CN112685779A - Static credibility judgment method for executing main keywords of select statement based on database - Google Patents
Static credibility judgment method for executing main keywords of select statement based on database Download PDFInfo
- Publication number
- CN112685779A CN112685779A CN202011636522.2A CN202011636522A CN112685779A CN 112685779 A CN112685779 A CN 112685779A CN 202011636522 A CN202011636522 A CN 202011636522A CN 112685779 A CN112685779 A CN 112685779A
- Authority
- CN
- China
- Prior art keywords
- user
- statement
- pcr value
- database
- select statement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 17
- 230000003068 static effect Effects 0.000 title claims abstract description 17
- 238000004364 calculation method Methods 0.000 claims abstract description 7
- 238000004458 analytical method Methods 0.000 claims description 4
- 238000005259 measurement Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 239000010779 crude oil Substances 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a static credibility judgment method for executing main keywords of select statement based on a database, which comprises the following steps: s1, determining main keywords according to the characteristics of an SQL statement by an administrator, calculating a hash value of a keyword character string, adding the hash to the original latest PCR, and performing hash calculation to obtain a new PCR value; s2, when the database runs in a trusted environment, a user uses a select statement to inquire and calculates a PCR value of the select statement; s3, comparing the PCR value obtained in the step S2 with the PCR value obtained in the step S1; and S4, the comparison result proves that the SQL sentence input by the current user is credible consistently, the next operation is continuously executed, the inconsistency proves that the user operation is not credible, and the execution is terminated and fed back to the user. The main keywords selected by the static credibility judgment method for executing the main keywords of the select statement based on the database are the keywords used by the user executing most of the select statements, and the static credibility calculation can meet the user requirements as much as possible.
Description
Technical Field
The invention belongs to the technical field of databases, and particularly relates to a static credibility judgment method for executing main keywords of a select statement based on a database.
Background
With the rapid development of information technology, the data security problem is becoming more complex, and the trusted computing technology is also developing continuously as an important means for protecting data security. Today, trusted computing is used in a number of ways, such as identity theft protection, digital rights management, and the like. In order to solve the insecurity of a computer and a network structure and improve the safety fundamentally, a trusted hardware environment is started based on a trusted root of a trusted control module (TPMC) to measure the reliability of an operating system, a trust relationship is expanded to the operating system environment, the reliability of application and the network is measured to form a trusted safe operating environment guaranteed by a trusted chain, and the trusted measurement is carried out when a database is installed, so that the environment credibility and the static credibility of the database are realized, but the further credibility measurement of dynamic information of the database is lacked. The user performs credibility measurement on the operation of increasing, deleting, modifying and checking the data information in the database through SQL to know whether the user behavior is credible or not, which is very important for protecting the data security of the database. Meanwhile, the SQL statement has a plurality of keywords, various keywords can form various combinations, each combination is used as one group for carrying out credibility measurement, and a large amount of storage space and credibility measurement time are wasted.
Disclosure of Invention
In view of the above, in order to overcome the above drawbacks, the present invention is directed to a static confidence determination method for executing a main keyword of a select statement based on a database.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a static credibility judgment method for executing main keywords of select statement based on a database comprises the following steps:
s1, determining main keywords according to the characteristics of an SQL statement by an administrator, calculating a hash value of a keyword character string, adding the hash to the original latest PCR, and performing hash calculation to obtain a new PCR value;
s2, when the database runs in a trusted environment, a user uses a select statement to inquire and calculates a PCR value of the select statement;
s3, comparing the PCR value obtained in the step S2 with the PCR value obtained in the step S1;
and S4, the comparison result proves that the SQL sentence input by the current user is credible consistently, the next operation is continuously executed, the inconsistency proves that the user operation is not credible, and the execution is terminated and fed back to the user.
Further, in step S1, the new PCR value is stored in the register of the TCG, so that the query statement input by the user can be compared with the confidence measure.
Further, the method for calculating the PCR value of the select statement in step S2 is as follows:
and analyzing the SQL statement by a syntax analyzer and a compiler to generate a syntax analysis tree, extracting main keywords in the query statement and combining the main keywords into a character string, performing hash operation to obtain a summary value, combining the summary value with the last PCR value in the credible chain, and performing the hash operation again to obtain the PCR value of the select statement.
Compared with the prior art, the static credibility judgment method for executing the main keywords of the select statement based on the database has the following advantages:
the static credibility judgment method for executing the main keywords of the select statement based on the database has the following advantages that: firstly, the selected main keywords are the keywords used by the user to execute most select sentences, and the keywords are used for performing static trusted calculation so as to meet the requirements of the user as much as possible; in addition, the main keywords are subjected to static credible calculation, PCR values of the main keywords are stored in the TCG, the number of traversals is small, and the judgment efficiency is high.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
FIG. 1 is an overall flow diagram;
FIG. 2 is a schematic diagram of a parse tree;
FIG. 3 is an example view of a parse tree;
FIG. 4 is an example parse tree diagram of FIG. two.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless otherwise specified.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art through specific situations.
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
As shown in fig. 1 and fig. 2, a static credibility judgment method for executing a main keyword of a select statement based on a database includes the following steps:
s1, determining main keywords according to the characteristics of an SQL statement by an administrator, calculating a hash value of a keyword character string, adding the hash to the original latest PCR, and performing hash calculation to obtain a new PCR value;
s2, when the database runs in a trusted environment, a user uses a select statement to inquire and calculates a PCR value of the select statement;
s3, comparing the PCR value obtained in the step S2 with the PCR value obtained in the step S1;
and S4, the comparison result proves that the SQL sentence input by the current user is credible consistently, the next operation is continuously executed, the inconsistency proves that the user operation is not credible, and the execution is terminated and fed back to the user.
In step S1, the new PCR value is stored in the register of the TCG for comparing the query statement input by the user with the confidence metric.
The method for calculating the PCR value of the select statement in step S2 is as follows:
and analyzing the SQL statement by a syntax analyzer and a compiler to generate a syntax analysis tree, extracting main keywords in the query statement and combining the main keywords into a character string, performing hash operation to obtain a summary value, combining the summary value with the last PCR value in the credible chain, and performing the hash operation again to obtain the PCR value of the select statement.
According to the method, an administrator sets credible keywords, after the keywords are combined into a character string, the abstract of the character string is calculated by using a hash algorithm, a new PCR value corresponding to an SQL statement is calculated by combining with a PCR and stored in a register of a TCG, and a credible chain is expanded to compare the credible measurement of the query statement input by a user.
The user enters a query statement. The parser examines the syntax of the user query and then constructs a parse tree representation of the query statement. And extracting and combining the main keywords into a character string, and calculating the character string by using a hash algorithm to obtain a hash value.
And combining the hash result of the main key words of the statement input by the user with the latest credible PCR in the TCG to calculate a hash value to obtain a new undetermined PCR value.
And comparing the undetermined PCR value with a preset PCR value in a corresponding keyword register of the TCG, if the two PCR values are different, proving that the operation of the user is not credible, and prompting an error to the user and refusing to access the database. If the two PCR values are the same, the user operation is proved to be credible, and the next operation is continuously executed.
The technical scheme of the application is further explained by combining the specific examples as follows:
s1: the security administrator of the system sets a comparison template in the trusted database. The administrator makes the following statement settings
“user1;
8:00AM~16:00PM;
Select...from...where...”
The keywords select.. from.. where.. are merged into a string, hashing is performed using SM3 algorithm to obtain a digest 0xB3F7 …, which is added to the PCR value of the crude oil to calculate a new digest value 0xC236 …, which is stored in the memory of the TCG.
S2: and the user uses a select statement to inquire, generates a syntax analysis tree through a syntax analyzer and a translator, extracts and combines the keywords of the query statement into a character string and carries out hash operation.
And (3) during normal query: select from tb1 where name is zhang san;
the resulting parse tree is shown in fig. 3.
The keywords' select.
When the operation is not credible: delete from. The parse tree for this SQL statement is shown in FIG. 4.
Extracting keywords' delete from.
And S3, comparing the PCR to be determined in S2 with the PCR value in the corresponding register of S1. And if the PCR value of the normal query is the same as the preset PCR value in the register, the comparison is successful, and the database returns a statement of 'allowing access' and simultaneously returns a query result. The hash value of the key word of the untrusted SQL statement is changed, the computed PCR value is different from the PCR value stored in the register in the S1, the comparison is unsuccessful, the database returns a statement of 'access refusal', and a user cannot use the statement to query the statement, and the user needs to modify the statement to query again.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (3)
1. The static credibility judgment method for executing the main keywords of the select statement based on the database is characterized by comprising the following steps of:
s1, determining main keywords according to the characteristics of an SQL statement by an administrator, calculating a hash value of a keyword character string, adding the hash to the original latest PCR, and performing hash calculation to obtain a new PCR value;
s2, when the database runs in a trusted environment, a user uses a select statement to inquire and calculates a PCR value of the select statement;
s3, comparing the PCR value obtained in the step S2 with the PCR value obtained in the step S1;
and S4, the comparison result proves that the SQL sentence input by the current user is credible consistently, the next operation is continuously executed, the inconsistency proves that the user operation is not credible, and the execution is terminated and fed back to the user.
2. The static credible judgment method for executing select statement primary keywords based on database according to claim 1, wherein: in step S1, the new PCR value is stored in the register of the TCG for comparing the query statement input by the user with the confidence metric.
3. The static credibility determination method for executing select statement main keyword based on database according to claim 1, wherein the method for calculating PCR value of select statement in step S2 is as follows:
and analyzing the SQL statement by a syntax analyzer and a compiler to generate a syntax analysis tree, extracting main keywords in the query statement and combining the main keywords into a character string, performing hash operation to obtain a summary value, combining the summary value with the last PCR value in the credible chain, and performing the hash operation again to obtain the PCR value of the select statement.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011636522.2A CN112685779A (en) | 2020-12-31 | 2020-12-31 | Static credibility judgment method for executing main keywords of select statement based on database |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011636522.2A CN112685779A (en) | 2020-12-31 | 2020-12-31 | Static credibility judgment method for executing main keywords of select statement based on database |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112685779A true CN112685779A (en) | 2021-04-20 |
Family
ID=75456531
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011636522.2A Pending CN112685779A (en) | 2020-12-31 | 2020-12-31 | Static credibility judgment method for executing main keywords of select statement based on database |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112685779A (en) |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1464434A (en) * | 2002-06-26 | 2003-12-31 | 联想(北京)有限公司 | Method for realizing modular query language interpreter in the flush type data base system |
| CN101609493A (en) * | 2009-07-21 | 2009-12-23 | 国网电力科学研究院 | A kind of database SQL infusion protecting method based on self study |
| CN101727554A (en) * | 2009-11-23 | 2010-06-09 | 浪潮电子信息产业股份有限公司 | Method for dynamically reconfiguring trust chain |
| CN101741842A (en) * | 2009-12-07 | 2010-06-16 | 北京交通大学 | Method for realizing dependable SSH based on dependable computing |
| US20110179015A1 (en) * | 2010-01-21 | 2011-07-21 | Oracle International Corporation | Database query resource management using select statement condition |
| CN102436566A (en) * | 2012-01-12 | 2012-05-02 | 冶金自动化研究设计院 | Dynamic trusted measurement method and safe embedded system |
| CN103500202A (en) * | 2013-09-29 | 2014-01-08 | 中国船舶重工集团公司第七0九研究所 | Security protection method and system for light-weight database |
| CN103646197A (en) * | 2013-12-12 | 2014-03-19 | 中国石油大学(华东) | User credibility authentication system and method based on user behaviors |
| CN104090941A (en) * | 2014-06-30 | 2014-10-08 | 江苏华大天益电力科技有限公司 | Database auditing system and database auditing method |
| CN104506487A (en) * | 2014-11-21 | 2015-04-08 | 北京工业大学 | Credible execution method for privacy policy in cloud environment |
| CN105468978A (en) * | 2015-11-16 | 2016-04-06 | 国网智能电网研究院 | Trusted computing cryptogram platform suitable for general computation platform of electric system |
| CN108763887A (en) * | 2018-05-23 | 2018-11-06 | 腾讯科技(深圳)有限公司 | Database manipulation requests verification method, apparatus, server and storage medium |
| CN109426722A (en) * | 2017-09-01 | 2019-03-05 | 深圳市源伞新科技有限公司 | SQL injection defect inspection method, system, equipment and storage medium |
| CN109815719A (en) * | 2019-01-21 | 2019-05-28 | 广东电网有限责任公司信息中心 | A kind of database security encryption system that can search for |
| CN110209395A (en) * | 2019-06-04 | 2019-09-06 | 沈阳欧瑞科技有限公司 | A kind of method, equipment and medium by SQL insertion high-level language |
| CN111177272A (en) * | 2019-12-31 | 2020-05-19 | 杭州趣链科技有限公司 | Block chain-based big data credible auditing method |
| CN111221844A (en) * | 2019-11-14 | 2020-06-02 | 广东电网有限责任公司信息中心 | Web server protection method based on mimicry instruction set randomization and database proxy node |
-
2020
- 2020-12-31 CN CN202011636522.2A patent/CN112685779A/en active Pending
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1464434A (en) * | 2002-06-26 | 2003-12-31 | 联想(北京)有限公司 | Method for realizing modular query language interpreter in the flush type data base system |
| CN101609493A (en) * | 2009-07-21 | 2009-12-23 | 国网电力科学研究院 | A kind of database SQL infusion protecting method based on self study |
| CN101727554A (en) * | 2009-11-23 | 2010-06-09 | 浪潮电子信息产业股份有限公司 | Method for dynamically reconfiguring trust chain |
| CN101741842A (en) * | 2009-12-07 | 2010-06-16 | 北京交通大学 | Method for realizing dependable SSH based on dependable computing |
| US20110179015A1 (en) * | 2010-01-21 | 2011-07-21 | Oracle International Corporation | Database query resource management using select statement condition |
| CN102436566A (en) * | 2012-01-12 | 2012-05-02 | 冶金自动化研究设计院 | Dynamic trusted measurement method and safe embedded system |
| CN103500202A (en) * | 2013-09-29 | 2014-01-08 | 中国船舶重工集团公司第七0九研究所 | Security protection method and system for light-weight database |
| CN103646197A (en) * | 2013-12-12 | 2014-03-19 | 中国石油大学(华东) | User credibility authentication system and method based on user behaviors |
| CN104090941A (en) * | 2014-06-30 | 2014-10-08 | 江苏华大天益电力科技有限公司 | Database auditing system and database auditing method |
| CN104506487A (en) * | 2014-11-21 | 2015-04-08 | 北京工业大学 | Credible execution method for privacy policy in cloud environment |
| CN105468978A (en) * | 2015-11-16 | 2016-04-06 | 国网智能电网研究院 | Trusted computing cryptogram platform suitable for general computation platform of electric system |
| CN109426722A (en) * | 2017-09-01 | 2019-03-05 | 深圳市源伞新科技有限公司 | SQL injection defect inspection method, system, equipment and storage medium |
| CN108763887A (en) * | 2018-05-23 | 2018-11-06 | 腾讯科技(深圳)有限公司 | Database manipulation requests verification method, apparatus, server and storage medium |
| CN109815719A (en) * | 2019-01-21 | 2019-05-28 | 广东电网有限责任公司信息中心 | A kind of database security encryption system that can search for |
| CN110209395A (en) * | 2019-06-04 | 2019-09-06 | 沈阳欧瑞科技有限公司 | A kind of method, equipment and medium by SQL insertion high-level language |
| CN111221844A (en) * | 2019-11-14 | 2020-06-02 | 广东电网有限责任公司信息中心 | Web server protection method based on mimicry instruction set randomization and database proxy node |
| CN111177272A (en) * | 2019-12-31 | 2020-05-19 | 杭州趣链科技有限公司 | Block chain-based big data credible auditing method |
Non-Patent Citations (1)
| Title |
|---|
| 张焕国 等: "《可信计算》", 武汉大学出版社, pages: 428 - 429 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zhong et al. | Squirrel: Testing database management systems with language validity and coverage feedback | |
| US10719567B2 (en) | Database query processing on encrypted data | |
| Bisht et al. | Waptec: whitebox analysis of web applications for parameter tampering exploit construction | |
| US10503908B1 (en) | Vulnerability assessment based on machine inference | |
| Cui et al. | Vuldetector: Detecting vulnerabilities using weighted feature graph comparison | |
| US20060212438A1 (en) | SQL injection protection by variable normalization | |
| US10089334B2 (en) | Grouping of database objects | |
| WO2019144548A1 (en) | Security test method, apparatus, computer device and storage medium | |
| KR101620601B1 (en) | Method for conducting security check, Computer program for the same, and Recording medium storing computer program for the same | |
| EP3776314B1 (en) | Staged dynamic taint flow inference | |
| Cetin et al. | SQL-Identifier injection attacks | |
| CN112613302B (en) | Dynamic credibility judging method for clauses of select statement based on database | |
| Fadlalla et al. | Input Validation Vulnerabilities in Web Applications: Systematic Review, Classification, and Analysis of the Current State-of-the-Art | |
| Guo et al. | A novel vulnerable code clone detector based on context enhancement and patch validation | |
| US10235450B2 (en) | Semantic layer for processing machine data | |
| CN112685779A (en) | Static credibility judgment method for executing main keywords of select statement based on database | |
| KR102258956B1 (en) | Method for detecting attack in environment with using sql for managing relational database, and server using the same | |
| CN112613301A (en) | Dynamic credibility judgment method for executing select statement based on database | |
| Song et al. | Program slice based vulnerable code clone detection | |
| He et al. | Vul-mirror: a few-shot learning method for discovering vulnerable code clone | |
| Asha et al. | Preventing sql injection attacks | |
| CN111488287A (en) | Method, device, medium and electronic equipment for generating injection vulnerability test case | |
| de Sousa Medeiros | Detection of vulnerabilities and automatic protection for web applications | |
| Zhan et al. | ADMUS: A Progressive Question Answering Framework Adaptable to Multiple Knowledge Sources | |
| CN115225341B (en) | Website access method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210420 |
|
| RJ01 | Rejection of invention patent application after publication |