共查询到17条相似文献,搜索用时 140 毫秒
1.
2.
DONG Shang-yan 《数字社区&智能家居》2008,(7)
通过对多级数据库管理系统的深入研究发现,在多级安全数据库中存在多种间接方式导致信息由高级流向低级,因此有必要对数据库进行推理分析,在数据库管理系统实现与多级数据库系统设计时,就可以充分考虑到数据之间的内在联系,做出适当的约束安排,从而尽量避免推理通道的出现。 相似文献
3.
董尚燕 《数字社区&智能家居》2008,(3):1184-1186
通过对多级数据库管理系统的深入研究发现,在多级安全数据库中存在多种间接方式导致信息由高级流向低级,因此有必要对数据库进行推理分析。在数据库管理系统实现与多级数据库系统设计时,就可以充分考虑到数据之间的内在联系,做出适当的约束安排,从而尽量避免推理通道的出现。 相似文献
4.
5.
多层关系数据库的函数依赖推理控制 总被引:1,自引:0,他引:1
多层关系数据库是解决安全数据库中多实例问题的良好方法。防止未授权的用户从可读取的安全等级较低的数据中推理出安全等级较高的数据是多层关系数据库达到安全的必要保证。由于数据库中元组、属性、元素之间的相互关联性,推理问题成为安全数据库的重要内容。文章以数据库中的函数依赖来检查多层关系数据库的各个属性的安全等级,并在此基础上调整各个属性的安全等级,以保证数据的安全性。 相似文献
6.
该文描述了在ORACLE环境下实现的基于约束处理的细粒度动态多级安全数据库系统(DMSDS)中所实施的多级安全模型,并介绍了实现该模型所进行存取控制、安全等级分派等模块的设计和实现。 相似文献
7.
8.
9.
多级安全数据库系统推理问题研究 总被引:7,自引:0,他引:7
在多级安全数据库系统中,推理问题是低安全级的用户利用他能够访问到的数据以及自身的知识,推断出高安全级的机密信息,从而构成对数据库的攻击。该文综述了控制数据库推理问题的方法,并比较了它们的优缺点。 相似文献
10.
函数依赖推理控制的方法 总被引:2,自引:0,他引:2
文章研究了在多级安全数据库系统中由于函数依赖(FD)引起的推理问题,分析了Su和Ozsoyolu提出的CLA算法存在的问题,在此基础上,提出了一个递归的最小信息丢失分层密级调整算法,并分析了算法的时间复杂度。 相似文献
11.
一种基于粗糙集的多级安全数据库推理问题的量化分析方法 总被引:1,自引:0,他引:1
信息大都存放在数据库中,信息安全很大程度上依赖数据库的安全。推理是从已知的信息推出新的信息,它是对数据库安全的一个重要威胁,特别数据挖掘的发展,这个威胁变得更加严重。简单描述了多级安全数据库系统的推理问题;介绍了粗糙集理论的相关概念;利用粗糙集理论提出了一种对推理风险进行量化的方法,它不依赖系统安全员的知识,能够处理确定性和非确定性的推理通道;并给出了一个分析例子。 相似文献
12.
基于粗糙集理论对推理通道问题进行了研究。通过采用属性约简和属性值约简方法对数据库中的数据进行处理。在属性值约简基础之上,采用一种改进算法找出了数据库中推理规则集。进一步,将推理规则集中属性频率高的属性安全级别提高至决策属性的安全级别,从而消除推理通道。最后通过一个实例表明提出的消除通道算法是有效的。 相似文献
13.
Bhavani Thuraisingham William Ford Marie Collins Jonathan O'Keeffe 《Data & Knowledge Engineering》1993,11(3):271-297
The Inference Problem compromises database systems which are usually considered to be secure. here, users pose sets of queries and infer unauthorized information from the responses that they obtain. An Inference Controller is a device that prevents and/or detects security violations via inference. We are particularly interested in the inference problem which occurs in a multilevel operating environment. In such an environment, the users are cleared at different security levels and they access a multilevel database where the data is classified at different sensitivity levels. A multilevel secure database management system (MLS/DBMS) manages a multilevel database where its users cannot access data to which they are not authorized. However, providing a solution to the inference problem, where users issue multiple requests and consequently infer unauthorized knowledge is beyond the capability of currently available MLS/DBMSs. This paper describes the design and prototype development of an Inference Controller for a MLS/DBMS that functions during query processing. To our knowledge this is the first such inference controller prototype to be developed. We also describe some extensions to the inference controller so that an integrated solution can be provided to the problem. 相似文献
14.
Wizard: a database inference analysis and detection system 总被引:1,自引:0,他引:1
The database inference problem is a well-known problem in database security and information system security in general. In order to prevent an adversary from inferring classified information from combinations of unclassified information, a database inference analyst must be able to detect and prevent possible inferences. Detecting database inference problems at database design time provides great power in reducing problems over the lifetime of a database. We have developed and constructed a system called Wizard to analyze databases for their inference problems. The system takes as input a database schema, its constituent instances (if available) and additional human-supplied domain information, and provides a set of associations between entities and/or activities that can be grouped by their potential severity of inference vulnerability. A knowledge acquisition process called microanalysis permits semantic knowledge of a database to be incorporated into the analysis using conceptual graphs. These graphs are then analyzed with respect to inference-relevant domains we call facets using tools we have developed. We can determine inference problems within single facets as well as some inference problems between two or more facets. The architecture of the system is meant to be general so that further refinements of inference information subdomains can be easily incorporated into the system 相似文献
15.
The use of an extended data model which represents both integrity and secrecy aspects of data is demonstrated. This Semantic Data Model for Security (SDMS) provides a technique that assists domain experts, security officers, and database designers in first understanding their security requirements, and then translating them into a good database design. Identifying security requirements at this semantic level provides the basis for analyzing the security requirements and the database design for inference and signaling vulnerabilities. Another contribution is a comprehensive taxonomy of security-relevant data semantics that must be captured and understood to implement a multilevel secure automated information system 相似文献
16.
数据库推理问题是数据库安全研究的重要组成部分,主要研究推理通道的检测方法和控制策略。该文提出一种动态控制推理通道的方法。该方法为每个推理通道建立一个标识集合,利用集合中元素和推理通道中对象的关联来控制查询的处理,使用户能灵活地访问数据但又得不到足够的信息来推理。与以前提出的方案不同,该方案保证了数据的最大可用性,同时有效地阻止推理并保持了快速的查询处理能力。 相似文献
17.
《Journal of Computer and System Sciences》2007,73(5):788-817
A query is said to be secure against inference attacks by a user if there exists no database instance for which the user can infer the result of the query, using only authorized queries to the user. In this paper, first, the security problem against inference attacks on object-oriented databases is formalized. The definition of inference attacks is based on equational logic. Secondly, the security problem is shown to be undecidable, and a decidable sufficient condition for a given query to be secure under a given schema is proposed. The idea of the sufficient condition is to over-estimate inference attacks using over-estimated results of static type inference. The third contribution is to propose subclasses of schemas and queries for which the security problem becomes decidable. Lastly, the decidability of the security problem is shown to be incomparable with the static type inferability, although the tightness of the over-estimation of the inference attacks is affected in a large degree by that of the static type inference. 相似文献