Database safety access control method based on independent authorization

Abstract

The invention discloses a database safety access control method based on independent authorization, and belongs to the field of database safety. The designing thought that the method is in loose coupling with a database system is adopted, access control on the basis of users instead of database accounts is realized by binding database access behaviors with a USBKey, and control and audit can be conducted on behaviors of terminal users by correlating the database access behaviors and the terminal users. Advanced access control is introduced for conducting analyzing and monitoring on database access statements, therefore, database attack behaviors are shielded, insider operation behaviors are controlled and audited, and information loss caused by the database attacking behaviors can be reduced. By repackaging database access requests, monitoring and sniffing attacks are avoided. According to the technology, by adding the means of identity authentication, access control and safety transmission which are independent from a database management system, safety enhancing of a heterogeneous database management system under multiple platforms is realized on the premise that the usage mode of an existing application system is not changed.

Description

technical field [0001] The invention belongs to the field of database security, and is a database security access control technology based on independent authorization. Background technique [0002] The database system is the basic platform in the information system. The key business systems of many government agencies, military departments, and enterprise companies run on the database platform. The data in the database system is shared by many users. If the security of the database cannot be guaranteed, the applications on it The system can also be accessed or destroyed illegally. Although the current mature commercial database management systems have security functions such as identity authentication, access control, and auditing, which provide certain security guarantees for database security, there are still the following problems in database security: [0003] 1. Insider attacks. 80% of database data loss is caused by internal personnel attacks on the database. Databa...

AI Technical Summary

Problems solved by technology

[0004] 2. Database attack

[0005] 3. Database vulnerabilities

The "Prism Gate" incident exposed the serious security risks brought about by the use of foreign commercial database systems and other infrastructure. Foreign database manufacturers and intelligence agencies can use the security loopholes and backdoors of the database management system itself to monitor the data in the database. and theft, there are security risks such as loopholes in the database system, and the security and confidentiality mechanism attached to it is useless

[0006] 4. Under the three-tier architecture mode, user behavior cannot be controlled

In this mode, the access to the background data is performed through the Web application server or middleware. Even if fine-grained access control is adopted, it can only be controlled for the Web application server or middleware, and it is impossible to distinguish which foreground the access request is from. It is initiated by web users, so it is difficult to control and audit user access behaviors

Images