CN114925400A - Data dynamic desensitization method and device - Google Patents
Data dynamic desensitization method and device Download PDFInfo
- Publication number
- CN114925400A CN114925400A CN202210593179.0A CN202210593179A CN114925400A CN 114925400 A CN114925400 A CN 114925400A CN 202210593179 A CN202210593179 A CN 202210593179A CN 114925400 A CN114925400 A CN 114925400A
- Authority
- CN
- China
- Prior art keywords
- desensitization
- target
- view
- dynamic
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000586 desensitisation Methods 0.000 title claims abstract description 255
- 238000000034 method Methods 0.000 title claims abstract description 63
- 238000004364 calculation method Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 9
- 238000012423 maintenance Methods 0.000 description 9
- 238000004519 manufacturing process Methods 0.000 description 8
- 238000011161 development Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 230000008859 change Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000003068 static effect Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000002715 modification method Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012549 training Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2433—Query languages
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Medical Informatics (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Mathematical Physics (AREA)
- Computational Linguistics (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a method and a device for dynamic desensitization of data, which comprise the following steps: creating a new view with the same name length as a target table or a target view needing desensitization on a target database, wherein the new view comprises a desensitization strategy, and realizing data dynamic desensitization according to the desensitization strategy; the application gateway dynamically modifies the database application protocol data in the target SQL statement, namely, a target table or a target view which needs desensitization in the target SQL statement is replaced by the created new view, the length of the replaced target SQL statement is ensured to be unchanged, and the modified database application protocol data is forwarded to a target database server to realize dynamic desensitization. The method and the device can realize high performance, high stability and real-time complete dynamic data desensitization aiming at all types of databases.
Description
Technical Field
The invention belongs to the technical field of data desensitization, and particularly relates to a data dynamic desensitization method and device.
Background
In the current trend of information security, data desensitization has been recognized and regarded by the industry as an important ring of data security. According to the data use scene, data desensitization is divided into Static data masking-SDM (Static data masking-SDM) and Dynamic data masking-DDM (Dynamic data masking-DDM).
Static data desensitization (SDM): the method is generally used in a non-production environment, sensitive data are extracted from the production environment and desensitized and then are used in the non-production environment, and the method is commonly used for databases of non-production systems such as training, analysis, testing, development and the like. The static desensitization output content comprises desensitized files, tables, stock and the like. The standby library service can be used in a business environment with non-real-time task requirements, such as a hospital number calling system.
Dynamic Data Desensitization (DDM): the method is usually used in a production environment, desensitization is carried out immediately when sensitive data is accessed, and the method is generally used for solving the problem that desensitization of different levels is carried out when the same sensitive data needs to be read according to different conditions in the production environment.
The existing dynamic desensitization technology comprises a scheme of rewriting SQL statement dynamic desensitization, and the principle is as follows: when an application program, a maintenance tool and a development tool request to pass dynamic Data Desensitization (DDM), the requested SQL statements are screened in real time, and the SQL statements are rewritten to shield sensitive data according to user roles, authority and other desensitization rules. The SQL-modifying statement dynamic desensitization system is logically and serially deployed, can be physically and serially deployed, and can also be deployed in a bypass manner through reverse proxy, route drainage and the like. The original application system is directly connected with the database, in order to realize data desensitization processing, an SQL data connection request of the application system is forwarded to a desensitization agent system, an SQL statement is forwarded to a database server after the request is analyzed and modified by a dynamic desensitization system, and data returned by the database server is returned to the application server by the desensitization system after passing through the dynamic desensitization system. FIG. 1 is a schematic diagram of dynamic desensitization of adapted SQL statements. In the desensitization mode, when the SQL statement is rewritten, the length of the SQL statement is changed, so that the prior database protocol and the prior transmission protocol cannot be adapted, corresponding changes are required, the rewriting difficulty is high, and the application is limited.
The existing dynamic desensitization technology also includes a scheme for directly modifying the returned result of the database, as shown in fig. 2, the desensitization scheme for directly modifying the returned result of the database is to directly modify the returned result of the database server according to a dynamic desensitization rule, and reconstruct the returned database data to realize dynamic desensitization. The dynamic desensitization mode also requires a complete mastery of the database protocol, and because the commercial database protocol is not open, the large-scale database protocol support is unrealistic, and a source database such as Mysql, PostgreSQL can be opened theoretically. However, this approach entails parsing the return database data and repackaging the return data based on the desensitization results. After data desensitization, the length of returned data changes certainly, and the real mass data of database users are involved, and the tracking of data length change is not possible at all, and can not be realized by a packet processing gateway at all, and only an application proxy gateway can be started. The application proxy gateway directly processes the data returned by the database, has much larger load than the 'SQL sentence dynamic rewriting', seriously reduces the performance, and has all the defects of the 'SQL sentence dynamic rewriting'.
The existing dynamic desensitization technology also comprises a scheme of dynamic desensitization of a middleware program, which comprises the following two modes: when the data source is output through the middleware, the result is converted and removed, as shown in fig. 3; dynamic desensitization is performed by replacing the middleware containing dynamic rewrite SQL statements, as shown in FIG. 4. The business application submits the SQL statement to the middleware, the middleware rewrites the SQL statement according to the strategy, and then the SQL statement is executed to a real database through the middleware such as JDBC \ ODBC and the like, so that desensitization is realized. The dynamic desensitization scheme of the middleware program is different from the dynamic desensitization scheme of rewriting SQL statements, the dynamic desensitization scheme of the middleware program is to rewrite statements in a statement submitting link, SQL statements transmitted by a database network are unchanged, the dynamic desensitization scheme of the SQL statements is rewritten, and a database protocol is changed on the network. The dynamic desensitization scheme of the middleware program requires that a database client supports a middleware connection mode, is usually used in a business application scene, does not support third-party application connected by the middleware, and cannot use the dynamic desensitization mode. The dynamic desensitization scheme of the middleware program is essentially to modify database client software, construct application by using the database middleware supporting dynamic desensitization, and realize real-time desensitization of the database aiming at services and operation and maintenance. The disadvantages are as follows: for applications that do not support middleware connectivity and for third party database clients that already exist, dynamic desensitization cannot be supported.
The existing dynamic desensitization technology also comprises a scheme of utilizing a newly created user to cooperate with view dynamic desensitization, the scheme completely depends on desensitization users, the newly created desensitization users log in a database and access the configured dynamic desensitization view to realize data desensitization, and any desensitization user who is not newly created cannot access the configured view actively or not displayed to realize dynamic desensitization.
Disclosure of Invention
In view of the above, the present invention provides a method and an apparatus for data dynamic desensitization, which can implement full dynamic data desensitization with high performance, high stability and real time for all types of databases.
In order to achieve the above object, an embodiment of the present invention provides a method for dynamic desensitization of data, including the following steps:
creating a new view with the same name length as the target table or the target view needing desensitization on the target database, wherein the new view comprises a desensitization strategy, and realizing dynamic data desensitization according to the desensitization strategy;
the application gateway dynamically modifies the database application protocol data in the target SQL statement, namely, a target table or a target view which needs desensitization in the target SQL statement is replaced by the created new view, the length of the replaced target SQL statement is ensured to be unchanged, and the modified database application protocol data is forwarded to a target database server to realize dynamic desensitization.
In one embodiment, when a new view is created, it needs to be created according to the requirements and syntax of the target database server.
In one embodiment, when a new view is created, a new view is created for each type of desensitization policy separately for the same target table or target view that needs desensitization, and the new view syntax implements the dynamic desensitization to specific data fields required by the desensitization policy.
In one embodiment, the application gateway comprises a network packet-based security gateway, the network packet-based security gateway replaces a target table or a target view in a target SQL statement with a created new view at a TCP layer, performs TCP check and IP check calculation, and forwards repaired database application protocol data after the check is finished.
In one embodiment, the network packet-based security gateway comprises a network firewall, an IPS, a database firewall and the like, namely, the network packet character replacement-based device realizes that the target table or the target view needing desensitization in the target SQL statement is replaced by the created new view.
In one embodiment, the application gateway comprises an application proxy gateway, and the application proxy gateway replaces the target table or the target view which needs desensitization in the target SQL statement with the created new view, and then directly forwards the modified database application protocol data.
To achieve the above object, an embodiment of the present invention further provides a data dynamic desensitization apparatus, including: creating a module and an application gateway;
the creation module is used for creating a new view with the name length equal to that of a target table or a target view needing desensitization on a target database, the new view comprises a desensitization strategy, and dynamic data desensitization is realized according to the desensitization strategy;
the application gateway is used for dynamically modifying the database application protocol data in the target SQL statement, namely replacing the target table or the target view which needs desensitization in the target SQL statement with the created new view, and ensuring that the length of the target SQL statement is unchanged after replacement; and the server is also used for forwarding the modified database application protocol data to the target database server to realize dynamic desensitization.
In one embodiment, the creation module needs to create the new view according to the requirements and syntax of the target database server.
In one embodiment, when a new view is created, the creation module creates a new view for each type of desensitization policy separately for the same target table or target view that needs desensitization, and the new view syntax implements the dynamic desensitization of the desensitization policy required for a particular data field.
In one embodiment, the application gateway comprises a network packet-based security gateway, the network packet-based security gateway replaces a target table or a target view needing desensitization in a target SQL statement in a TCP layer with a created new view, then performs TCP check and IP check calculation, and forwards repaired database application protocol data after the check is finished;
the application gateway comprises an application proxy gateway, and the application proxy gateway directly forwards the modified database application protocol data after replacing the target table or the target view which needs desensitization in the target SQL statement with the created new view.
Compared with the prior art, the invention has the beneficial effects that at least:
the invention provides a method and a device for dynamic desensitization of data, which firstly create a new view with the same name length as a target table or a target view to be desensitized, and directly replace the target table or the target view in a target SQL statement by using the new view in an application gateway to modify the target SQL statement, so that the length of the modified target SQL statement has no change, thus the method and the device are not limited by any restriction when transmitting database application protocol data, support any database client and sub-version thereof, simultaneously support a business application scene and a database operation and maintenance scene, do not need to change the middleware of the business client and the database, and can realize dynamic real-time desensitization when any database user accesses the database.
In the whole desensitization process, new view creation with equal view name length and view replacement with unchanged target SQL statement length are required to be ensured, and the method has the characteristics of simple theory, easy implementation, high stability, high performance, high burst, high concurrency and low time delay, and completely meets the application requirements of various services.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a schematic diagram of a scheme for dynamic desensitization of rewritten SQL statements;
FIG. 2 is a schematic diagram of a dynamic desensitization scheme that directly modifies database return results;
FIG. 3 is a schematic diagram of a desensitization scheme for de-conversion of results as output by the middleware data source;
FIG. 4 is a schematic diagram of dynamic desensitization by replacing middleware containing dynamic rewrite SQL statements;
FIG. 5 is a flow chart of a method for dynamic desensitization of data provided by an embodiment;
FIG. 6 is a schematic diagram of dynamic data desensitization in a dynamic data desensitization method provided by an embodiment;
fig. 7 is a dynamic desensitization principle implemented by applying a proxy gateway in the data dynamic desensitization method provided by the embodiment;
fig. 8 is a dynamic desensitization principle implemented by an application gateway based on a network packet in the data dynamic desensitization method according to the embodiment;
FIG. 9 is a flow chart of a data dynamic desensitization apparatus provided by an embodiment;
FIG. 10 is a schematic diagram of the security gateway directly rewriting SQL statements in a data packet;
FIG. 11 is a schematic diagram of applying gateway proxy forwarding to dynamically rewrite SQL statements;
fig. 12 is a schematic diagram of the SQL statement dynamically rewritten by the SQL statement level proxy gateway.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the detailed description and specific examples, while indicating the scope of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention.
Aiming at the technical problems of the existing data dynamic desensitization method, the embodiment provides the data dynamic desensitization method, and the data dynamic desensitization with high stability is really realized in full real time by adopting a dynamic SQL statement modification method and combining a target database view technology.
Fig. 5 is a flowchart of a method for dynamic desensitization of data according to an embodiment. Fig. 6 is a schematic diagram of dynamic data desensitization in the dynamic data desensitization method provided by the embodiment. As shown in fig. 5 and fig. 6, the embodiment provides a method for dynamic desensitization of data, which includes the following steps:
At present, the mainstream database supports view creation, and the view basically has no influence on the security and performance of a database server, and is a main technology for grading and protecting the privacy of the database at present. Based on the method, a new view corresponding to the target table or the target view which needs desensitization of the target database is created on the target database according to a desensitization strategy), and the name character length of the created new view is required to be the same as the name length of the table (or view) which needs desensitization, so that the SQL statement length is not changed when view replacement is carried out.
In the embodiment, when a new view is created, the new view needs to be created according to the requirements and syntax of the target database server. For example, for the ORACLE database, new view names are uniformly created with upper case english letters.
In the embodiment, when a new view is created, a new view is created for each type of desensitization strategy separately for the same target table or target view needing desensitization, namely different desensitization strategies, and different random new views with the same name and length as those of the target table or target view are created to meet the flexible dynamic desensitization requirement. The new view syntax created implements the dynamic desensitization to a particular data field required by the desensitization policy.
And 2, dynamically modifying the database application protocol data in the target SQL statement by the application gateway, namely replacing the target table or the target view which needs desensitization in the target SQL statement with the created new view, ensuring that the length of the target SQL statement is unchanged after replacement, and forwarding the modified database application protocol data to a target database server to realize dynamic desensitization.
After the new view is created, the application gateway adopts a mode of dynamically modifying the target SQL statement, dynamically replaces the target table or the target view name in the target SQL statement by the created new view, and ensures that the length of the target SQL statement cannot be changed, so that the program implementation mode is flexible, the program implementation is simple, the program stability is improved, and the program performance is hardly influenced. And then forwarding the modified database protocol data to a target database server to realize dynamic desensitization.
In the embodiment, the application gateway is developed simply and is used for forwarding the database application protocol data, and the application gateway may be an application proxy gateway, in which case, as shown in fig. 7, after the application proxy gateway replaces the target table or the target view in the target SQL statement, which needs to be desensitized, with the created new view, the dynamic desensitization of the data can be implemented by directly forwarding the modified database application protocol data without any processing.
In this case, as shown in fig. 8, the security gateway based on the network packet replaces the target table or the target view in the target SQL statement with the created new view at the TCP layer, performs TCP check and IP check calculation, and after the check is completed, forwards the repaired database application protocol data, so as to implement dynamic data desensitization. The network packet-based security gateway comprises a network firewall, an IPS (intrusion prevention system), a database firewall and the like, namely, the network packet character replacement-based device realizes the replacement of a target table or a target view needing desensitization in a target SQL (structured query language) statement into a created new view.
As shown in fig. 9, the embodiment further provides a data dynamic desensitization apparatus, which includes a creation module 610 and an application gateway 620; the creating module 610 is configured to create a new view on the target database, where the new view has a name length equal to that of a target table or a target view that needs desensitization, and the new view includes a desensitization policy, where dynamic data desensitization is implemented according to the desensitization policy; the application gateway 620 is used for dynamically modifying the database application protocol data in the target SQL statement, that is, the target table or the target view in the target SQL statement that needs desensitization is replaced with the created new view, so as to ensure that the length of the target SQL statement is unchanged after replacement; and the server is also used for forwarding the modified database application protocol data to the target database server to realize dynamic desensitization.
When a new view is created, the creation module needs to create according to the requirement and grammar of a target database server; aiming at the same target table or target view needing desensitization, a new view is independently created for each type of desensitization strategy, and the new view syntax realizes the dynamic desensitization of the desensitization strategy on specific data fields.
The application gateway in the data dynamic desensitization device can be a security gateway based on a network packet, the security gateway based on the network packet replaces a target table or a target view which needs desensitization in a target SQL statement in a TCP layer with a created new view, then TCP verification and IP verification calculation are carried out, and after the verification is finished, repaired database application protocol data is forwarded; the method can also be an application proxy gateway, and the application proxy gateway directly forwards the modified database application protocol data after replacing a target table or a target view which needs desensitization in a target SQL statement with a created new view.
It should be noted that, when performing dynamic data desensitization, the data dynamic desensitization apparatus provided in the foregoing embodiment should be exemplified by the division of the above functional modules, and the above function allocation may be completed by different functional modules according to needs, so as to complete all or part of the above described functions. In addition, the data dynamic desensitization device provided by the above embodiment and the data dynamic desensitization method embodiment belong to the same concept, and specific implementation processes thereof are detailed in the data dynamic desensitization method embodiment and are not described herein again.
According to the method and the device for dynamic desensitization of data, provided by the embodiment, the operation on the target table or the target view in the target SQL statement is transparently transferred to the operation on the created new view by replacing the target table or the target view in the target SQL statement; the new view is created to implement the required dynamic desensitization logic. The created new view name has the same length as the target table or the target view name, and the application gateway or the network data packet processing gateway, namely the dynamic desensitization gateway, of the 'dynamic modification of the database application protocol data stream containing the SQL statement' can be simply, conveniently, efficiently and stably realized without destroying the protocol encapsulation related to the length of the database application protocol SQL statement and the length-related field in the network transmission TCP/IP protocol.
The following compares the dynamic data desensitization method and apparatus provided in the embodiment with the existing dynamic desensitization scheme, so as to highlight the technical effects of the dynamic data desensitization method and apparatus provided in the embodiment:
1. compared with the existing dynamic desensitization scheme of rewriting SQL statements
The existing implementation mode of rewriting the SQL statement dynamic desensitization scheme comprises the following steps: (1) directly rewriting the network packet; (2) the application agent program is used for realizing data forwarding, and the application data is rewritten in the data forwarding process, so that domestic database security companies generally adopt the method to realize a dynamic desensitization system; (3) and realizing SQL-level proxy, rewriting each SQL statement, initiating new connection aiming at a target database, and realizing SQL request dynamic desensitization, wherein the foreign information dynamic desensitization system and the open source software MyCAT dynamic desensitization module adopt the mode to realize dynamic desensitization. The three modes can realize dynamic desensitization treatment aiming at business application and operation and maintenance without installing software on a database server and an application server.
The desensitization scheme for directly rewriting the SQL statement in the data packet by the security gateway based on network packet processing as shown in fig. 10 has the following disadvantages: the direct rewriting of SQL statements by network packets is very difficult to implement, not only needs to thoroughly understand and decode various database protocols and their branch versions, but also needs to keep the connection and track the change of TCP and IP protocol parts of network packets during implementation. After the SQL statements are rewritten, the length of the SQL statements changes, not only the protocol data part of the database needs to be recalculated, but also the TCP layer and the IP layer which bear the database data need to be correspondingly changed and tracked, typically, the tracking and modification of the SEQ and ACK fields of the TCP protocol are carried out. And (4) carrying out corresponding SEQ and ACK modification on all subsequent bidirectional data packets connected with the SQL each time the SQL statement is rewritten, and sequentially superposing the revisions for many times. The dynamic desensitization system for rewriting SQL sentences has a simple principle, but is extremely complex to implement, basically belongs to an unrealizable mode due to the diversity and complexity of database protocols, and does not have a dynamic desensitization system implemented by the mode in the market at present.
The desensitization scheme for dynamically rewriting SQL statements for proxy forwarding by using a gateway shown in fig. 11 is to introduce a proxy server between a database client and a server, where the database client establishes a database connection with the proxy server first, and the proxy server establishes a connection with a real database server, and then the proxy server forwards data between the client and the server, rewrites SQL statement requests of the client in the data forwarding process, and then reassembles database protocol data according to a database protocol, and sends the data to the real database server for desensitization. The dynamic desensitization realized in this way has the following disadvantages due to the adopted application proxy mechanism: (1) rewriting SQL sentences can still cause the length of the SQL sentences to change, the data of the database protocol is difficult to recombine, and various database protocols and sub-versions thereof must be compatible and are difficult to realize. Therefore, the domestic database security manufacturers can only aim at a few databases, such as Oracle and SQL Server, even can only aim at a specific sub-version of a specific database, and the rest of the databases are not supported by the dynamic desensitization system adopting the implementation mode. (2) Due to the adoption of the application proxy technology, the concurrency and burst performance are low, and the service application requirement of low time delay is difficult to support. The application proxy technology generally has 2 implementation modes, one mode is a multi-process mode aiming at each connection, namely, each database connection derives a process, and then the process is connected with a real database; the other mode is a single-process multi-connection mode, a limited process of the proxy server processes massive connection, and a single process processes multi-connection proxy forwarding. In the single-connection single-process implementation mode, because each connection needs to derive a process additionally and establish connection with a real database, the connection establishment is slow, and a large scene of burst connection is difficult to support, and because each connection is a process, service application with large concurrent connection is difficult to support. Domestic manufacturers basically adopt the method to realize dynamic desensitization, and due to the limitation of a technical route, the method is commonly used for operation and maintenance dynamic desensitization and cannot be applied to the dynamic desensitization requirement of business. The single-process multi-connection proxy forwarding has high development difficulty, if a certain connection is abnormal, normal proxy forwarding of other connections is easily influenced, the stability is poor, single-point faults are easily formed, and large-area disasters are caused.
The implementation of SQL statement level proxy dynamic desensitization shown in fig. 12 is similar to the application proxy dynamic desensitization system, and a proxy server is established between the database client and the server. The different points are that the SQL statement level proxy dynamic desensitization system proxy server must completely imitate a real database server and completely support various database protocols, the real interactive object of the database client is the proxy server, the proxy server starts to establish connection with a target database server after receiving the SQL statement, submits a request, acquires request data, disconnects the connection with the real database, and packages the data protocol and sends the data protocol to the real database client. The difficulty of this approach is: the supported protocol is realized by adopting the mode, because the database protocols are all invented and monopolized abroad, the commercial database support is basically impossible, and the foreign information has the convenience of the database protocols. Domestic manufacturers only open a source database such as Mysql and PostgreSQL can be realized by adopting the method, and a database protocol can be completely simulated. The open source MyCAT dynamic desensitization module is implemented in this manner.
Compared with the above dynamic desensitization scheme of rewriting the SQL statement, the dynamic desensitization method and apparatus for data provided by the embodiment only rewrite the target table or target view name in the SQL statement, and the desensitization logic is implemented in the replaced new view; and the rewriting SQL statement mode dynamic desensitization scheme rewrites fields outside the non-target table or target view name, and desensitization logic is implemented in the SQL statement. Because the embodiment utilizes the new view name to have the same length as the target table of the target database in the SQL statement or the target view name, and the length of the replaced SQL statement is not changed, the embodiment does not need any database protocol detail processing and protocol adaptation, can widely support various databases and sub-versions thereof, and has no compatibility and stability problems.
2. Contrast to existing dynamic desensitization schemes with newly created user-coordinated views
Dynamic desensitization can also be achieved with the newly created user-coordinated view dynamic desensitization scheme. The logic focus of the scheme is to configure a dynamic desensitization view for a newly created user, log in a database by the newly created user, and access the configured view, so that the dynamic desensitization of the database data can be realized. The dynamic desensitization technology of CN109815742A application belongs to such dynamic desensitization scheme. The technical scheme adopts a view, a flexible and convenient desensitization function and desensitization strategy can be constructed according to data to be desensitized, and the key point of the technical scheme is also on how to construct the flexible desensitization function and desensitization strategy by using the existing data. The method has the defects that dynamic desensitization completely depends on desensitization users, newly created desensitization users log in a database and access configured dynamic desensitization views, data desensitization can be realized, and any desensitization user who is not newly created cannot access the configured views actively or not displayed and cannot realize dynamic desensitization. In production practice, a business account preset by a business system is generally not changeable, and a table or a view accessed by the business system is written well during development; database operation and maintenance users generally do not actively access the desensitization view. The dynamic desensitization device produced by the principle can be used for a newly developed service system needing dynamic desensitization, and directly accesses the set dynamic desensitization view in the development process to realize dynamic desensitization of production data, so that the adaptive scene is limited. The biggest disadvantage of the technical scheme is that the access client needs to be reformed or redeveloped, a newly-created desensitization user is forced to be built in, and a newly-built desensitization view is forced to be accessed. The existing service system is not modified and has no desensitization effect; for the operation and maintenance of the database, a newly created desensitization user is forced to be used, access to a sensitive table is limited in an account security (password confidentiality) mode, dynamic desensitization of sensitive data is realized in a mode of forcing access to a newly created desensitization view only, and for any non-newly created database user and any service account, no desensitization effect exists in the database operation and maintenance practice.
In a word, the newly created user is utilized to cooperate with the view dynamic desensitization scheme to completely depend on the newly created desensitization user and the authority limit thereof, the desensitization view is created to realize dynamic desensitization logic under the newly created desensitization user, and the data dynamic desensitization method and the data dynamic desensitization device provided by the invention are not dependent on any specific user.
Utilizing a direct access desensitization view which must be displayed by a newly created user in cooperation with a view dynamic desensitization scheme, wherein a business system depends on a view which must be used for realizing dynamic desensitization logic during development, and a newly created user password and the permission control of a newly created user must be relied on in database operation and maintenance; in the method and the device for dynamic desensitization of data provided by the invention, the terminal user and the service client do not know the existence of the desensitization view, access users, client software, deployment modes and the like at all, and do not need to be changed.
According to the desensitization device produced by utilizing the newly created user to cooperate with the view dynamic desensitization scheme, the database client software is directly connected with the database server, and the database access data flow does not flow through the desensitization device.
The technical solutions and advantages of the present invention have been described in detail in the foregoing detailed description, and it should be understood that the above description is only the most preferred embodiment of the present invention, and is not intended to limit the present invention, and any modifications, additions, and equivalents made within the scope of the principles of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method of dynamic desensitization of data, comprising the steps of:
creating a new view with the same name length as the target table or the target view needing desensitization on the target database, wherein the new view comprises a desensitization strategy, and realizing dynamic data desensitization according to the desensitization strategy;
the application gateway dynamically modifies the database application protocol data containing the target SQL statement, namely, a target table or a target view which needs desensitization in the target SQL statement is replaced by the created new view, the length of the replaced target SQL statement is ensured to be unchanged, and the modified database application protocol data is forwarded to a target database server to realize dynamic desensitization.
2. The method of dynamic desensitization of data according to claim 1, wherein new views are created according to the requirements and syntax of the target database server.
3. The method for dynamic desensitization of data according to claim 1, characterized in that when creating a new view, for the same target table or target view that needs desensitization, a new view is created separately for each type of desensitization policy, and the new view syntax implements the dynamic desensitization of the desensitization policy required for a specific data field.
4. The method according to claim 1, wherein the application gateway comprises a network packet-based security gateway, the network packet-based security gateway performs TCP check and IP check calculation after replacing a target table or a target view in a target SQL statement with a created new view at a TCP layer, and forwards repaired database application protocol data after the check is finished.
5. The method of claim 4, wherein the network packet-based security gateway comprises a network firewall, an IPS, and a database firewall, that is, the network packet character replacement-based devices implement replacing the target table or target view in the target SQL statement requiring desensitization with the created new view.
6. The method according to claim 1, wherein the application gateway comprises an application proxy gateway, and the application proxy gateway replaces the target table or the target view in the target SQL statement that needs desensitization with the created new view, and then directly forwards the modified database application protocol data.
7. A device for dynamic desensitization of data, comprising: creating a module and an application gateway;
the creation module is used for creating a new view with the name length equal to that of a target table or a target view needing desensitization on a target database, the new view comprises a desensitization strategy, and dynamic data desensitization is realized according to the desensitization strategy;
the application gateway is used for dynamically modifying the database application protocol data in the target SQL statement, namely replacing the target table or the target view which needs desensitization in the target SQL statement with the created new view, and ensuring that the length of the target SQL statement is unchanged after replacement; and the method is also used for forwarding the modified database application protocol data to a target database server to realize dynamic desensitization.
8. The device for dynamic desensitization of data according to claim 7, wherein said creation module creates new views according to the requirements and syntax of the target database server.
9. The apparatus according to claim 7, wherein the creating module creates a new view for each desensitization policy separately for the same target table or target view that needs desensitization when creating a new view, and the new view implements dynamic desensitization of specific data fields required by the desensitization policy.
10. The dynamic data desensitization device according to claim 7, wherein the application-oriented gateway includes a network packet-based security gateway, the network packet-based security gateway replaces a target table or a target view in a target SQL statement with a created new view at a TCP layer, performs TCP check and IP check calculation, and forwards repaired database application protocol data after the check is completed;
the application gateway comprises an application proxy gateway, and after replacing a target table or a target view needing desensitization in a target SQL statement by the created new view, the application proxy gateway directly forwards the modified database application protocol data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210593179.0A CN114925400B (en) | 2022-05-27 | Dynamic data desensitization method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210593179.0A CN114925400B (en) | 2022-05-27 | Dynamic data desensitization method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114925400A true CN114925400A (en) | 2022-08-19 |
| CN114925400B CN114925400B (en) | 2024-05-14 |
Family
ID=
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117194389A (en) * | 2023-11-08 | 2023-12-08 | 山东省国土空间数据和遥感技术研究院(山东省海域动态监视监测中心) | SQL-based database compatibility method and device, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007038509A2 (en) * | 2005-09-26 | 2007-04-05 | Ingrian Networks, Inc. | System and method for protecting sensitive data |
| CN109426725A (en) * | 2017-08-22 | 2019-03-05 | 中兴通讯股份有限公司 | Data desensitization method, equipment and computer readable storage medium |
| CN109815742A (en) * | 2019-02-22 | 2019-05-28 | 蔷薇智慧科技有限公司 | Data desensitization method and device |
| CN113535754A (en) * | 2021-07-27 | 2021-10-22 | 杭州海康威视数字技术股份有限公司 | Data access method, device and system |
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007038509A2 (en) * | 2005-09-26 | 2007-04-05 | Ingrian Networks, Inc. | System and method for protecting sensitive data |
| CN109426725A (en) * | 2017-08-22 | 2019-03-05 | 中兴通讯股份有限公司 | Data desensitization method, equipment and computer readable storage medium |
| CN109815742A (en) * | 2019-02-22 | 2019-05-28 | 蔷薇智慧科技有限公司 | Data desensitization method and device |
| CN113535754A (en) * | 2021-07-27 | 2021-10-22 | 杭州海康威视数字技术股份有限公司 | Data access method, device and system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117194389A (en) * | 2023-11-08 | 2023-12-08 | 山东省国土空间数据和遥感技术研究院(山东省海域动态监视监测中心) | SQL-based database compatibility method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11392586B2 (en) | Data protection method and device and storage medium | |
| US20200226140A1 (en) | Modified representational state transfer (rest) application programming interface (api) including a customized graphql framework | |
| US9672140B1 (en) | Processing special requests at dedicated application containers | |
| US7734687B2 (en) | Environment service architectures for netcentric computing systems | |
| US6665674B1 (en) | Framework for open directory operation extensibility | |
| US20090048997A1 (en) | Method and apparatus for rule-based masking of data | |
| US20150150094A1 (en) | Security for debugging of database sessions | |
| CN104219080B (en) | A kind of website faulty page log recording method | |
| US9336407B2 (en) | Dynamic data masking system and method | |
| US10686821B2 (en) | Analysis of mobile applications | |
| EP3364631A1 (en) | Dynamic orchestration of microservices | |
| CN115309566B (en) | Dynamic management method and system for service interface | |
| CN110602043A (en) | API gateway implementation system and method for mobile application | |
| US20190073600A1 (en) | Skipping maintenance mode of applications | |
| US20110154364A1 (en) | Security system to protect system services based on user defined policies | |
| US10540255B2 (en) | Staged refinement for static analysis | |
| CN113901073A (en) | Data processing method, device and storage medium | |
| CN107491700B (en) | Data access method and equipment | |
| CN103957173B (en) | semantic switch | |
| CN114925400A (en) | Data dynamic desensitization method and device | |
| US10678774B2 (en) | Generating source code for creating database triggers | |
| CN114925400B (en) | Dynamic data desensitization method and device | |
| CN112039869B (en) | Method, device, storage medium and equipment for establishing network access relationship | |
| CN104767808B (en) | A kind of WEB Proxy Method based on support AJAX | |
| KR100463837B1 (en) | Method and apparatus for extracting an enterprise beans from servlet source code |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |