KR101963153B1 - A DB access control system based on banned-word by using the parser, for enhancing security of personal information - Google Patents

Abstract

The present invention relates to a DB-based DB access control system using a parser for analyzing a query requested using a parser and accurately extracting the intent of the analyzed query, A relay module for extracting a query statement from a packet transmitted from the user terminal and relaying a result of a statement or a server input between the user terminal and the DB server; A column extracting unit for receiving a query message from the relay module and extracting a column name; And an abnormality determination unit for storing an authorization list composed of a column name and determining whether or not the extracted query is an inquiry query according to whether or not the extracted column name is present in the authorization list. And transmits an instruction to transmit or block the query query to the relay module.
According to the DB server access control system as described above, the intention of the data request can be accurately analyzed by analyzing the data request of the DB in a query unit, and security can be enhanced by controlling data based on the analysis result.

Description

A DB access control system based on a parser using a parser for enhancing personal information security [

The present invention is intended to enhance the security of the main DB managed by the institution using the DB (database) access control technology of the gateway system. The remote access to the data of the main DB of the institution is performed by the authentication Based DB access control system using a parser.

Particularly, the present invention analyzes a query requested by a parser for a DB access request, accurately extracts the intention of the analyzed query, and determines whether or not to allow the corresponding DB access request. ≪ / RTI >

In general, the command control technology of the DB access control system analyzes a packet passing through an access control gateway (gateway) server, extracts a command inputted by the user, and displays a list of prohibited commands which may be a threat to security applied to the user If it is in the list, the command is discarded without being transmitted to the server. Through this, security for the server is strengthened [Patent Document 1].

As shown in FIG. 1, according to the related art, a DB access control system accumulates a query (a query for requesting DB data) input by a user in a gateway. When the user executes the query, the DB access control system compares the accumulated command string with the prohibited command list applied to the user to determine whether or not the DB access control system is authorized. If some of the entered command strings are included in the prohibited command list, the command (or string) is blocked. That is, the user connects remotely to the DB server via the DB access control system, inputs the query, and determines whether or not the query is executed. For this purpose, it is judged whether or not to prohibit through comparison with the prohibited string policy applied to the accumulated query.

In addition, in order to increase the accuracy of whether or not the command inputted by the user is accurate, a prohibition command which may pose security is registered in the form of a regular expression. Thus, it is possible to detect a case where a command character inputted by a user is included in a predetermined rule, and to support more accurate detection. That is, the client receives the value from the DB server and interprets the value, and if it is included in the string list through string comparison or regular expression comparison, it is blocked.

However, the query used by the user in the DB server is one language, and there may be various ways of expressing the same result. Therefore, it is a serious security issue to simply detect prohibited data by regular expressions for a character string or a string, without fundamentally analyzing the language (or query statement) according to the characteristics of the query query requesting the DB. That is, the prior art can not accurately handle identification and authorization of a query expressed in the form of a language. And, using the problems of the prior art, a method by which the user can bypass can be provided.

Therefore, there is a need for a technique capable of analyzing a query requesting data from a conventional method, particularly, determining which data the query is trying to access accurately, and determining whether the command or query is authorized.

Korean Registered Patent No. 10-1143847 (Announcement of May 10, 2012)

The object of the present invention is to solve the above-mentioned problems, and it is an object of the present invention to provide a DB-based DB access control technique using a gateway, Control system.

In particular, it is an object of the present invention to analyze a query of a data request requested using a parser for a DB access request, to detect a table and a column (or a field) to be accessed by the analyzed query, Based DB access control system using a parser.

In order to achieve the above object, the present invention relates to a DB-based DB access control system using a parser and installed as a gateway on a network between a user terminal and a DB server and a network between the user terminal and the DB server, A relay module for extracting a query statement from a packet transmitted from the user terminal and relaying a result of a statement or a server input between the user terminal and the DB server; A column extracting unit for receiving a query message from the relay module and extracting a column name; And an abnormality determination unit for storing an authorization list composed of a column name and determining whether or not the extracted query is an inquiry query according to whether or not the extracted column name is present in the authorization list. And transmits a command to transmit or block the query query to the relay module.

Further, the present invention is characterized in that, in a DB-based DB access control system using a parser, the column name is an absolute name including a table name.

In the DB access control system using a parser, the column extracting unit collects the reference items of the SELECT clause as column names in the query statement, and when there is no table name in the reference item, the reference table of the FROM clause And a table name.

According to another aspect of the present invention, there is provided a system and method for controlling access to a DB based DB using a parser, wherein the column extracting unit collects column names of reference items of a SELECT clause in the query statement, If the reference table in the FROM clause is an alias, the original table name of the alias is set as the table name of the column.

According to another aspect of the present invention, there is provided a system and method for controlling a DB access control system using a parser, the method comprising: extracting a token from a query statement and generating a tree structure of tokens using a query statement parser; The query statement parser includes a lexical analyzer for separating the tokens by dividing the query statement into words, and a lexical analyzer for analyzing the syntax to determine a structural relationship between the tokens The parser separates the tokens into a list of tokens in a query statement, and the parser generates the list of the tokens in a tree structure. The structure of the tree structure is divided into a table and a column structure Of the tree.

According to another aspect of the present invention, there is provided a DB-based DB access control system using a parser, wherein the abnormality determination unit includes the authorization list as an invisible list, and if at least one of the extracted column names exists in the invisible list, Or more.

In addition, the present invention is characterized in that, in a DB control system based on a bimonthly language using a parser, when the DB server includes a plurality of databases, the table name includes a database name.

As described above, according to the bimonthly-based DB access control system using the parser according to the present invention, the intent of the data request can be accurately analyzed by analyzing the data request of the DB in a query unit, So that the security can be enhanced.

In addition, according to the DB-based DB access control system using the parser according to the present invention, by analyzing which column of a table (or field) a query for requesting data of a DB ultimately accesses, So that the security can be further strengthened.

1 is a view for explaining the operation of a DB access control system according to the prior art;
2 is a block diagram of an overall system for implementing the present invention;
3 is an illustration of a query statement according to an embodiment of the present invention.
FIG. 4 is a block diagram of a configuration of a bicyclist-based DB access control system using a parser for enhancing security according to an embodiment of the present invention; FIG.
5 is a block diagram of a configuration of a query statement parser according to an embodiment of the present invention;
6 is a lexical analysis diagram of a query query according to an embodiment of the present invention.
7 is a tree structure diagram of a query statement column according to an embodiment of the present invention;
FIG. 8 is a flowchart illustrating a query authorization method of a DB access control system according to an embodiment of the present invention; FIG.
9 is a flowchart illustrating a query validation process using query parsing according to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the drawings.

In the description of the present invention, the same parts are denoted by the same reference numerals, and repetitive description thereof will be omitted.

First, examples of the configuration of the entire system for implementing the present invention will be described with reference to FIG.

2, the overall system for implementing the present invention includes a user terminal 10, a DB server 40, and an access control system (DB) 40 serving as a gateway between the user terminal 10 and the DB server 40 (30). Also, the user terminal 10 and the DB server 40 are connected through a network (not shown).

The user terminal 10 is a computing terminal used by a user, such as a PC, a notebook, a smart phone, or a tablet PC. Also, the user terminal 10 accesses the DB server 40 through a database (DB) connection protocol and performs an operation through a DB connection protocol installed in the DB server 40. [

At this time, the user terminal 10 transmits a command including the query statement to the DB server 40, and as a result, receives data (or a data set) from the DB server 40. [ At this time, the query statement is transmitted or received in the form of a text or a string.

Next, the DB server 40 receives a DB statement (a statement including a query statement) through a network (not shown) from the user terminal 10, executes a command (or a query statement) of the corresponding statement, (Or a data set) to the user terminal 10.

Specifically, the DB server 40 includes a normal DBMS (database management system) for managing data, and performs operations such as data storage, deletion, and search through queries (or query statements). In particular, the DB server 40 has a commercially available database and performs a data query service using a general query function for processing data. That is, a query is defined or set by a DB table and reference items (fields, columns, etc.) for the corresponding DB table.

Next, the access control system 30 is a gateway installed on a network (not shown) between the user terminal 10 and the DB server 40 to relay between the user terminal 10 and the DB server 40 .

That is, the access control system 30 receives a command received from the user terminal 10, transfers the received command to the DB server 40, receives the result from the DB server 40, and transfers the received result to the user terminal 10. At this time, the statement includes a query statement for performing operations such as referencing, deleting, and updating data in the database.

At this time, the access control system 30 analyzes a statement or a query sent from the user terminal 10 to determine whether to block the query in the corresponding statement. In other words, the DB server 40 transmits or blocks the corresponding statement or query statement in accordance with the decision of blocking or not.

That is, the access control system 30 analyzes the query inputted by the user when determining whether or not the query is executed. For this purpose, the access control system 30 extracts which column of the final table is to be accessed through a query check operation through communication and analysis defined with the server. The final query analysis task that the user intended can block the execution of query bypassing by malicious user's query transformation.

Next, a query statement to be analyzed according to an embodiment of the present invention will be described with reference to FIG.

A query or query statement is a data manipulation language that describes a query or request that occurs when retrieving (referencing), updating, or deleting data stored in a database. In a database, a query acts as a kind of command. It is expressed in the form of structured query language (SQL) of the relational database, but may be expressed in a form other than SQL in some cases.

As shown in FIG. 3, the SQL query (or query statement) consists of a SELECT clause, a FROM clause, a WHERE clause (condition clause), a GROUP BY clause (group clause), and an ORDER BY clause (clause clause). A SELECT clause is a clause that defines the fields / columns of a data table that you want to reference (update, delete, etc.). A SELECT clause is a clause that defines the table from which data is to be retrieved. The SELECT clause also defines joins between tables when joining at least two tables. Also, a where clause is a clause that defines a condition. And a group by or order by clause is a clause that defines an aggregate or display form.

Next, if you analyze the query against string only, you might see a query or other query that yields similar results:

First, it depends on space or line breaks.

[Query # 1] SELECT * FROM EMPLOYEE;

[Query # 2] SELECT * FROM EMPLOYEE;

Next, it depends on the uppercase and lowercase letters.

[Query # 1] SELECT * FROM EMPLOYEE;

[Query # 2] SELECT * FROM EMPLOYEE;

Next, it is changed by a comment.

[Query # 1] SELECT * FROM EMPLOYEE;

[Query # 2] SELECT / * Comment * / * FROM EMPLOYEE;

Next, it depends on specifying the owner (owner or database name) to which the table belongs.

[Query # 1] SELECT * FROM EMPLOYEE;

[Query # 2] SELECT * FROM HR.EMPLOYEE;

Next, it depends on the use of the optimizer hint.

[Query # 1] SELECT * FROM EMPLOYEE;

[Query # 2] SELECT / * + INDEX (A JUMINBUNHO_PK) * / * FROM EMPLOYEE A;

In the first case, usually only a certain amount of data is fetched from the DB server, but the two queries take all the data at once and express it. In other words, the hint "JUMINBUNHO_PK" means "I recommend using JUMINBUNHO_PK index when processing data," which is a hint to the optimizer. In this case, there can be an index name including a prohibited instruction in the part where the hint is used. In this case, there is a possibility that a related query may be falsified.

For reference, the optimizer performs functions to process data more efficiently (faster) internally when fetching data from the DB server according to the SQL statement. For example, the case where data is fetched by referring to two DB tables will be described as follows.

[Query statement example]

SELECT B.DNAME, A.EMPBUNHO, A.ENAME, A.SEL

FROM EMPLOYEEE, DEPARTMENT B

WHERE A.DEPTNO = B.DEPTNO

In the above example, the DBMS comes with data to process (1) access the employee data after putting the data of the department table into memory, (2) put the data of the department table into memory, (3) access to the department table after putting the data of the employee table in the memory, (4) uploading the data of the employee table to the memory, and thereafter the index (department number) of the department, And then access the department table.

In this way, if the number of cases is up to the number of cases, the DBMS optimizer can select one of the above cases and process it do. In fact, when you create and use SQL, you connect a larger number of tables, and the DBMS optimizer chooses the fastest method in many cases. At this time, the user can recommend to the DBMS how to access the table first through the hint (or optimizer hint) and how to access the table.

Next, it depends on the conditional comparison value.

SELECT * FROM EMPLOYEE WHERE LOGIN_ID = 'tommy';

SELECT * FROM EMPLOYEE WHERE LOGIN_ID = 'karajan';

SELECT * FROM EMPLOYEE WHERE LOGIN_ID = 'javaking';

Next, we explain concrete cases in which a query is analyzed against a string only and detection becomes impossible, which is a serious security problem.

First, they have different tables or the same column names. In other words, when a user accesses a DB and enters a query, it uses only the pattern for the column name in the query. In this case, since the column names are the same even though they are different data in other tables, accurate judgment can not be made.

For example, the following two queries all reference the column (column name) of "LoginID", but they refer to different tables for "Customer" and "Employee", respectively.

[Query # 1] select LoginID from Customer

[Query # 2] select LoginID from Employee

Next, you can not control columns that start with the same column name in another table. That is, when the user accesses the DB and inputs a query, it uses only the pattern for the column name. In this case, judging is impossible if only the starting string is the same.

In other words, when you name tables and columns in most cases, you create categories that are easy to guess, and expand them to name each one. Thus, the names of columns related to "user" can be set as "user number", "user name", "user creation date", and the like. In this case, you can not create a forbidden string with a string that starts with "user" because all "starting strings" are "users".

Next, use special characters such as "*" or a wild character. In particular, you might want to use "*" to access the entire data. In this case, you can access the entire table when you execute "*" on the column part. However, according to the prior art, there is no way to control this.

For example, the following query is a query that references all the columns (or fields) in the Customer table. Therefore, even if a column (column name) is prohibited in the table Customer, the corresponding column reference behavior can not be detected by string pattern matching.

[Query # 1] select * from Customer

Finally, you want to access data using aliases in queries. In this case, too, there is no way to control it because it is accessed through an alias, not a column name.

For example, the case where only "resident registration number" is controlled by a prohibited string is explained. At this time, there may exist columns such as "date of creation of resident registration number" and "date of revocation of resident registration number". Therefore, it is prohibited to use "resident registration number" or "resident registration number" It can be set to a string.

In this case, however, you can avoid this by creating a query like this:

[Example Query]

SELECT "hack" FROM (SELECT resident number || user AS "hack" FROM user)

As described above, it is possible to attach a character after the string of "resident number " and to bypass the preceding prohibited string control in conjunction with the function or the like.

All four of the above cases are very serious security vulnerabilities. That is, a gateway-based DB access control system that performs pattern-based string filtering has the above-described security problem. Therefore, since a malicious user can attack such a security vulnerability, a pattern-based string filtering method poses a risk of security incidents.

Next, a bicyclist-based DB access control system using a parser for enhancing security according to an embodiment of the present invention will be described with reference to FIG.

The embodiment of the present invention is performed in a communication environment in which data communication is performed between the user terminal 10, the DB access control system 30, and the management DB server 40. [ In an embodiment, an environment in which a user performs remote access to an authorized management DB server via a DB access control system 30 and performs an operation will be described as an embodiment.

When a user enters a query for a DB server operation, the DB access control system 30 transmits the received query to the DB server 40 and transmits the response of the server to the user again. At this time, the access control system accumulates in the internal memory when the query is executed. The DB access control system suspends transmission of the query input to the DB server, analyzes the accumulated query in the memory, determines whether it is executable according to the assigned rights policy, and determines whether or not the query is transmitted to the DB server.

That is, when the user terminal 10 accesses the DB server 40 via a gateway and generates a query execution event for a job, the DB access control system 30 according to the present invention is configured such that the DB server 40 ), And the gateway module extracts the column of the final table that the user intends through communication with the server. The DB access control system 30 can accurately determine whether the data requested by the user is authorized based on the extracted table column.

On the other hand, the DB access control system 30 can be applied to all DBMSs (Data Base Management System) when remote access is made using a standardized query-based remote access protocol. That is, the DB access control system 30 can perform accurate data control on the query inputted when remotely accessing the DB server 40.

In order to confirm the query inputted by the user, the DB access control system 30 suspends transmission of the query to the DB server 40 to which the DB server 40 is actually connected, . In addition, the DB access control system 30 collects all the table names used in the DB server 40, the column names of the corresponding tables, the entire table names of the DB, the columns of the corresponding tables, and the aliases of the tables and columns do.

4, the server access control system 30 according to the present invention includes an input response transmitting unit 31, a relaying module 33, an equipment response transmitting unit 34, a column extracting unit 35, (36). In addition, it may further comprise a query statement parser 37 and an authorization list DB 38.

It is assumed that the user or the user terminal 10 accesses the specific DB server 40 via the server access control system 30 and performs a task.

The input response transmitting unit 31 receives the input from the user or the user terminal 10 and transfers the received input to the relay module 33 or the response received from the relay module 33 to the user or the user terminal 10 .

The relay module 33 is a module for relaying packets or data by connecting the input response transmitter 31 and the equipment transmitter 34. The relay module 33 includes a query extracting unit 33a for extracting a query statement from the packet and a packet relay unit 33b for relaying the packet or data.

In particular, the query statement extracting unit 33a analyzes the packet received from the user terminal 10 and extracts the query statement. The user terminal 10 forms a TCP / IP protocol session to access the DB server 40 remotely. The user accesses the DB server 40 through a database (DB) connection protocol on a session of the TCP / IP protocol. During one session, the user enters at least one query statement to perform the desired task.

If the query statement extractor 33a extracts the query statement from the packet, it transmits the information about the query statement to the column extractor 35. [ If no abnormality is detected by the abnormality determination unit 36, the packet is relayed through the packet relay unit 33b.

The packet relaying unit 33b relays the packet or data between the input response transmitting unit 31 and the equipment transmitting unit 34. [ At this time, according to the result of the abnormality determination unit 36, the query sentence (or statement) transmitted from the input response transmission unit 31 is transmitted to the DB server 40 through the equipment response transmission unit 34 or blocked.

Next, the column extracting unit 35 extracts column information (or database, table information) to be accessed in the extracted query statement.

At this time, the column information includes a column (or a column name, a column name) and a table (or a table name, a table name) belonging to a column. Preferably, the table information (or table name) may include a database name. That is, when using a plurality of databases, the table name can be composed of a database name and a table name. We call this the absolute name of the table. That is, the absolute name of the table consists of the database name and the table name, and can be expressed as <database name>. <Table name>.

In addition, the absolute name of a column (or a column name) indicates a name combined with a table name and a column name. For example, the absolute name of a column can be expressed as <table name>. <Column name>.

On the other hand, the column extracting unit 35 parses the query statement using the query statement parser 37 and extracts the table name, in particular the absolute name of the table, from the parsing result.

The query statement parser 37 analyzes the extracted query statement or the syntax of the SQL query to determine whether the query includes a select list, a table reference, a join clause, a where clause, Group by clause, order by clause, and so on.

Also, extract the column name from the reference item in the SELECT clause. Also, all the column names referenced in the join clause, condition clause, group clause, order clause, and the like are extracted. In particular, when the reference item is a calculation formula, the column name included in the calculation formula is extracted. It also extracts the column names used in conditions or expressions referenced in other clauses, such as condition clauses.

In particular, the column name is extracted with the absolute name or the column name and the table name to which it belongs. An absolute name is a name consisting of the name of the reference database, the name of the reference table, and the name of the column. Thus, the absolute name of a column can be expressed as:

Absolute name of column = <name of database>. <Name of table>. <Column name>

Or, if you do not really know the database, you might say:

Absolute name of column = <name of table>. <Column name>

In contrast to the absolute name, the column name is also called the relative name of the column.

At this time, the query statement parser 37 extracts the name of the table through a FROM clause or the like.

That is, the column extracting unit 35 collects the reference items of the SELECT clause in the query statement as a column name, and sets the reference table of the FROM clause as the table name if the reference item does not have a table name.

For example, assume the following query:

[Query 1] select Login_ID from Customer

[Query 2] select t1.Login_ID from Customer t1

In all of the above cases, the column name "Login_ID" indicates a column belonging to the cutomer table. That is, since Query 1 has only the table to which the reference is made, it can be seen that the Login_ID of the SELECT clause refers to the field (or column) of the table Customer. That is, the absolute name of the column name "Login_ID" is "Cutomer.Login_ID".

Also, in the query 2, the table Customer is aliased to t1. Therefore, the absolute name of t1.Login_ID in the SELECT clause is "Cutomer.Login_ID", which is the name that replaced "t1" with "Cutomer".

Preferably, the alias of the table name is removed from the table section, and all the aliases of the table name are changed to the original table name. For example, in the previous example, if the cutomer is aliased to t1, change it to the original table name (Cutomer).

Preferably, when a plurality of databases are used, an absolute name of a table for each table name in the table true adjustment is obtained. The absolute name of the table consists of the database name and the table name, and is expressed as <database name>. <Table name>.

5, the query statement parser 37 includes a lexical analyzer 37a for separating the query statements into words and separating the tokens, a parser 37b for analyzing the syntax and setting the structural relationship between the tokens ).

First, the lexical analyzer 37a reads out the query statement, that is, the SQL text, and separates (or extracts) the token. In this case, the token is a word segmented from the sentence itself.

The lexical analyzer 37a generates the token in the same manner as in Fig. Figure 6 shows what is defined for a base unit (token) that a query can be made. 6A shows a token structure (or syntax structure) of "select ", FIG. 6B shows a token structure of" subquery ", FIG. 6C shows a structure of a token structure of "query_block" .

Next, the parser 37b receives the tokens listed above, and generates tokens as data in a tree form.

At this time, when the tokens are inputted, the parser 37b checks whether there is a grammatical error in the token (or the token list) before generating the tree form. That is, if the tokens do not match the predetermined pattern, they are treated as having an error in the grammar

It is divided into SELECT, INSERT, UPDATE, DELETE, and CREATE types according to the type of SQL statement and converts the received data of the received tree type into a formal classification tree. Specifically, it segregates based on the type of SQL statement and makes it into a tree structure through top-down parsing. Then replace the tree with a simple table and column tree structure.

Next, the abnormality determination unit 36 compares the extracted column name with the authorization list, and determines whether or not the query query is transmitted according to whether or not the extracted column name exists in the corresponding list. Preferably, if a column name exists in an unallowed list (invalid list) of the authorization list, transmission of the query is blocked.

The authorization list consists of a whitelist (or whitelist) that lists the names of the allowed columns or an invisible list (or blacklist) that lists the names of the inaccessible columns.

If the authorization list is an unavailable list, the abnormality determination unit 36 determines that transmission of the query query is abnormal and blocks the transmission if any of the extracted column names is present in the unavailable list of the authorization list. On the contrary, when the authorization list is a permissible list, only when all the extracted column names are present in the permissible list, the query is determined to be normal and transmitted. Otherwise, the query is judged to be abnormal and blocked. Preferably, the authorization list is constructed as an unavailable list.

In addition, the authorization list consists of column names, where the column name is written as the absolute name of the column. Or the name of the table to which the column name belongs together. If the column name and the corresponding table name are the same, it is determined that the column name exists in the authorization list.

Also, in the case of having a plurality of databases, the database name is also included in the authorization list. In this case, it is determined that the column name, the table name, and the database name are all the same in the corresponding list.

The abnormality determination unit 36 determines whether the query is abnormal or not, and transmits the query statement or the statement to the relay module 33. The relay module 33 transmits or blocks the corresponding query statement or the statement according to whether the abnormality determination unit 36 transmits or blocks the request.

Next, a method of access control of the DB by the DB access control system 30 according to an embodiment of the present invention will be described with reference to FIGS. 8 and 9. FIG.

As shown in FIG. 8, the DB access control system 30 or the relay module 33 performs an operation in an environment for relaying communication data between the user terminal 10 and the management DB server 40. In an embodiment, an environment in which a user or a user terminal 10 remotely accesses an authorized management DB server 40 via a DB access control system 30 by using a DB connection protocol, .

The user or user terminal 10 inputs a statement to the DB server 40 for work. At this time, the relay module 33 transmits the received command to the DB server 40, and transmits the response of the DB server 40 to the user terminal 10 again. At this time, the query statement extractor 33a extracts the query statement from the statement.

When the user executes a query, the DB access control system 30 analyzes the query and extracts what column data is to be accessed in the final table, rather than determining whether the comparison is based on string comparison. For example, in the following query, BUNHO is a resident number in table A, and BUNHO in table B assumes a simple number. At this time, it is impossible to control only the resident number corresponding to the BUNHO of the A table through the existing string comparison method.

[Query statement]

"SELECT A.NAME, A.BUNHO, B.BUNHO FROM JUMINA, HIST B WHERE A.KEY = B.KEY"

As shown in FIG. 8, the DB access control system 30 receives a packet or a command from the user terminal 10 (S10).

Next, the DB access control system 30 extracts the query from the packet or the statement (S20). At this time, the system 30 analyzes the DB connection protocol and extracts a query statement from a packet or a statement.

Next, the query statement is analyzed using a parser (or a query parser) (S30), and an absolute name of the column is extracted (S40). The absolute name of the column name implies the table and column name of the table to be finally accessed. It also includes the database name if there are multiple databases (owners).

Next, it is determined whether the query is a threat query (or abnormal) (S50). That is, whether or not the absolute name of the extracted column exists in the authorization list is judged, and it is judged whether there is a threat or abnormality in the query query.

Specifically, if the column name of the query statement exists in the authorization list or the invalid list, the query is judged to be a threat query. At this time, the column name uses the absolute name. Or whether or not the column name and the table name to which the column belongs are the same.

Next, if it is determined that the query is a threat, the query is canceled (S60), and the relay of the query is interrupted (S80). That is, the query is prevented from being transmitted to the DB server 40. If it is determined that the query is not a threat query, it is requested that the corresponding query statement be transmitted (S70), and the corresponding query statement is relayed (S80).

FIG. 9 is a diagram for extracting data that a user desires to execute. The parser can extract access to data of a certain column in the final table.

When the query is executed, the user confirms the accumulated query in the memory so far. The parser of the DB access control system analyzes the query and confirms by sending the data of a certain column to the server in the final table.

Based on the analyzed data, it is possible to determine and control the data of a certain column in the final table accessed in real time, unlike the last expression data in the query performed by determining whether or not the column is accessible to the user.

That is, as shown in FIG. 9, the table name, the column name, the alias name, etc. to be prohibited or allowed are collected. Then, the user's query statement is analyzed, and the analyzed query is compared with the collected table name (or column name, alias name). That is, it is determined whether or not the table name, column name, alias name, etc. of the query query of the user is in a collected list (or a forbidden list, an allowable list, etc.).

Although the present invention has been described in detail with reference to the above embodiments, it is needless to say that the present invention is not limited to the above-described embodiments, and various modifications may be made without departing from the spirit of the present invention.

10: User terminal 30: DB access control system
31: input response transmission unit 33: relay module
33a: Query statement extracting unit 33b: Packet relaying unit
34: Equipment response transmitting unit 35: Column extracting unit
36: abnormal judgment part 37: query statement parser
38: authorization list DB 40: DB server

Claims (7)

A DB-based DB access control system using a parser, wherein a user terminal and a DB server are connected via a network and installed as a gateway on a network between the user terminal and the DB server,
A relay module for extracting a query statement from a packet transmitted from the user terminal and relaying a result of a statement or a server input between the user terminal and the DB server; And
A column extractor for receiving a query message from the relay module and extracting a column name;
And an abnormality determination unit for storing an authorization list composed of column names and determining whether or not the query query is based on whether the extracted column name is present in the authorization list,
Transmits to the relay module an instruction to transmit or block the query according to the determination whether the query is an inquiry query,
The column name is an absolute name including the table name,
Wherein the column extractor collects the reference items of the SELECT clause as column names in the query statement and sets the reference table of the FROM clause as the table name when the reference item does not have a table name. system.
delete delete The method according to claim 1,
If the column name includes a table name and the table name of the column is an alias of a reference table in the FROM clause, the column extractor collects the original table name of the alias, And the table name of the column is set as the table name of the column.
The method according to claim 1,
The column extracting unit extracts a token from a query statement, generates a tree structure of tokens, replaces the tree structure with a tree of a tree structure of a table and a column structure, extracts a column name,
Wherein the query statement parser comprises a lexical analyzer for separating the query statements into words and separating the tokens, and a parser for analyzing the syntax and setting a structural relationship between the tokens, wherein the lexical analyzer separates the token from the query statement Wherein the parser generates the cataloged tokens in a tree structure and replaces the generated tree structure with a tree of a table and a column structure. system.
The method according to claim 1,
Wherein the abnormality determination unit includes the authorization list as an invisible list and determines that the query statement is abnormal if at least one of the extracted column names exists in the unavailable list. .
The method according to claim 1,
And if the DB server has a plurality of databases, the table name includes a database name.

Images