below the BeyonDB database is carried out the complete step that private communication channel detects.
Step 1 is set up database private communication channel scene
Set up following database private communication channel scene 1:
Send signal 0: high safe level main body is created a table and is licensed to the low level security main body to the access rights of this table;
Send signal 1: high safe level main body is deleted above-mentioned table;
Receive signal 0: the table of the high safe level main body of low level security principal access, the system of observing can't carry out safety inspection;
Receive signal 1: the table of the high safe level main body of low level security principal access observes table and does not exist;
Set up following database private communication channel scene 2:
Initialization context: the low level security main body is created a table and is licensed to high safe level main body to the access rights of this table
Send signal 0: high safe level main body is inserted a major key in above-mentioned table be 1 record;
Send signal 1: high safe level main body is deleted above-mentioned record;
Receive signal 0: the low level security main body is inserted a major key in above-mentioned table be 1 record, observation insertion operation failure;
Receive signal 1: the low level security main body is inserted a major key in above-mentioned table be 1 record, and the observation insertion is operated successfully;
Set up following database private communication channel scene 3:
Initialization context: the low level security main body is created a table and is licensed to high safe level main body to the access rights of this table
Send signal 0: high safe level main body is created a view on above-mentioned table;
Send signal 1: high safe level main body is deleted above-mentioned view;
Receive signal 0: low level security main body limit deleting should be shown, the failure of observation deletion action;
Receive signal 1: low level security main body limit deleting should be shown, the success of observation deletion action; Step 2 is carried out the database private communication channel and is detected configuration
(1) configuration type of database to be detected is BeyonDB and database private communication channel scene to be detected, comprises database private communication channel scene 1, database private communication channel scene 2, database private communication channel scene 3.
(2) link information in configuration data to be tested storehouse, the IP address is localhost, and port is II7, and the database name is demodb.
(3) with system manager's identity login detected data storehouse; Create two main body A lice and Bob, and compose the authority of giving the authority of these two principal access demodb and in this database, creating object, then with tag control person's identity login detected data storehouse; Create two safety label High and Low; Wherein safety label High domination safety label Low composes safety label High to main body A lice, and safety label Low is composed to main body Bob; This moment, Alice was high safe level main body, and Bob is the low level security main body.
Step 3 is respectively with the identity of high safe level main body A lice and the identity login database to be detected of low level security main body Bob;
Step 4 is according to database private communication channel scene 1, according to shown in Figure 2
(1) Alice creates a table Table1 and licenses to Bob to the access rights of this table, sends signal 0,
Corresponding SQL statement is: create table Table1 (id int);
Grant?all?on?Table1?to?Bob;
(2) Bob access list Table1, the system of observing can't carry out safety inspection, receives signal 0;
Corresponding SQL statement is: select*from Alice.Table1
(3) Alice delete list Tablel sends signal 1,
Corresponding SQL statement is: drop table Table1
(4) Bob access list Table1 observes table and does not exist, and receives signal 1;
Corresponding SQL statement is: select*from Alice.Table1
Step 5, Alice successfully sends signal 0 and signal 1 in the step 4), and Bob successfully receives signal 0 and signal 1 simultaneously, has the database private communication channel of utilizing scene 1 to make up among the BeyonDB.
Step 6, according to database private communication channel scene 2,
(1) Bob creates a table Table2 and licenses to Alice to the access rights of this table, initialization context
Corresponding SQL statement is: Create Table Table2 (id int primary key);
Grant?all?on?Table2?to?Alice
(2) Alice major key of insertion in table Table2 is 1 record,
Corresponding SQL statement is: Insert into Table2values (1)
(3) Bob major key of insertion in table Table2 is 1 record, observes the insertion operation failure, receives signal 0;
Corresponding SQL statement is: Insert into Table2values (1)
(4) major key is 1 record among the Alice delete list Table2, sends signal 1, and corresponding SQL statement is: Delete from Table2where id=1
(5) Bob major key of insertion in table Table2 is 1 record, observes to insert and operates successfully, receives signal 0;
Corresponding SQL statement is: Insert into Table2values (1)
Step 7, Alice successfully sends signal 0 and signal 1 in the step 6), and Bob successfully receives signal 0 and signal 1 simultaneously, has the database private communication channel of utilizing scene 2 to make up among the BeyonDB.
Step 7, according to database private communication channel scene 3,
(1) Bob creates a table Table3 and licenses to Alice to the access rights of this table, initialization context
Corresponding SQL statement is: Create Table Table2 (id int primary key);
Grant?all?on?Table2?to?Alice
(2) Alice creates a view View1 on table Table3, sends signal 0 corresponding SQL statement to be: create view View1 as select*from Table2
(3) Bob limit deleting table Table3 observes the deletion action failure, receives signal 0; Corresponding SQL statement is: drop table Table3restrict
(4) the view View1 on the Alice delete list Table3 sends signal 1, and corresponding SQL statement is: drop view Viewl
(5) Bob limit deleting table Table3 observes the deletion action failure, does not receive signal 1;
Corresponding SQL statement is: drop table Table3 restrict
Step 8, Bob does not successfully receive signal 1 in the step 7), does not have the database private communication channel of utilizing scene 3 to make up among the BeyonDB.
Claims (2)
1. a database private communication channel detection method is characterized in that, comprises the steps:
1) sets up database private communication channel scene
The low level security main body that the database private communication channel comprises the database shared resource, can revise the high safe level main body of shared resource and can observe shared resource change, the safety label of the safety label domination low level security main body of said high safe level main body; Said database is for realizing forcing the database of access control; Set up following database private communication channel scene:
Send signal 0: high safe level main body is created an object and is licensed to the low level security main body to the access rights of this object;
Send signal 1: high safe level main body is deleted above-mentioned object;
Receive signal 0: the object of the high safe level main body of low level security principal access, the system of observing can't carry out safety inspection;
Receive signal 1: the object of the high safe level main body of low level security principal access observes object and does not exist;
2) carry out the database private communication channel and detect configuration
(1) configuration type of database to be detected;
(2) link information in configuration data to be tested storehouse;
(3) with system manager's identity login detected data storehouse; Create two main bodys; And compose the authority of giving the authority in these two principal access detected data storehouses and in this database, creating object, with tag control person's identity login detected data storehouse, create two safety labels then; One of them another safety label of safety label domination is composed two main bodys to new establishment to these two safety labels respectively;
3) login database to be detected with the identity of high safe level main body and the identity of low level security main body respectively;
4) high safe level main body is created an object and is licensed to the low level security main body to the access rights of this object, sends signal 0, and this object of low level security principal access when the system of observing can't carry out safety inspection, receives signal 0; This object of high safe level main body deletion sends signal 1, and low level security principal access object when observing object when not existing, receives signal 1;
5) if high safe level main body can successfully be sent signal 0 and signal 1 in the step 4); The low level security main body can successfully receive signal 0 and signal 1 simultaneously; The database private communication channel that then exists available this scene to realize, otherwise the database private communication channel that does not exist available this scene to realize.
2. database private communication channel detection method as claimed in claim 1 is characterized in that: said object is table.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100725098A CN102622548A (en) | 2012-03-19 | 2012-03-19 | Detection method for database covert channel |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100725098A CN102622548A (en) | 2012-03-19 | 2012-03-19 | Detection method for database covert channel |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102622548A true CN102622548A (en) | 2012-08-01 |
Family
ID=46562463
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012100725098A Pending CN102622548A (en) | 2012-03-19 | 2012-03-19 | Detection method for database covert channel |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102622548A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103577835A (en) * | 2013-08-02 | 2014-02-12 | 中国科学技术大学苏州研究院 | Method using multi-dimensional feature vectors to detect IP ID covert channel |
| CN104753617A (en) * | 2015-03-17 | 2015-07-01 | 中国科学技术大学苏州研究院 | Detection method of time-sequence type covert channel based on neural network |
-
2012
- 2012-03-19 CN CN2012100725098A patent/CN102622548A/en active Pending
Non-Patent Citations (5)
| Title |
|---|
| 宋剑: "《基于安全数据库信息传输的可信性研究》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 崔宾阁: "《推理通道和隐蔽通道的检测与消除》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 杨司祺: "《基于共享资源矩阵法的Linux内核隐蔽通道搜索研究》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 王保华等: "《安全数据库隐蔽通道的标识技术与实例分析》", 《计算机技术与发展》 * |
| 王永吉等: "隐蔽信道研究", 《软件学报》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103577835A (en) * | 2013-08-02 | 2014-02-12 | 中国科学技术大学苏州研究院 | Method using multi-dimensional feature vectors to detect IP ID covert channel |
| CN103577835B (en) * | 2013-08-02 | 2016-08-10 | 中国科学技术大学苏州研究院 | The method using the multidimensional characteristic vectors detection hidden channel of IP ID |
| CN104753617A (en) * | 2015-03-17 | 2015-07-01 | 中国科学技术大学苏州研究院 | Detection method of time-sequence type covert channel based on neural network |
| CN104753617B (en) * | 2015-03-17 | 2017-06-13 | 中国科学技术大学苏州研究院 | The hidden channel detection method of sequential type based on neutral net |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112738126A (en) | Attack tracing method based on threat intelligence and ATT & CK | |
| CN106789964B (en) | Cloud resource pool data security detection method and system | |
| CN104811447B (en) | One kind is based on the associated safety detection method of attack and system | |
| CN111274583A (en) | Big data computer network safety protection device and control method thereof | |
| CN112398860A (en) | Safety control method and device | |
| CN103294950A (en) | High-power secret information stealing malicious code detection method and system based on backward tracing | |
| CN103428196A (en) | URL white list-based WEB application intrusion detecting method and apparatus | |
| CN103795735A (en) | Safety device, server and server information safety achieving method | |
| CN105808353A (en) | Camera resource sharing method and device | |
| CN104025544A (en) | Sensitive information leakage prevention system, sensitive information leakage prevention method, and computer-readable recording medium | |
| CN109726601A (en) | The recognition methods of unlawful practice and device, storage medium, computer equipment | |
| CN105404580A (en) | Distributed pressure test system and method | |
| CN105487556A (en) | Flight control method and flight control device of unmanned aircraft | |
| CN103888480A (en) | Cloud monitoring based network information security identification method and cloud device | |
| CN113360475A (en) | Data operation and maintenance method, device and equipment based on intranet terminal and storage medium | |
| CN113065026A (en) | Intelligent abnormal event detection system, method and medium based on security micro-service architecture | |
| CN103902666A (en) | Configuration file collecting and monitoring method based on OGG database replication | |
| Pichan et al. | A logging model for enabling digital forensics in iot, in an inter-connected iot, cloud eco-systems | |
| CN103544449A (en) | Document circulation method and system based on hierarchical control | |
| CN112581129A (en) | Block chain transaction data management method and device, computer equipment and storage medium | |
| CN105187403A (en) | Network security testing method for software-defined network | |
| CN103685233B (en) | A kind of wooden horse monitoring method based on Windows kernel-driven | |
| CN102622548A (en) | Detection method for database covert channel | |
| CN105207831A (en) | Detection method and apparatus for operation event | |
| Binnar et al. | Cyber forensic case study of waste water treatment plant |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120801 |