强制访问控制技术在数据库安全访问中的应用

摘要

Nowadays, the security access method of database, mainly through transforming the data dictionary of database, and by checking user privileges and accessing data security labels, realizes the mandatory access control. This kind of method does not check the user identity and access path of the database access, so there exists security risk such as the privilege escalation. Therefore, a database security mandatory access control system based on dyed markup is proposed with staining and marking of the database resources. The system mainly involves request filtering, resource dyeing, database system transformation, request response control, identity marking and virtual channel encryption, thus realizing the strong authentication of the user identity and the mandatory access control of the user database operation.%目前,数据库的安全访问方法主要是通过对数据库的数据字典加以改造,并通过检查用户权限和访问数据安全标记来实现强制访问控制.这类方法不对数据库访问用户身份和访问路径进行检查,存在权限提升等安全风险.因此,采用数据库资源的染色标记方法,提出了一种基于染色标记的数据库安全强制访问控制体系,主要包括请求过滤、资源染色、数据库系统改造、请求响应管控以及身份标记与虚拟通道加密等几个步骤,实现了用户身份的强认证和用户数据库操作的强制访问控制.