On the demand for database security and security technology
Abstracts:
Database security means to protect your database to prevent information leakage caused by the illegal use, alteration or destruction. Database already occupy a very important position in society and in people's daily life. This paper briefly describes the importance of database security and safety requirements, and database security policies and security technologies.
The database is stored together with the collection of associated data, these data can be provided for a variety of applications service. The use of the database can bring many benefits: reduced data redundancy, save the data storage space to achieve full sharing of data resources, and so on. Because of the important role of the database, its security is also of concern.
The importance of database security
Database system is a system software, the actual use of it and other software also needs to protect the security of the database is important, mainly some of the reasons for the following reasons. First, the storage of large amounts of data in the database, the degree of importance and confidentiality level can be divided into several categories, these data are shared by many users, access rights of each user is different. therefore, the database system must be based on the responsibilities and authorities of different customers, so that each user only what they are required, and their permission to the corresponding part of the data, not every user can access all the data so that the user classification restrictions, strict control over user permissions to modify the database data, the maximum to avoid the situation of a user in unauthorized modify the data, and any adverse impact on the work of other users.
Secondly, in the database, data redundancy, once the database data is modified, the original data does not exist. Therefore, we must have a database recovery techniques to ensure the failure of the system or program, to help quickly restore database. Finally, the database is working online, generally allows multiple users to simultaneously access operation, it is necessary to take effective measures to prevent the problem caused by the destruction of the integrity of the database. database involving other application software, and therefore the security of the database also involves the security of application software and data security, database security issues and related application software security issues comprehensive consideration, the development of effective comprehensive safety precautions.
In short, the database system at the same time bring benefits to the people, but also on the user requirements of higher security. So, database security issues is very important, must arouse enough attention.
The database security threats and security policy
Database running on top of an operating system depends on the computer hardware, database security depends on the security of the operating system security and computer hardware. Illegal operation and lawless elements of the database operator deliberate attacks also pose a major threat to the security of the database. both of the above, you can see the database security threats:1) information destruction caused by a hardware failure or loss caused by damage to the storage device, the system is powered down the loss or destruction of information, 2) software protection failure caused the information leaked as loopholes in the operating system, the lack of storage control mechanisms or damaged storage control mechanisms, resulting in information disclosure, 3) application design a loophole as by hackers to install a Trojan 4) virus invasion system, resulting in loss of information, disclosure, or destruction. 5) computers placed in an unsafe place to be tapped, 6) authorized a program to incorrect or unsafe protective strategy .7) error data input or processing errors., ready to enter the data in the input before modifying confidential data in the input before leaks, 8) illegal access to non-authorized users, or unauthorized access to authorized users, or unauthorized access to authorized users. database security threats from all sides to ensure the security of the database must formulate an appropriate security policy, to take certain security measures to ensure the database information does not leak, does not destroy and delete and modify.
Database security policy is the guiding ideology guiding the the database operations officer reasonably set the database which includes the following aspects.
1) least privilege strategy
Least privilege strategy so that users can legally access or modify the database under the premise assigned minimal privileges, the user happens to be able to complete the work, and the rest of the right shall not give appropriate control of the user's permissions, You can reduce the possibility of leaks opportunities and undermine the integrity of the database.
2) sharing strategy
The maximum sharing policy is the premise to ensure the integrity, confidentiality and availability of the database, share information in the database.
3) granularity appropriate strategy
The different entries in the database in the database, is divided into different particles, and the smaller the particle, the higher the security level. Usually decided according to the actual size of the particle size. Reposted free paper for download http://eng.hi138.com
4) content access control policy
According to the contents of the database, the different users access to different parts of the database.
5) open and closed systems strategy
The strategy adopted by the database in an open system is an open system strategy. Open systems strategy expressly prohibited items, and other items of the database can be user access to database strategies adopted in a closed system that closed systems strategy. Closed system strategy that in a closed system, except as expressly authorized content access, and the rest are not can be accessed.
6) according to the context of access control policy
This strategy includes two aspects: on the one hand, to restrict the user or in particular a group of adjacent first request in the request can not access data of different attributes, on the other hand the user can specify different attributes of certain of the data must be a set of access, this strategy is based on the contents of the context of the strict control of the user access area.
7) According to the history of access control policy
Some of the data itself does not leak, but when the contact and other data or data together may disclose confidential information must be recorded in order to prevent attacks of this reasoning, the primary database user access history according to its previous To do this, to control its request.
The security of the database itself is complex, not simple what kind of strategy can be covered, so develop a database security policy should be based on the actual situation, follow one or several security policy can better protect your database.
database security technology
1) the integrity and reliability of the database
The integrity of the database is a critical relationship to the client / server application system to work. Maintain the integrity of the database that requires careful design of the database design, client developers also need to actively cooperate with the integrity constraints of the database is to be used to maintain the database The integrity of a mechanism, this constraint is a series of pre-defined data integrity planning and business rules, these data rules stored in a database, and to prevent users from entering incorrect data, to ensure that all of the data in the database is legal complete.
2) access control
Access control is the core content of the information security mechanisms, it is the primary means of data confidentiality and integrity mechanisms. Access control to restrict access to the main access rights of access to the object, so that the computer system is used within the law, access The control mechanism for determining the user and on behalf of certain interests of the user program can do, can do to what extent. Access control, as the primary means of providing information security, is widely used in the firewall, file access, VPN, and physical security access control is also a database system, one of the basic safety requirements to ensure the security of the database in order to use the access control must use the appropriate security policy and security mechanisms to ensure its implementation.
In the database, records, fields, elements are linked, the user may be obtained by reading the other elements of an element, a phenomenon known as the "reasoning", in order to prevent the occurrence of reasoning, and history must take control, it is not only asked to consider the request context at the time, but also to consider the context of the request in the past, to restrict access to simple access control is used to protect computer information or resources from illegal deliberately deleted, destruction or change an important addition, role-based access control mechanism can provide the user with a powerful and flexible security mechanism, so that the administrator user rights division to be close to the natural form of sector organizations.
3) database encryption
Allow everyone in the process of the actual use of the database, it is not on the database information browse and queries. Therefore, in order to ensure that the data in the database can not be illegal user access, it is necessary to secure their database encryption is a good security protection method. before you set a password to the database or cancel the password, it must make sure that the database is opened exclusively.
4) outer layers of security
Outer layer of security, including computer system security and network security. On the computer system and network security, the main violations of security threats from viruses, to which the outer layer should be hidden to avoid using the network platform virus, spread and damage the whole system operation, the use of defense, to kill, possession of a combination of comprehensive management methods. VPAN technology can be used to build the network database system of virtual private network, ensuring network security and information access route of transmission security through firewall technology, to achieve inter-network isolation and segment isolation, to ensure network perimeter security to ensure the system from virus intrusion hazards.
Operating System Security
Operating system is running a large database system platform for the database system provides a degree of security. Most of the current operating system platform, focused on Windows 2000 and Unix, security level is typically C1, C2 level. Major security technologies operating system security policy , security management strategy, data security and so on. operating system security policy is used to configure the local computer security settings, including password policies, account lockout policies, audit policies, IP Security Policy, User Rights Assignment, encrypted data recovery agent, and other security strategy. embodied in the user accounts, passwords, access permissions, auditing and so on.
SQLServer database general security model: the standard SQLServer database security model by the user, SQLServer log, authority and composition of the base table. SQLServer security authentication mode: Security certification is a database system to input the user account and password for confirmation, which includes recognition the user's account is valid, can access the system, be able to access what data. security authentication mode is the system recognizes the user's way. SQLServer with standard security authentication mode, Windows 2000 and Windows 2000 security authentication mode and mixed security authentication SQLServer mode.
security database system
Database system relies heavily on the security of the database management system. If the database management system is very powerful security mechanism, the database system to better safety performance. At present the market is the relation between the popular database management system, its security features weak, which led to the security of the database system there is a certain threat. We provide authentication and data integrity, authentication, authorization, access control, encryption of confidential information and audit the implementation of tracking and attack detection, and several other aspects, building Database management system of security to ensure the independence and integrity of the database.
Database security and encryption technology, it is now just made some attempts to work, many details need to be further in-depth with the further development of the database system, database security and encryption will become more important and urgent.