Research And Realization Of Audit Subsystem For Secure Spatial Database

Secure spatial database, which is one of the important branches of current information security research, has broadly application future. The research in this field has strong confidentiality. The developed countries forbid exporting security products to our country, including database products.As one security mechanism for monitoring, recording and controlling users'activities, audit makes the accesses or access attempts that threaten system security leave clues and provide proofs analyses and tracing afterwards. Under the situation of over half of the attacks coming from legal internal workers, auditing the accessing to sensitive data is one of the important method to maintain database security.On the base of analysising and comparation for curret some DBMSs, aimming at their shortages this paper proposes an audit model based on secure spatial DBMS, and realizes the audit subsystem in SecVista, which is a spatial DBMS developed by ourselves. Main tasks as follows.Proposes an audit model with abundant audit policies expression abilities for SDBMS. This model can express policies based on both temporal and spatial and realize the derivation of some policies. By introducing co-attributes expressions, the model can express fine-grain audit policies. At the same time introducing pre-alarm mechanism to strong initiative and real-time.Proposes a checking and maintaining mechanism for log validity based on one-way hash function to protect log integrality and validity. Using shared memory for policies matching and searching to reduce the negative influences and improve user transparence.The audit model is optimized from three aspects. Invariants characters of the model ensure itself security,escape the introducing of covert channel;propose some guilde lines to tackle collision issues in setting rules; By introducing FIMAC method ensures the integrity of logs.At last the audit model is realized in the secure spatial DBMS--SECVISTA, which has been developed by our project team, and implement audit subsystem, improve the security of SECVISTA.