Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Database virtual patch protection method

A database and patch technology, applied in the field of database security, can solve problems such as database vulnerabilities that cannot be repaired, application exceptions, and applications that cannot be used normally, and achieves the effect of fast matching and preventing attacks.

Inactive Publication Date: 2017-06-09
BEIJING INST OF COMP TECH & APPL
View PDF5 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

With the improvement of user requirements for the functions of the database management system, the scale of the database management system becomes larger and larger, and the risk of security vulnerabilities in the database management system continues to increase. If these vulnerabilities are ignored, the database faces the risk of core data being leaked
[0004] 2. Hastily upgrading the database may lead to application exceptions
Database upgrades and patching require the cooperation of database administrators, application system administrators, and other parties. If the system changes that may be caused during the database upgrade and patching process are not fully considered, the application may not work normally after the database system upgrade
[0005] 3. Database patches cannot prevent preset backdoors
[0006] Therefore, database administrators are faced with such a predicament: database loopholes must be patched, and patching loopholes faces the risk of affecting applications, but no matter what, they cannot fundamentally prevent the helpless situation of database backdoors

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Database virtual patch protection method
  • Database virtual patch protection method
  • Database virtual patch protection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] In order to make the purpose, content, and advantages of the present invention clearer, the specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

[0024] figure 1 Shown is the database virtual patch protection module diagram of the present invention, as figure 1 As shown, the database virtual patch protection module includes: protocol analysis module 1, access behavior filtering module 2, request forwarding module 3, rule base 4, attack analysis module 5, rule entry module 6, attack analysis module 7, patch analysis module 8 and Configuration management module9.

[0025] refer to figure 1 , the protocol analysis module 1 is used for database server mapping and database protocol analysis. The access behavior filtering module 2 is used to restore the SQL statement in the access request, and based on the characteristic rules of the rule base, filter the database ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a database virtual patch protection method. The method comprises the steps that patch information released by a database manufacturer is received; reverse analyses of machine instructions are conducted on a database before and after the patch, the machine instructions of a binary system in an executable file are restored into assembly language codes in a reverse direction; the assembly language codes are analyzed and expressed as a mutual call relationship for different functions and between the functions, binary files are converted into diagraphs, call relationships and function control flow diagrams of the binary files after the anti-compilations are obtained through analyses, the basic block number, the jump side number and other function call numbers in the flow diagram are controlled through calculation, and the signatures of the functions are generated; the functions are paired according to the function signatures, codes triggering security loopholes are positioned according to the paired functions and non-paired functions and through checks on the non-paired functions; effective attack graphs are generated based on the loophole information and the positioned codes which trigger security loopholes, and virtual patch protection rules are established.

Description

technical field [0001] The invention belongs to the field of database security and relates to a database virtual patch protection method. Background technique [0002] The database system is the basic platform in the information system. The key business systems of many government agencies, military departments, and enterprise companies are stored in the database. If the security of the database cannot be guaranteed, the application system on it will also be accessed or destroyed illegally. Although the current mature commercial database management systems have security functions such as identity authentication, access control, and auditing, which provide certain security guarantees for database security, there are still the following problems in database security: [0003] 1. Database vulnerabilities are on the rise. With the improvement of user requirements for the functions of the database management system, the scale of the database management system becomes larger and l...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30G06F21/57
CPCG06F21/577G06F16/21
Inventor 孟宪哲毛俐旻王润高曾淑娟
Owner BEIJING INST OF COMP TECH & APPL
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products