Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Independent transparent security audit protection method facing real-time database

A security auditing and database technology, applied in the fields of digital data protection, electronic digital data processing, computer security devices, etc., can solve the problems of weak misoperation control ability, few real-time databases, no security restriction protection and auditing system, etc. Improve overall performance and the effect of efficient access control

Inactive Publication Date: 2012-09-05
华北计算机系统工程研究所
View PDF5 Cites 30 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, the real-time processing process of the real-time database is very complicated. In addition to meeting the consistency requirements of the traditional database, its time limit is an integral part of the correctness standard.
Its performance goal is to minimize the transaction data that misses the deadline, which causes real-time and security conflicts in real-time databases.
It is for this reason that traditional real-time databases have little or no security restrictions, protection and auditing systems
This weak security protection mechanism has many loopholes and cannot block all attacks or illegal intrusions. Illegal users can access protected data through loopholes in the system
In addition, the integrity constraints of the system itself are weak in controlling misoperations that have passed authorization and certification, which requires the help of an audit system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Independent transparent security audit protection method facing real-time database
  • Independent transparent security audit protection method facing real-time database
  • Independent transparent security audit protection method facing real-time database

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] figure 1 A schematic diagram of adding transparent security audit protection to real-time database is given.

[0039] Before the security audit is added, the application system can directly access the real-time database through the interface, and its operation is not subject to any restrictions, which is very dangerous for applications with high data confidentiality, such as figure 1 The data flow shown in black letters.

[0040] After adding security audit, its function is divided into two parts: management control center and listener, such as figure 1 Color accented section shown. The management control center is generally started together with the real-time database, and is mainly responsible for management configuration, log reading and writing and processing, interface support, etc. By default, access control and auditing are turned off, and they need to be turned on by security administrators and audit administrators. In addition, the system administrator can ...

Embodiment 2

[0054] Embodiment 2 mainly describes the access control method suitable for real-time database

[0055] image 3 Construct a flowchart for the two-dimensional permission table in Example 2

[0056] Step 301, determine the action set of the system as a column of the authority table.

[0057] Step 302, obtaining the roles owned by the user.

[0058] Step 303, get the security zone involved by the user from the role, merge all the points in the security zone as the user-related object, as the row of the permission table;

[0059] Step 304, obtain the user's executable operations on the midpoint of the security zone from the role, set the corresponding position in the juxtaposition table to 1, and set the corresponding position to 0 for unexecutable operations;

[0060] Step 305, after the table is created, the point ID is used as the key value to establish a row-level Hash index for the two-dimensional permission table. The hash function adopts the divide-and-leave method, and...

Embodiment 3

[0066] Figure 5 Schematic diagram of the process of log record generation, processing, and storage.

[0067] Step 501, converting the parameter information, operation execution results, and known information acquired in the security protection function into an integer form, wherein the object is represented by id, the action is represented by position, and the type data number is stored;

[0068]Step 502, map the log record to a 64-bit integer by bit operation, use two unsigned integers to store, the specific format is: the main information of the low 32-bit record log, from high to low are object ID, action ID , operation result, event type, object type and alarm level; the upper 32 bits record the operation error code, and the error information can be obtained through the error code.

[0069] Step 503, after the original record is generated, send the log data to the log preprocessing thread in the form of thread message data parameters through the thread message passing me...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an independent transparent security audit protection method facing a real-time database. An interface which is supplied to an application system by the real-time database is used as an access point; a demand for protection and the operation limitation are converted into security protection functions; and corresponding interfaces are replaced by the security protection functions by using a HOOK and a remote thread injection technology, so that transparent gain security audit is realized. An authority of a user is managed according to a role mechanism based on a security area and quickly calibrated through an object operation two-dimensional authority table, so that an access control method suitable for the real-time database is found. A sequence number is led out according to an interface for fusing configuration information, so that configuration is realized securely and conveniently; an original log is quickly generated by using bit operation; the log generation and acquisition speed is increased by combining inter-thread message transmission; a buffering pond is introduced; the speed of reading and writing a log file is increased by using a divided webpage set management strategy; and the whole performance is improved by using separation arrangement.

Description

technical field [0001] The invention relates to safety auditing technology, in particular to a safety auditing technology which is applicable and independent of real-time database. Background technique [0002] Real-time database, as the basis of industrial enterprise informatization process, is widely used in electric power, petrochemical, and control systems. A large amount of information stored in these systems needs to be shared by multiple users with different security permissions. In these applications, transactions and data have different security levels, and direct / indirect illegal information access may leak state secrets, cause major accidents and economic losses. In today's world where competition is extremely fierce, many companies, especially those with leading technologies, often use the production process as the actual embodiment of their technology to be the fundamental interests of the company, and the process technology and even operating parameters of some...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F17/30G06F21/00G06F21/60
Inventor 徐新国朱廷劭乔建峰
Owner 华北计算机系统工程研究所
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com