CN112613302A - Dynamic credibility judgment method for clauses executing select statement based on database - Google Patents
Dynamic credibility judgment method for clauses executing select statement based on database Download PDFInfo
- Publication number
- CN112613302A CN112613302A CN202011639337.9A CN202011639337A CN112613302A CN 112613302 A CN112613302 A CN 112613302A CN 202011639337 A CN202011639337 A CN 202011639337A CN 112613302 A CN112613302 A CN 112613302A
- Authority
- CN
- China
- Prior art keywords
- credibility
- trusted
- database
- keywords
- select
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/253—Grammatical analysis; Style critique
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Artificial Intelligence (AREA)
- Audiology, Speech & Language Pathology (AREA)
- Computational Linguistics (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a dynamic credibility judgment method for clauses executing select sentences based on a database, which comprises the following steps: s1, performing static credibility measurement on the most basic keywords in select SQL; s2, setting a clause keyword template in a trusted query statement by an administrator in a trusted database, calculating a trusted measurement value through an encryption algorithm and storing the trusted measurement value in a trusted calculation base; s3, when the database runs in a trusted environment, a user queries by using a select statement containing a group by clause, extracts keywords in the query statement and combines the keywords into a character string, and then carries out encryption operation on the character string to obtain a trusted measurement value; and S4, comparing the credibility measurement value in the S3 with the credibility measurement value in the credibility calculation base to obtain a credibility report. The dynamic credibility judgment method for the clauses executing the select statement based on the database checks the main keywords under the condition of credibility, and can effectively reduce the dynamic credibility calculation of the non-select statement operation of the user.
Description
Technical Field
The invention belongs to the technical field of databases, and particularly relates to a dynamic credibility judgment method for clauses executing select sentences based on a database.
Background
With the rapid development of information technology, the data security problem is becoming more complex, and the trusted computing technology is also developing continuously as an important means for protecting data security. Today, trusted computing is used in a number of ways, such as identity theft protection, digital rights management, and the like. In order to solve the insecurity of a computer and a network structure and improve the safety fundamentally, a trusted hardware environment is started based on a trusted root of a trusted control module (TPMC) to measure the reliability of an operating system, a trust relationship is expanded to the operating system environment, the reliability of application and the network is measured to form a trusted safe operating environment guaranteed by a trusted chain, and the trusted measurement is carried out when a database is installed, so that the environment credibility and the static credibility of the database are realized, but the further credibility measurement of dynamic information of the database is lacked. The user performs credibility measurement on the operation of increasing, deleting, modifying and checking the data information in the database through SQL to know whether the user behavior is credible or not, which is very important for protecting the data security of the database. Meanwhile, the SQL statement has a plurality of keywords, various keywords can form various combinations, each combination is used as one group for carrying out credibility measurement, and a large amount of storage space and credibility measurement time are wasted.
Disclosure of Invention
In view of the above, in order to overcome the above drawbacks, the present invention is directed to a dynamic credible judgment method for executing clauses of select statements based on a database.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a dynamic credibility judgment method for clauses of select statements executed based on a database comprises the following steps:
s1, performing static credibility measurement on the most basic keywords in select SQL to expand a credibility chain;
s2, setting a clause keyword template in a trusted query statement by an administrator in a trusted database, calculating a trusted measurement value through an encryption algorithm and storing the trusted measurement value in a trusted calculation base;
s3, when the database runs in a trusted environment, a user queries by using a select statement containing a group by clause, extracts keywords in the query statement and combines the keywords into a character string, and then carries out encryption operation on the character string to obtain a trusted measurement value;
and S4, comparing the credibility metric value in the S3 with the credibility metric value in the credibility calculation base to obtain a credibility report, feeding the comparison result back to the database, and executing subsequent operation by the credibility database system according to the dynamic credibility calculation result of the user query statement.
Further, in step S3, a syntax analyzer is used to perform syntax check on the query statement, a compiler is combined to generate a syntax analysis tree, and a keyword is extracted.
Further, the credibility value corresponding to the keyword extracted in the step S3 is stored in the credibility storage root.
Further, the information digest corresponding to the credibility measurement value in the step S2 is stored in a specific PCR in the credible storage root, and the measurement process is stored in the measurement log.
Compared with the prior art, the dynamic credibility judgment method for the clauses executing the select statement based on the database has the following advantages:
the dynamic credibility judgment method for the clauses executing the select statement based on the database has the following advantages that: firstly, a select keyword combination can form a plurality of credible templates, the substitution time is spent for traversing the templates in dynamic credibility judgment, the method is used for checking under the condition that the main keywords are credible, dynamic credible calculation of user non-select statement operation can be effectively reduced, in addition, whether the user operation is credible or not can be monitored in real time, the database security is improved, and the data security can be more effectively protected. .
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
FIG. 1 is an overall flow diagram;
FIG. 2 is a schematic diagram of a parse tree;
FIG. 3 is an example view of a parse tree;
FIG. 4 is an example parse tree diagram of FIG. two.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless otherwise specified.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art through specific situations.
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
As shown in fig. 1 and fig. 2, a dynamic credibility judgment method for executing clauses of select statements based on a database includes the following steps:
s1, performing static credibility measurement on the most basic keywords in select SQL to expand a credibility chain;
s2, setting a clause keyword template in a trusted query statement by an administrator in a trusted database, calculating a trusted measurement value through an encryption algorithm and storing the trusted measurement value in a trusted calculation base;
s3, when the database runs in a trusted environment, a user queries by using a select statement containing a group by clause, extracts keywords in the query statement and combines the keywords into a character string, and then carries out encryption operation on the character string to obtain a trusted measurement value;
and S4, comparing the credibility metric value in the S3 with the credibility metric value in the credibility calculation base to obtain a credibility report, feeding the comparison result back to the database, and executing subsequent operation by the credibility database system according to the dynamic credibility calculation result of the user query statement.
In step S3, a syntax analyzer is used to perform syntax check on the query statement, a compiler is used to generate a syntax analysis tree, and keywords are extracted.
And the credibility value corresponding to the keyword extracted in the step S3 is stored in the credibility storage root.
And the information digest corresponding to the credible measurement value in the step S2 is stored in a specific PCR in the credible storage root, and the measurement process is stored in the measurement log.
The method comprises the steps that an administrator sets a static credible template and a dynamic credible template, keywords are extracted by a grammar analyzer, selected main keywords are selected for carrying out hash operation, calculation results are recorded in a PCR (polymerase chain reaction), remaining keywords are combined into a character string, the character string is subjected to hash operation by using an abstract algorithm in a subsystem with storage protection in the TCM, a characteristic value obtained after measurement is stored in a specific credible calculation base, and a characteristic value obtained by carrying out credible measurement on an inquiry statement input by a user is compared.
The user enters a query statement. The parser examines the syntax of the user query and then constructs a parse tree for the query statement. The primary keywords are extracted and merged into a string, and static confidence metrics are compared with records in the PCR.
And on the premise that the main keyword is credible, performing hash calculation on other keywords of the statement input by the user, comparing the credible measurement result of the keyword with the credible measurement result in the S1, and generating a credible report.
If the report shows that the contrast fails, the user is prompted for an error and access to the database is denied. If the report shows that the comparison is successful, the user can continue to perform select query operation and return a query result.
The technical scheme of the application is further explained by combining the specific examples as follows:
s1: the security administrator of the system sets a comparison template in the trusted database. The administrator makes the following statement settings
“user1;
8:00AM~16:00PM;
Select...from...where...group by”
And merging the keyword group by into a character string, performing credibility measurement by using an SM3 algorithm to obtain a characteristic value 0xB3F7 …, and storing a measurement result into a credible calculation base.
S2: and a user uses a select statement containing group by and order by clauses to inquire, a syntax analysis tree is generated through a syntax analyzer and a compiler, main keywords of the inquiry statement are extracted to carry out static credibility measurement, and a credibility chain is expanded.
S3, merging other keywords into character strings to carry out hash operation to obtain the normal query of the digest value feature code: select a from tb1 where name is 'zhang san' group by a;
the resulting parse tree is shown in fig. 3.
And extracting keywords 'group by..' and combining the keywords into a character string, and performing credibility measurement by using an SM3 algorithm to obtain a feature code 0xB3F7 ….
When the query is malicious: select a from tb1 where name is three group by a Order by age; the parse tree for this query statement is shown in FIG. 4:
extracting keywords 'group by... order by..', merging into a character string, and obtaining a characteristic value 0xC97A … by using the confidence measure of the SM3 algorithm. And saving the two measurement results in a trusted storage root.
And S4, comparing the two credibility measurement values in the S3 with the credibility measurement result of the S1 respectively. If the comparison between the confidence measure result 0xB3F7 … of the normal query and the confidence measure result 0xB3F7 … in S1 is basically the same, the comparison is successful, and the database returns a statement of "allow access" and simultaneously returns the query result.
In the malicious query statement, because the keyword of the order by appears, the characteristic value of the keyword of the query statement changes, the comparison between the measurement result 0xC97A … and the credible measurement result 0xB3F7 … in S1 is unsuccessful, the database returns the statement of 'access denial', and the user cannot use the statement to query the statement, and the user needs to modify the statement to query again.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (4)
1. The dynamic credibility judgment method for executing clauses of select sentences based on the database is characterized by comprising the following steps of:
s1, performing static credibility measurement on the most basic keywords in select SQL to expand a credibility chain;
s2, setting a clause keyword template in a trusted query statement by an administrator in a trusted database, calculating a trusted measurement value through an encryption algorithm and storing the trusted measurement value in a trusted calculation base;
s3, when the database runs in a trusted environment, a user queries by using a select statement containing a group by clause, extracts keywords in the query statement and combines the keywords into a character string, and then carries out encryption operation on the character string to obtain a trusted measurement value;
and S4, comparing the credibility metric value in the S3 with the credibility metric value in the credibility calculation base to obtain a credibility report, feeding the comparison result back to the database, and executing subsequent operation by the credibility database system according to the dynamic credibility calculation result of the user query statement.
2. The method of claim 1, wherein the method comprises: in step S3, a syntax analyzer is used to perform syntax check on the query statement, a compiler is used to generate a syntax analysis tree, and keywords are extracted.
3. The method of claim 1, wherein the method comprises: and the credibility value corresponding to the keyword extracted in the step S3 is stored in the credibility storage root.
4. The method of claim 1, wherein the method comprises: and the information digest corresponding to the credible measurement value in the step S2 is stored in a specific PCR in the credible storage root, and the measurement process is stored in the measurement log.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011639337.9A CN112613302B (en) | 2020-12-31 | 2020-12-31 | Dynamic credibility judging method for clauses of select statement based on database |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011639337.9A CN112613302B (en) | 2020-12-31 | 2020-12-31 | Dynamic credibility judging method for clauses of select statement based on database |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112613302A true CN112613302A (en) | 2021-04-06 |
| CN112613302B CN112613302B (en) | 2023-08-18 |
Family
ID=75253044
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011639337.9A Active CN112613302B (en) | 2020-12-31 | 2020-12-31 | Dynamic credibility judging method for clauses of select statement based on database |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112613302B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117556452A (en) * | 2024-01-10 | 2024-02-13 | 支付宝(杭州)信息技术有限公司 | Access control method for database and related equipment |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101540704A (en) * | 2009-05-05 | 2009-09-23 | 北京神舟航天软件技术有限公司 | Unreliable DBMS malicious intrusion detection system and method |
| CN104615947A (en) * | 2015-02-02 | 2015-05-13 | 中国科学院软件研究所 | Credible database integrity protecting method and system |
| CN106372177A (en) * | 2016-08-30 | 2017-02-01 | 东华大学 | Query expansion method supporting correlated query and fuzzy grouping of mixed data type |
| CN107424619A (en) * | 2017-04-18 | 2017-12-01 | 上海擎云物联网股份有限公司 | A kind of audio encryption algorithm and user ID authentication method and enciphering identifying method |
| CN108763887A (en) * | 2018-05-23 | 2018-11-06 | 腾讯科技(深圳)有限公司 | Database manipulation requests verification method, apparatus, server and storage medium |
| US10162729B1 (en) * | 2016-02-01 | 2018-12-25 | State Farm Mutual Automobile Insurance Company | Automatic review of SQL statement complexity |
| CN109815719A (en) * | 2019-01-21 | 2019-05-28 | 广东电网有限责任公司信息中心 | A kind of database security encryption system that can search for |
| CN110502888A (en) * | 2019-07-19 | 2019-11-26 | 清华大学 | A kind of mobile office method of the mobile software white list mechanism based on credible measurement |
| CN111221844A (en) * | 2019-11-14 | 2020-06-02 | 广东电网有限责任公司信息中心 | Web server protection method based on mimicry instruction set randomization and database proxy node |
-
2020
- 2020-12-31 CN CN202011639337.9A patent/CN112613302B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101540704A (en) * | 2009-05-05 | 2009-09-23 | 北京神舟航天软件技术有限公司 | Unreliable DBMS malicious intrusion detection system and method |
| CN104615947A (en) * | 2015-02-02 | 2015-05-13 | 中国科学院软件研究所 | Credible database integrity protecting method and system |
| US10162729B1 (en) * | 2016-02-01 | 2018-12-25 | State Farm Mutual Automobile Insurance Company | Automatic review of SQL statement complexity |
| CN106372177A (en) * | 2016-08-30 | 2017-02-01 | 东华大学 | Query expansion method supporting correlated query and fuzzy grouping of mixed data type |
| CN107424619A (en) * | 2017-04-18 | 2017-12-01 | 上海擎云物联网股份有限公司 | A kind of audio encryption algorithm and user ID authentication method and enciphering identifying method |
| CN108763887A (en) * | 2018-05-23 | 2018-11-06 | 腾讯科技(深圳)有限公司 | Database manipulation requests verification method, apparatus, server and storage medium |
| CN109815719A (en) * | 2019-01-21 | 2019-05-28 | 广东电网有限责任公司信息中心 | A kind of database security encryption system that can search for |
| CN110502888A (en) * | 2019-07-19 | 2019-11-26 | 清华大学 | A kind of mobile office method of the mobile software white list mechanism based on credible measurement |
| CN111221844A (en) * | 2019-11-14 | 2020-06-02 | 广东电网有限责任公司信息中心 | Web server protection method based on mimicry instruction set randomization and database proxy node |
Non-Patent Citations (1)
| Title |
|---|
| 申德荣 等: "支持大数据管理的NoSQL系统研究综述", 《软件学报》, 31 December 2013 (2013-12-31), pages 1786 - 1799 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117556452A (en) * | 2024-01-10 | 2024-02-13 | 支付宝(杭州)信息技术有限公司 | Access control method for database and related equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112613302B (en) | 2023-08-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10719567B2 (en) | Database query processing on encrypted data | |
| Zhong et al. | Squirrel: Testing database management systems with language validity and coverage feedback | |
| Bisht et al. | Waptec: whitebox analysis of web applications for parameter tampering exploit construction | |
| US11716349B2 (en) | Machine learning detection of database injection attacks | |
| US20060212438A1 (en) | SQL injection protection by variable normalization | |
| US8498995B1 (en) | Optimizing data retrieval during event data query processing | |
| WO2010059747A2 (en) | Methods and systems for exact data match filtering | |
| KR101620601B1 (en) | Method for conducting security check, Computer program for the same, and Recording medium storing computer program for the same | |
| WO2019144548A1 (en) | Security test method, apparatus, computer device and storage medium | |
| Mounika et al. | Analyzing CVE database using unsupervised topic modelling | |
| Salama et al. | Web anomaly misuse intrusion detection framework for SQL injection detection | |
| Wang et al. | Detection method of SQL injection attack in cloud computing environment | |
| CN112613302B (en) | Dynamic credibility judging method for clauses of select statement based on database | |
| Cetin et al. | SQL-Identifier injection attacks | |
| EP3776314B1 (en) | Staged dynamic taint flow inference | |
| Shanmughaneethi et al. | SBSQLID: Securing web applications with service based SQL injection detection | |
| Guo et al. | A novel vulnerable code clone detector based on context enhancement and patch validation | |
| CN112613301A (en) | Dynamic credibility judgment method for executing select statement based on database | |
| Tian et al. | Trustworthiness study of HDFS data storage based on trustworthiness metrics and KMS encryption | |
| CN112685779A (en) | Static credibility judgment method for executing main keywords of select statement based on database | |
| KR102258956B1 (en) | Method for detecting attack in environment with using sql for managing relational database, and server using the same | |
| US10235450B2 (en) | Semantic layer for processing machine data | |
| He et al. | Vul-mirror: a few-shot learning method for discovering vulnerable code clone | |
| Asha et al. | Preventing sql injection attacks | |
| Zheng et al. | Compact, tamper-resistant archival of fine-grained provenance |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |