CN102622548A - Detection method for database covert channel - Google Patents

Detection method for database covert channel Download PDF

Info

Publication number
CN102622548A
CN102622548A CN2012100725098A CN201210072509A CN102622548A CN 102622548 A CN102622548 A CN 102622548A CN 2012100725098 A CN2012100725098 A CN 2012100725098A CN 201210072509 A CN201210072509 A CN 201210072509A CN 102622548 A CN102622548 A CN 102622548A
Authority
CN
China
Prior art keywords
database
signal
main body
security
covert channel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2012100725098A
Other languages
Chinese (zh)
Inventor
田雪
徐震
陈驰
李乃山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN2012100725098A priority Critical patent/CN102622548A/en
Publication of CN102622548A publication Critical patent/CN102622548A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明公开了一种数据库隐蔽信道检测方法,其步骤为:首先建立数据库隐蔽信道场景,包括高安全级主体发送信号0和发送信号1对应的数据库操作以及低安全级主体接收信号0和接收信号1对应的数据库操作。其次进行数据库隐蔽信道检测配置。然后按照数据库隐蔽信道场景,高安全级主体发送信号0,低安全级主体接收信号0;高安全级主体发送信号1,低安全级主体接收信号1。若高安全级主体能成功发送信号0和信号1,同时低安全级主体能成功接收信号0和信号1,则存在可用该场景实现的数据库隐蔽信道,否则不存在可用该场景实现的数据库隐蔽信道。本发明实施代价小,能够检测由于系统缺陷引起的数据库隐蔽信道。

Figure 201210072509

The invention discloses a database covert channel detection method, the steps of which are as follows: firstly establish a database covert channel scene, including the database operation corresponding to the high security level subject sending signal 0 and sending signal 1 and the low security level subject receiving signal 0 and receiving signal 1 corresponding to the database operation. Next, configure the database covert channel detection. Then according to the database covert channel scenario, the high-security-level subject sends signal 0, and the low-security-level subject receives signal 0; the high-security-level subject sends signal 1, and the low-security-level subject receives signal 1. If the subject with high security level can successfully send signal 0 and signal 1, and the subject with low security level can successfully receive signal 0 and signal 1, then there is a database covert channel that can be implemented in this scenario, otherwise there is no database covert channel that can be implemented in this scenario . The invention has low implementation cost and can detect the hidden channel of the database caused by the system defect.

Figure 201210072509

Description

一种数据库隐蔽信道检测方法A Database Covert Channel Detection Method

技术领域 technical field

本发明涉及隐蔽信道的分析技术,特别涉及数据库隐蔽信道的标识与检测方法。The invention relates to the analysis technology of the covert channel, in particular to the identification and detection method of the covert channel of the database.

背景技术 Background technique

对机密性要求高的系统(例如金融系统或者军事系统),数据的机密性通常是多层次的(比如绝密,机密,保密,公开)。实现强制访问控制的多级安全数据库管理系统实现了此需求。该系统中,每个主体和数据对象被指定为不同的安全级别,并规定低安全级主体不能访问高安全级主体的数据。但是高安全级主体与低安全级主体可约定一种编码方式,利用隐蔽信道来非法的传递信息,从而威胁系统的机密性。国内外的安全评估标准均要求高安全级别的安全数据库产品需对隐蔽信道进行分析。例如《信息安全技术数据库管理系统安全评估准则》(GB/T 20009-2005)明确规定:第四级及以上的数据库产品,必须要进行隐蔽信道分析。For systems with high confidentiality requirements (such as financial systems or military systems), the confidentiality of data is usually multi-level (such as top secret, secret, secret, public). A multi-level secure database management system that implements mandatory access controls fulfills this need. In this system, each subject and data object is assigned a different security level, and it is stipulated that a subject with a low security level cannot access the data of a subject with a high security level. However, subjects with high security level and subjects with low security level can agree on a coding method, and use covert channels to transmit information illegally, thereby threatening the confidentiality of the system. Security assessment standards both at home and abroad require high-level security database products to analyze covert channels. For example, the "Information Security Technology Database Management System Security Evaluation Criteria" (GB/T 20009-2005) clearly stipulates that database products of level 4 and above must conduct covert channel analysis.

隐蔽信道的标识是隐蔽信道分析的核心技术,是信道度量和处置的前提。隐蔽信道标识方法通过分析系统的源代码或者形式化顶层规范,尽可能彻底地标识出潜在隐蔽信道,在此基础上为其构造合理的使用场景,确认其是否真正被利用。目前已有的标识方法有语法信息流分析法,语义信息流分析法,共享资源矩阵法,无干扰分析法等。上述分析方法存在以下的局限性。首先,彻底分析形式化顶层规范或源代码的代价很大。形式化顶层规范往往不容易获得,而对源代码进行分析工作量很大,会产生大量伪非法流,且缺乏自动化工具。因此需要花费的时间很长,例如利用语法信息流分析法来分析Secure Xenix系统的隐蔽信道,需要花费两人年的时间。其次,隐蔽信道标识方法只能标识系统设计中带来的隐蔽信道,而有些隐蔽信道利用的是系统实现上的缺陷,在系统运行时才能体现出来。再次,标识方法不能在实际系统中通用。对于不同的系统需要重新标识。Covert channel identification is the core technology of covert channel analysis and the premise of channel measurement and processing. The covert channel identification method identifies potential covert channels as thoroughly as possible by analyzing the source code of the system or formalizing the top-level specification. On this basis, it constructs a reasonable usage scenario for it and confirms whether it is really used. At present, the existing identification methods include syntax information flow analysis method, semantic information flow analysis method, shared resource matrix method, non-interference analysis method and so on. The above analysis method has the following limitations. First, it is expensive to thoroughly analyze the formalized top-level specification or source code. Formal top-level specifications are often not easy to obtain, and the analysis of the source code is a lot of work, which will generate a lot of pseudo-illegal flows, and there is a lack of automated tools. Therefore, it takes a long time. For example, using syntax information flow analysis to analyze the covert channel of the Secure Xenix system takes two people and two years. Secondly, the covert channel identification method can only identify the covert channels brought by the system design, and some covert channels use the defects in the system implementation, which can be reflected when the system is running. Again, the identification method cannot be used universally in the actual system. Re-identification is required for different systems.

发明内容 Contents of the invention

本发明要解决的技术问题是:提出了一种可以对数据库隐蔽信道进行快速检测的方法,可以发现系统实现缺陷引起的数据库隐蔽信道。The technical problem to be solved by the present invention is: a method for quickly detecting the database covert channel is proposed, and the database covert channel caused by the system implementation defect can be found.

本发明包括如下步骤:The present invention comprises the steps:

1)建立数据库隐蔽信道场景1) Create a database covert channel scenario

数据库隐蔽信道包括数据库共享资源、能够修改共享资源的高安全级主体和能够观测共享资源变化的低安全级主体,所述高安全级主体的安全标签支配低安全级主体的安全标签;所述数据库为实现强制访问控制的数据库。建立如下数据库隐蔽信道场景。The database covert channel includes database shared resources, a high-security-level subject capable of modifying shared resources, and a low-security-level subject capable of observing changes in shared resources, and the security label of the high-security-level subject dominates the security label of the low-security-level subject; the database A database for implementing mandatory access control. Create the following database covert channel scenario.

发送信号0:高安全级主体创建一个客体并把该客体的访问权限授权给低安全级主体;Send signal 0: The high security level subject creates an object and authorizes the access permission of the object to the low security level subject;

发送信号1:高安全级主体删除上述客体;Send signal 1: The high security level subject deletes the above object;

接收信号0:低安全级主体访问高安全级主体的客体,观测到系统无法进行安全检查;Received signal 0: The subject with a low security level accesses the object of a subject with a high security level, and observes that the system cannot perform security checks;

接收信号1:低安全级主体访问高安全级主体的客体,观测到客体不存在。Received signal 1: The low-security-level subject accesses the object of the high-security-level subject, and observes that the object does not exist.

2)进行数据库隐蔽信道检测配置2) Perform database covert channel detection configuration

(1)配置待检测的数据库类型;(1) Configure the database type to be detected;

(2)配置待检测数据库的连接信息;(2) configure the connection information of the database to be detected;

(3)以系统管理员身份登录被检测数据库,创建两个主体,并赋给这两个主体访问被检测数据库的权限以及在该数据库中创建客体的权限,然后以标签管理员身份登录被检测数据库,创建两个安全标签,其中一个安全标签支配另一个安全标签,把这两个安全标签分别赋给新创建的两个主体。(3) Log in to the detected database as a system administrator, create two subjects, and grant these two subjects the authority to access the detected database and the authority to create objects in the database, and then log in to the detected database as a label administrator In the database, create two security labels, one of which dominates the other security label, and assign these two security labels to the two newly created subjects respectively.

3)分别以高安全级主体的身份和低安全级主体的身份登录待检测的数据库。3) Log in to the database to be detected as a subject with a high security level and a subject with a low security level respectively.

4)高安全级主体创建一个客体并把该客体的访问权限授权给低安全级主体,发送信号0,低安全级主体访问该客体,当观测到系统无法进行安全检查时,接收信号0;高安全级主体删除该客体,发送信号1,低安全级主体访问客体,当观测到客体不存在时,接收信号1。4) The high security level subject creates an object and authorizes the access authority of the object to the low security level subject, sends a signal 0, the low security level subject accesses the object, and receives the signal 0 when it observes that the system cannot perform security check; The security-level subject deletes the object and sends signal 1, and the low-security-level subject accesses the object, and receives signal 1 when it observes that the object does not exist.

5)若步骤4)中高安全级主体能成功发送信号0和信号1,同时低安全级主体能成功接收信号0和信号1,则存在可用该场景实现的数据库隐蔽信道,否则不存在可用该场景实现的数据库隐蔽信道。5) If the subject with high security level in step 4) can successfully send signal 0 and signal 1, and at the same time, the subject with low security level can successfully receive signal 0 and signal 1, then there is a database covert channel that can be realized by this scenario, otherwise there is no such scenario that can be used Implemented database covert channel.

本发明所述客体可以为表。The object described in the present invention may be a table.

和现有技术相比,本发明具有如下优势:Compared with the prior art, the present invention has the following advantages:

1.实施代价小。基于本发明的数据库隐蔽信道检测方法不需要被检测的数据库管理系统提供形式化顶层规范或者源代码,只需运行数据库管理系统,即可进行检测。进行隐蔽信道检测的人员不需要具有相关的专业知识,不需要对数据库管理系统进行形式化分析,只需运行检测系统,即可方便地查看检测结果。1. The implementation cost is small. The database covert channel detection method based on the present invention does not require the database management system to be detected to provide formalized top-level specifications or source codes, and only needs to run the database management system to perform detection. Those who conduct covert channel detection do not need to have relevant professional knowledge, and do not need to conduct formal analysis on the database management system. They only need to run the detection system to view the detection results conveniently.

2.可发现由于实现缺陷引起的隐蔽信道。数据库系统的实现有时会和形式化顶层规范不符,利用形式化规范进行隐蔽信道分析,会无法发现由于实现缺陷引起的隐蔽信道。基于本发明的数据库隐蔽信道检测方法,需要实时运行数据库管理系统,接收组件通过输入SQL命令,观察数据库管理系统返回的真实的操作结果,因此可发现由于实现缺陷引起的隐蔽信道。2. Covert channels caused by implementation defects can be discovered. The implementation of the database system sometimes does not conform to the formal top-level specification. Using the formal specification to analyze the covert channel will fail to find the covert channel caused by the implementation defect. Based on the database covert channel detection method of the present invention, it is necessary to run the database management system in real time, and the receiving component can observe the real operation results returned by the database management system by inputting SQL commands, so that covert channels caused by implementation defects can be found.

3.具有通用性。基于本发明的数据库隐蔽信道检测方法建立的数据库隐蔽信道场景利用的是数据库系统中常见的共享资源,包括表,视图,主键约束等,现有的实现强制访问功能的数据库都实现了上述机制,因此该方法具有通用性。3. It is versatile. The database covert channel scenario established based on the database covert channel detection method of the present invention utilizes common shared resources in the database system, including tables, views, and primary key constraints. Therefore, the method is general.

附图说明 Description of drawings

图1数据库隐蔽信道检测系统结构图Figure 1 Database covert channel detection system structure diagram

图2数据库特定类型隐蔽信道检测流程图Figure 2 Flowchart of database-specific covert channel detection

具体实施方式 Detailed ways

如图1所示,数据库隐蔽信道检测系统包括数据库隐蔽信道场景库、配置组件、发送组件和接收组件。As shown in Figure 1, the database covert channel detection system includes a database covert channel scene library, a configuration component, a sending component and a receiving component.

数据库隐蔽信道场景库包含多个数据库隐蔽信道场景,每一个数据库隐蔽信道场景包括发送组件执行语句和接收组件执行语句。发送组件执行语句包括高安全级主体初始化环境,高安全级主体发送信号0,高安全级主体发送信号1。接收组件执行语句包括低安全级主体初始化环境、低安全级主体接收信号0、低安全级主体接收信号1、低安全级主体恢复环境。The database covert channel scenario library contains multiple database covert channel scenarios, and each database covert channel scenario includes a sending component execution statement and a receiving component execution statement. The execution statement of the sending component includes the initialization environment of the high-security-level subject, the high-security-level subject sends signal 0, and the high-security-level subject sends signal 1. The execution statement of the receiving component includes the initialization environment of the low security level subject, the reception signal 0 of the low security level subject, the reception signal 1 of the low security level subject, and the restoration environment of the low security level subject.

配置组件的作用为进行数据库隐蔽信道检测配置。1)配置需检测的数据库类型和需检测的数据库隐蔽信道场景。2)配置待检测数据库的连接信息,包括数据库名,IP地址和端口号。3)创建高安全级主体和低安全级主体。以系统管理员身份登录被检测数据库,创建两个主体,并赋给这两个主体访问被检测数据库的权限以及在该数据库中创建客体的权限,然后以标签管理员身份登录被检测数据库,创建两个安全标签,其中一个安全标签支配另一个安全标签,把这两个安全标签分别赋给新创建的两个主体。The role of the configuration component is to configure the database covert channel detection. 1) Configure the database type to be detected and the database covert channel scenario to be detected. 2) Configure the connection information of the database to be detected, including database name, IP address and port number. 3) Create a high security level subject and a low security level subject. Log in to the detected database as a system administrator, create two subjects, and grant these two subjects the authority to access the detected database and the authority to create objects in the database, then log in to the detected database as a label administrator, create Two security labels, one of which dominates the other security label, are assigned to the two newly created principals respectively.

发送组件根据待检测数据库类型和数据库隐蔽信道类型,去隐蔽信道场景库中找到对应的数据库隐蔽信道场景。从数据库隐蔽信道场景中找到发送组件执行语句。接收组件根据待检测数据库类型和数据库隐蔽信道类型,去隐蔽信道场景库中找到对应的数据库隐蔽信道场景。从隐蔽信道场景中找到接收组件执行语句。The sending component finds the corresponding database covert channel scene in the covert channel scene library according to the database type to be detected and the database covert channel type. Find the sending component execution statement from the database covert channel scenario. The receiving component finds the corresponding database covert channel scene in the covert channel scene library according to the type of the database to be detected and the type of the covert channel of the database. Find the receiving component execution statement from the covert channel scenario.

发送组件的以高安全级主体身份登录被检测数据库,通过修改数据库的共享资源来发送信号0和发送信号1。接收组件以低安全级主体身份登录被检测数据库,通过观测共享资源的改变来接收信号0和接收信号1。The sending component logs in to the detected database as a subject with a high security level, and sends signal 0 and signal 1 by modifying the shared resources of the database. The receiving component logs into the detected database as a subject with a low security level, and receives signal 0 and signal 1 by observing changes in shared resources.

发送组件和接收组件的检测流程如图2所示:The detection process of the sending component and receiving component is shown in Figure 2:

一种检测特定类型的数据库隐蔽信道的方法,其步骤包括:A method for detecting a specific type of database covert channel, the steps comprising:

1)发送组件和接收组件初始化环境1) Sending component and receiving component initialize the environment

2)发送组件发送信号02) Send component sends signal 0

3)接收组件接收信号03) The receiving component receives signal 0

4)接收组件恢复环境4) The receiving component restores the environment

5)发送组件发送信号15) The sending component sends signal 1

6)接收组件接收信号16) The receiving component receives signal 1

7)若步骤1),2),3),4),5),6)都执行成功,则执行步骤8),否则跳转到步骤9)7) If steps 1), 2), 3), 4), 5), and 6) are all executed successfully, then execute step 8), otherwise jump to step 9)

8)输出存在用XX场景实现的数据库隐蔽信道8) The output has a database covert channel implemented with XX scene

9)输出不存在用XX场景实现的数据库隐蔽信道9) The output does not exist the database covert channel realized with XX scene

实验环境为对国产安全数据库BeyonDB进行数据库隐蔽信道检测。运行BeyonDB数据库,开启强制访问功能。确保进行隐蔽信道检测时没有其他主体访问BeyonDB数据库。The experimental environment is to perform database covert channel detection on the domestic security database BeyonDB. Run the BeyondDB database and enable the mandatory access function. Make sure that no other principal accesses the BeyondDB database while performing covert channel detection.

下面给出对BeyonDB数据库进行隐蔽信道检测的完整步骤。The complete steps for covert channel detection on the BeyondDB database are given below.

步骤1,建立数据库隐蔽信道场景Step 1. Create a database covert channel scenario

建立如下数据库隐蔽信道场景1:Create the following database covert channel scenario 1:

发送信号0:高安全级主体创建一个表并把该表的访问权限授权给低安全级主体;Send signal 0: the high security level subject creates a table and authorizes the access permission of the table to the low security level subject;

发送信号1:高安全级主体删除上述表;Send signal 1: the high security level subject deletes the above table;

接收信号0:低安全级主体访问高安全级主体的表,观测到系统无法进行安全检查;Received signal 0: A subject with a low security level accesses the table of a subject with a high security level, and observes that the system cannot perform security checks;

接收信号1:低安全级主体访问高安全级主体的表,观测到表不存在;Receive signal 1: The low-security-level subject accesses the table of the high-security-level subject, and observes that the table does not exist;

建立如下数据库隐蔽信道场景2:Create the following database covert channel scenario 2:

初始化环境:低安全级主体创建一个表并把该表的访问权限授权给高安全级主体Initialization environment: the low security level subject creates a table and authorizes the access permission of the table to the high security level subject

发送信号0:高安全级主体向上述表中插入一条主键为1的记录;Send signal 0: the high security level subject inserts a record with primary key 1 into the above table;

发送信号1:高安全级主体删除上述记录;Send signal 1: The high security level subject deletes the above records;

接收信号0:低安全级主体向上述表中插入一条主键为1的记录,观测插入操作失败;Receive signal 0: The low security level subject inserts a record with primary key 1 into the above table, and observes that the insert operation fails;

接收信号1:低安全级主体向上述表中插入一条主键为1的记录,观测插入操作成功;Receive signal 1: The low security level subject inserts a record with primary key 1 into the above table, and observes that the insert operation is successful;

建立如下数据库隐蔽信道场景3:Create the following database covert channel scenario 3:

初始化环境:低安全级主体创建一个表并把该表的访问权限授权给高安全级主体Initialization environment: the low security level subject creates a table and authorizes the access permission of the table to the high security level subject

发送信号0:高安全级主体在上述表上创建一个视图;Send signal 0: the high security level principal creates a view on the above table;

发送信号1:高安全级主体删除上述视图;Send signal 1: the high security level subject deletes the above view;

接收信号0:低安全级主体限制删除该表,观测删除操作失败;Receiving signal 0: The low security level subject restricts deletion of the table, and observes that the deletion operation fails;

接收信号1:低安全级主体限制删除该表,观测删除操作成功;步骤2,进行数据库隐蔽信道检测配置Receive signal 1: The subject with low security level restricts deletion of the table, and observes that the deletion operation is successful; Step 2, perform database covert channel detection configuration

(1)配置待检测的数据库类型为BeyonDB和待检测的数据库隐蔽信道场景,包括数据库隐蔽信道场景1、数据库隐蔽信道场景2、数据库隐蔽信道场景3。(1) Configure the database type to be detected as BeyondDB and the database covert channel scenario to be detected, including database covert channel scenario 1, database covert channel scenario 2, and database covert channel scenario 3.

(2)配置待检测数据库的连接信息,IP地址为localhost,端口为II7,数据库名字为demodb。(2) Configure the connection information of the database to be tested, the IP address is localhost, the port is II7, and the database name is demodb.

(3)以系统管理员身份登录被检测数据库,创建两个主体Alice和Bob,并赋给这两个主体访问demodb的权限以及在该数据库中创建客体的权限,然后以标签管理员身份登录被检测数据库,创建两个安全标签High和Low,其中安全标签High支配安全标签Low,将安全标签High赋给主体Alice,将安全标签Low赋给主体Bob,此时Alice为高安全级主体,Bob为低安全级主体。(3) Log in to the detected database as a system administrator, create two subjects Alice and Bob, and grant these two subjects the authority to access demodb and the authority to create objects in the database, and then log in to the detected database as a label administrator Detect the database, create two security labels High and Low, where the security label High dominates the security label Low, assign the security label High to the subject Alice, and assign the security label Low to the subject Bob, at this time Alice is a subject with a high security level, and Bob is Low security level subjects.

步骤3,分别以高安全级主体Alice的身份和低安全级主体Bob的身份登录待检测的数据库;Step 3: Log in to the database to be detected with the identity of high security level subject Alice and the identity of low security level subject Bob;

步骤4,根据数据库隐蔽信道场景1,按照图2所示Step 4, according to the database covert channel scenario 1, as shown in Figure 2

(1)Alice创建一个表Table1并把该表的访问权限授权给Bob,发送信号0,(1) Alice creates a table Table1 and authorizes the access authority of the table to Bob, and sends signal 0,

对应的SQL语句为:create table Table1(id int);The corresponding SQL statement is: create table Table1(id int);

                 Grant all on Table1 to Bob;Grant all on Table1 to Bob;

(2)Bob访问表Table1,观测到系统无法进行安全检查,接收信号0;(2) Bob visits Table1, observes that the system cannot perform security checks, and receives a signal of 0;

对应的SQL语句为:select*from Alice.Table1The corresponding SQL statement is: select*from Alice.Table1

(3)Alice删除表Tablel,发送信号1,(3) Alice deletes table Table1, sends signal 1,

对应的SQL语句为:drop table Table1The corresponding SQL statement is: drop table Table1

(4)Bob访问表Table1,观测到表不存在,接收信号1;(4) Bob visits the table Table1, observes that the table does not exist, and receives signal 1;

对应的SQL语句为:select*from Alice.Table1The corresponding SQL statement is: select*from Alice.Table1

步骤5,步骤4)中Alice成功发送信号0和信号1,同时Bob成功接收信号0和信号1,BeyonDB中存在利用场景1构建的数据库隐蔽信道。In step 5, step 4), Alice successfully sends signal 0 and signal 1, while Bob successfully receives signal 0 and signal 1, and there is a database covert channel constructed using scenario 1 in BeyonDB.

步骤6,根据数据库隐蔽信道场景2,Step 6, according to database covert channel scenario 2,

(1)Bob创建一个表Table2并把该表的访问权限授权给Alice,初始化环境(1) Bob creates a table Table2 and authorizes the access authority of the table to Alice, and initializes the environment

对应SQL语句为:Create Table Table2(id int primary key);The corresponding SQL statement is: Create Table Table2(id int primary key);

               Grant all on Table2 to Alice        Grant all on Table2 to Alice

(2)Alice向表Table2中插入一条主键为1的记录,(2) Alice inserts a record whose primary key is 1 into the table Table2,

对应SQL语句为:Insert into Table2values(1)The corresponding SQL statement is: Insert into Table2values(1)

(3)Bob向表Table2中插入一条主键为1的记录,观测到插入操作失败,接收信号0;(3) Bob inserts a record whose primary key is 1 into the table Table2, observes that the insert operation fails, and receives a signal of 0;

对应SQL语句为:Insert into Table2values(1)The corresponding SQL statement is: Insert into Table2values(1)

(4)Alice删除表Table2中主键为1的记录,发送信号1,对应SQL语句为:Delete from Table2where id=1(4) Alice deletes the record whose primary key is 1 in Table2, sends signal 1, and the corresponding SQL statement is: Delete from Table2where id=1

(5)Bob向表Table2中插入一条主键为1的记录,观测到插入操作成功,接收信号0;(5) Bob inserts a record whose primary key is 1 into the table Table2, observes that the insertion operation is successful, and receives a signal of 0;

对应SQL语句为:Insert into Table2values(1)The corresponding SQL statement is: Insert into Table2values(1)

步骤7,步骤6)中Alice成功发送信号0和信号1,同时Bob成功接收信号0和信号1,BeyonDB中存在利用场景2构建的数据库隐蔽信道。In step 7, step 6), Alice successfully sends signal 0 and signal 1, and Bob successfully receives signal 0 and signal 1, and there is a database covert channel constructed using scenario 2 in BeyonDB.

步骤7,根据数据库隐蔽信道场景3,Step 7, according to database covert channel scenario 3,

(1)Bob创建一个表Table3并把该表的访问权限授权给Alice,初始化环境(1) Bob creates a table Table3 and authorizes the access authority of the table to Alice, and initializes the environment

对应SQL语句为:Create Table Table2(id int primary key);The corresponding SQL statement is: Create Table Table2(id int primary key);

               Grant all on Table2 to Alice        Grant all on Table2 to Alice

(2)Alice在表Table3上创建一个视图View1,发送信号0对应SQL语句为:create view View1 as select*from Table2(2) Alice creates a view View1 on Table3, and the SQL statement corresponding to sending signal 0 is: create view View1 as select*from Table2

(3)Bob限制删除表Table3,观测到删除操作失败,接收信号0;对应SQL语句为:drop table Table3restrict(3) Bob restricts the deletion of table Table3, and observes that the deletion operation fails and receives a signal of 0; the corresponding SQL statement is: drop table Table3restrict

(4)Alice删除表Table3上的视图View1,发送信号1,对应SQL语句为:drop view Viewl(4) Alice deletes the view View1 on the table Table3, sends signal 1, and the corresponding SQL statement is: drop view Viewl

(5)Bob限制删除表Table3,观测到删除操作失败,没有接收到信号1;(5) Bob restricts the deletion of table Table3, and observes that the deletion operation fails and does not receive signal 1;

对应SQL语句为:drop table Table3 restrictThe corresponding SQL statement is: drop table Table3 restrict

步骤8,步骤7)中Bob没有成功接收信号1,BeyonDB中不存在利用场景3构建的数据库隐蔽信道。In step 8, in step 7), Bob did not successfully receive signal 1, and there is no database covert channel constructed using scenario 3 in BeyonDB.

Claims (2)

1. a database private communication channel detection method is characterized in that, comprises the steps:
1) sets up database private communication channel scene
The low level security main body that the database private communication channel comprises the database shared resource, can revise the high safe level main body of shared resource and can observe shared resource change, the safety label of the safety label domination low level security main body of said high safe level main body; Said database is for realizing forcing the database of access control; Set up following database private communication channel scene:
Send signal 0: high safe level main body is created an object and is licensed to the low level security main body to the access rights of this object;
Send signal 1: high safe level main body is deleted above-mentioned object;
Receive signal 0: the object of the high safe level main body of low level security principal access, the system of observing can't carry out safety inspection;
Receive signal 1: the object of the high safe level main body of low level security principal access observes object and does not exist;
2) carry out the database private communication channel and detect configuration
(1) configuration type of database to be detected;
(2) link information in configuration data to be tested storehouse;
(3) with system manager's identity login detected data storehouse; Create two main bodys; And compose the authority of giving the authority in these two principal access detected data storehouses and in this database, creating object, with tag control person's identity login detected data storehouse, create two safety labels then; One of them another safety label of safety label domination is composed two main bodys to new establishment to these two safety labels respectively;
3) login database to be detected with the identity of high safe level main body and the identity of low level security main body respectively;
4) high safe level main body is created an object and is licensed to the low level security main body to the access rights of this object, sends signal 0, and this object of low level security principal access when the system of observing can't carry out safety inspection, receives signal 0; This object of high safe level main body deletion sends signal 1, and low level security principal access object when observing object when not existing, receives signal 1;
5) if high safe level main body can successfully be sent signal 0 and signal 1 in the step 4); The low level security main body can successfully receive signal 0 and signal 1 simultaneously; The database private communication channel that then exists available this scene to realize, otherwise the database private communication channel that does not exist available this scene to realize.
2. database private communication channel detection method as claimed in claim 1 is characterized in that: said object is table.
CN2012100725098A 2012-03-19 2012-03-19 Detection method for database covert channel Pending CN102622548A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2012100725098A CN102622548A (en) 2012-03-19 2012-03-19 Detection method for database covert channel

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2012100725098A CN102622548A (en) 2012-03-19 2012-03-19 Detection method for database covert channel

Publications (1)

Publication Number Publication Date
CN102622548A true CN102622548A (en) 2012-08-01

Family

ID=46562463

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2012100725098A Pending CN102622548A (en) 2012-03-19 2012-03-19 Detection method for database covert channel

Country Status (1)

Country Link
CN (1) CN102622548A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103577835A (en) * 2013-08-02 2014-02-12 中国科学技术大学苏州研究院 Method using multi-dimensional feature vectors to detect IP ID covert channel
CN104753617A (en) * 2015-03-17 2015-07-01 中国科学技术大学苏州研究院 Time-series hidden channel detection method based on neural network

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
宋剑: "《基于安全数据库信息传输的可信性研究》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
崔宾阁: "《推理通道和隐蔽通道的检测与消除》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
杨司祺: "《基于共享资源矩阵法的Linux内核隐蔽通道搜索研究》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
王保华等: "《安全数据库隐蔽通道的标识技术与实例分析》", 《计算机技术与发展》 *
王永吉等: "隐蔽信道研究", 《软件学报》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103577835A (en) * 2013-08-02 2014-02-12 中国科学技术大学苏州研究院 Method using multi-dimensional feature vectors to detect IP ID covert channel
CN103577835B (en) * 2013-08-02 2016-08-10 中国科学技术大学苏州研究院 A Method for Detecting IP ID Covert Channels Using Multi-Dimensional Eigenvectors
CN104753617A (en) * 2015-03-17 2015-07-01 中国科学技术大学苏州研究院 Time-series hidden channel detection method based on neural network
CN104753617B (en) * 2015-03-17 2017-06-13 中国科学技术大学苏州研究院 Neural network-based time sequence type hidden channel detection method

Similar Documents

Publication Publication Date Title
Bryant et al. A novel kill-chain framework for remote security log analysis with SIEM software
US20180309772A1 (en) Method and device for automatically verifying security event
US9680859B2 (en) System, method and apparatus to visually configure an analysis of a program
CN111212049B (en) A Threat Intelligence IOC Reputation Analysis Method
CN110417718B (en) Method, device, equipment and storage medium for processing risk data in website
CN105376245A (en) Rule-based detection method of ATP attack behavior
CN107347074B (en) A method for determining the security of network equipment
CN113360475B (en) Data operation and maintenance method, device and equipment based on intranet terminal and storage medium
CN111181918A (en) TTP-based high-risk asset discovery and network attack tracing method
CN117034305A (en) Sensitive information identification method, device, computer equipment and readable storage medium
CN109726601A (en) The recognition methods of unlawful practice and device, storage medium, computer equipment
CN110442582B (en) Scene detection method, device, equipment and medium
KR20210110765A (en) Method for providing ai-based big data de-identification solution
KR102304237B1 (en) compliance management system through automatic diagnosis of infrastructure asset threat and method therefor
CN105528558B (en) A kind of detection method and device of private communication channel communication
Alshammari A novel security framework to mitigate and avoid unexpected security threats in saudi arabia
Shravan et al. Penetration testing: A review
CN102622548A (en) Detection method for database covert channel
CN110826094A (en) Information leakage monitoring method and device
TWI667587B (en) Information security protection method
CN103095714A (en) Trojan horse detection method based on Trojan horse virus type classification modeling
CN117934182A (en) A risk detection method and system based on enterprise financial data
CN115795497A (en) Data security processing method for big data
He et al. Understanding mobile banking applications’ security risks through blog mining and the workflow technology
CN107124429A (en) A kind of Network security protection method and system designed based on Double Data table

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20120801