返回 历史论文 首页
Design and Realization of Security Network Database

  ( Department of Computer Science and Technology in Hulunbeier College ,Hulunbeier,Inner Mongolia 021008 China )
  Abstract: This paper analyzes the functional design and structure design of the database security model networks, research and further realize the key features of the model. The system is suitable for network security database management system, which has a certain universality and portability.
  Keywords: network database; security model; digital signature
  0 Introduction
  With the development of network information technology, network information security is getting more and more attention of the society, and the network database system security is an important part of the network information security.
  Network database security access system should be defined security policy according to user needs, the installation environment, specifically relates to two levels, the first level is security, system operation such as: physical and safety of hardware. The second level is the security, system information such as: password authentication, access control, data encryption etc.. This paper is mainly based on the access control technology, and combined with the design of system security access to the encryption and communication technology of network database.
  1 Design of database security model based on Network
  The security structure model of network database in paper research as shown in Figure 1. Key code of business processing and implementation are described in the following: module relates to the functions are: authentication, authorization and RBAC log record.
  Fig.1 Schematic diagram of the structure of network database security model
  1.2 The authorization of RBAC control function
  Network database security model is divided into ordinary user, members of the user and super user. According to the three categories of users, this paper established the role user, the purpose is to let the user access to the database according to the related authorization. Authorization mapping mechanism through the many to many role, that can be authorized into matrix role corresponding digital and database identifier corresponding to digital, the user role with the rows of the matrix to be expressed, and related database table with columns of the matrix representation.
  When the user passes the identity authentication, role permissions corresponding identification number can be used as an important parameter, and transmitted to the interface module database role table, and the interface module is authorized processing module. Each time a user is authorized, must be with the help of the corresponding role of digital access to the database, and obtain power identification number corresponding to the corresponding access control, authorization.   1.3 Authentication of user identity
  In this paper, through the implementation of identity authentication user digital signature technology, authentication flow shown in Figure 2 as shown in fig.:
  Fig.2 Schematic diagram of the authentication process of database security model
  The user authentication steps are described in the following:
  1) the request of user is sent to the authentication server;
  2) the authentication server receives a user request, at the same time generation timestamp and the corresponding data feedback to the client;
  3) the client sign based on the content that feedback by private key, and the result is transferred again to the authentication server;
  4) the server directly be authentication according to the signature. Because the private key corresponding to the client knows only, so the signature is -- correspondence, the server can also resolve what users need and have the right to access to the database.
  2 The detailed design of the network database security access system
  2.1 System design of presentation layer
  Said layer that access by the network database security system is the first barrier, that is responsible to received, filter and submit the information for user. The presentation layer is mainly by means of the form appears, to the tree list displays the user name and the corresponding role, involves: user login ID, user name, login time and power etc.. Forms authentication of system design layer described below:
  (1)The user sends a connection request to the database, Internet Information Services allow connection requests to the database by. NET for be checked. When the user requests authentication, it can be directed to the login screen, the user must provide a user name and password before they can submit the corresponding login form.
  (2)The system for the user to provide a user name and password, according to the database to match the relevant information to verify, as verified by that distribution corresponding roles. At the same time, create a Cookie and feedback to the client. This time, the roles can be temporarily stored in the corresponding first data field, the user can prevent the subsequent database connection requests sent repeatedly to get the role.
  (3)When the user is redirected to the original interface, the event handler creates an object Iprinicipal, and save the object in the HttpContext. Eventually, users will be related to operation of the database based on the different roles assigned login interface.   In addition, the system involved in the presentation layer designed to prevent SQL injection attacks. When performing SQL statements and stored procedure calls in the system, direct use Parameters collection, which can effectively achieve no matter what the user input characters can be processed as text, and can be checked on the character type and the length of terms, there is no qualified character value, can have triggered an exception. But note that when there is an exception occurs SQL code, not directly to the SQL error to the user presentation layer, but should be recorded by the system error message and give the user some friendly message can be, so to avoid system exposure to some of the details, and provide access to the attacker.
  2.2 Design of data access layer
  Security access systems that data access the network database primarily include encryption and decryption, and authentication authorization. Among them, the need for encryption and decryption of data processed have three ways: the string connect to database, user password, the information that required to validate user input. The system through Secret class Encrypt encrypts information for the relevant data, and passes the ciphertext to the backend authentication server. Authentication server for encrypted information is based on a hash algorithm, and direct calls to Compute Hash hash method to calculate the parameters of information, combined with an array filled with random numbers after the return. Algorithm flow shown in Figure 3:
  Fig.3 Schematic diagram of the hash encryption algorithm
  In addition, the authentication and authorization of data access layer are the matching user roles and database in the User- Role table information, the operation is to be performed in the in the User-Role table. In determining the user role: senior, ordinary or administrator, the system can implement different processes. For example: advanced users can achieve a common user role change, and role to delete; ordinary users can the role permissions based on, to access the database; the administrator can according to user role, change its permissions, even can directly modify the User- Role list etc..
  2.3 Design of data layer
  Data layer is mainly reflected in the database systems in a network database security access system architecture, which is aimed primarily at the database table. Depending on the security access system requirements for database functions, system tables are mainly related to basic message authentication, roles, and permissions and so on. Especially the authentication database, including: user information table, user login table, roles table, permissions table and so on. The data sheet for the stored procedure is a key feature of the data layer, the design principle is: Based on the implementation of the Auth database table processing to obtain information, to provide user data with other roles, resources and authority issues, the data layer SQLServer stored procedure is mainly based on a custom stored procedures to be implemented.   (1) Distribution of system user roles and permissions
  CREATE PROC R-R-Dis [@ RlID @ RigID @ ReID] AS
  EXEC sp_add @ RlID GRANT RigID ON @ ReID To @ RlID
  SELECT @ RlNm = RlNm FROM Rl-Rig
  WHERE RlID = @ RlID
  ...... INSERT INTO Us-Rl VALUES '(RigNm', 'RigID', 'RlNm'', RlID', 'ResNm', 'ResID')
  This stored procedure will be able to call by administrator ,only to realize assign roles and permissions. The main parameters of the stored procedure from the Auth database Role-Right table, using a sp_add stored procedures, and the allocation of resources by means of GRANT privileges to the appropriate roles.
  (2) Revoke privileges
  CREATE PROC Rig-Del
  REVOKE @RigID @RsID
  FROM @RlID
  DELETE * FROM Role-Right where RlID = @RlID
  The stored procedure of privilege revoked, that can only be called directly by a user administrator privileges, the main role of the corresponding privileges removed. Users first stored procedure call system itself, followed by the role of the corresponding operating privileges revoked, and then delete the relevant records to the Role-Right on the table and then authentication database.
  (3) the signature authentication server function
  Signature authentication server mainly realize server authentication, involves: file system corresponding to the public key in the initialization; network connection; the connection state real-time monitoring server port; generation timestamp and random number and feedback; receiving, client signature verification process and feedback etc..
  The key code to its realization are described in the following:
  Public static void main (String args[])throws Exceptin {
  PublicmainKey pKey = Repub (pubmainkey, File-name); // the corresponding public key of customer is obtained
  ServerSocket DD = new Serversocket (serPort); // generate the corresponding socket to detect of connection,
  Private static PubicmainKey republicKey (String filenm) throw Exception // public key corresponding reading processing function
  ......
  While ((tB = files.read (=-1)) {!)
  Baos.read (tB); / / get the public key
  }
  (4) To achieve the client authentication function
  To achieve the client authentication function mainly involves: reading the client user's private key, and the decryption processing; open the connection with the server; need to obtain feedback from the server's signature data processing; feedback array signature and results of data; access to the server authorization Boolean value. The key to its realization are described in the following code:   Public static void main (String args[]) throws Exception
  {
  …… // access, read and interpret user corresponding private key
  Socket clientSocket = new Socket (cliethostnm,PORT); // The connection is opened
  IntoutFormServer. reF(data _BeSing);// Gets the signature data
  Signature.sntue = Singature.gInstance (“MD5”); // The initialization process is carried out by MD5 signature
  Boolean ver = inputFormServer.readBoolean();// get feedback boolean value to ensure certification
  }
  Private static PriKey getPriKey (strin PriKeyFiname,char []password) throws Exception
  {
  FileInputStream filenames = new FileInPutStream(PriKey filenm);
  ...... // User private key to get operation
  Ciper.init (Cip.Decry_mde, prikey,paraSpec);// Carry out corresponding treatment of decryption
  }
  3 Conclusions
  This paper presents a security model for the network database systems, design and implementation of digital signature authentication and key management and avoided the illegal invasion by logging. The network database security model can solve many security risks faced by network database, but due to the complexity of the network environment, the network database application security model needs to be further improved in practice.
  Reference
  [1] Wang Jing, the database security under Network Environment[J]. cooperation of economy and technology, 2009 (05)
  [2] Ceng Ailin. To establish and perfect the security system of network database based on Web[J].Journal of Xiangtan Teachers College, 2011 (2)
  [3]Li Zongying.The use of SQL stored procedures in.NET database[J]. China high-tech enterprises, 2010, (15)
  [4] Zou Jian SQL Server 2000 development and management application[M]. Beijing: People's Posts and Telecommunications Press, 2005.101-150
  [5] Wang Hui, Fang Ming, Li Rengen. Analysis and model of network database security[J]. Journal of Xi'an Petroleum Institute, 2009, (1)


【相关论文推荐】
  • Network database based on the web design and security
  • Research on Database Design based on Wireless Sensor Network
  • Design of wireless sensor network database based on message transfer
  • The Design of Campus Network Database Access based on Encryption
  • Design and production of the network courses based on the database technology
  • Optimization Design Scheme of Oracle Database
  • Security Threatening Factors and Security Technologies of Network
  • The Study on Network Security Strategy based on Security Evaluation
  • Cloud computing and network security research