| With the development of information technology, more and more information is stored in the computer system's database, so database security has become an important problem that must be solved. MAC(Mandatory Access Control) control the access by object's sensitive label and subject's access label, is often used in high security level DBMS(Database Management System). After analyzing the shortcomings of the MAC that DM(Da Meng) DBMS has implemented, a EMAC(Enhanced Mandatory Access Control) mechanism has been designed and implemented in DM.In the EMAC mechanism, strengthen MAC's express ability by importing the new component group which can identity organizations owning or accessing the data; strengthen the system's usability by adopting sensitivity range and separated read and write on the category and group for the user; strengthen the system's agility by importing current session label, current session row label and privileges in the security policy.Have designed the architecture to implemente the EMAC mechanism in DM DBMS. It includes MAC data dictionary, policy management, label operation, policy application, user authorization, session control and MAC check totally seven modules. In the process of implementation, extend SQL interface for the system security operator, to support him configuring EMAC system; extend system function for general user, to support him change current session label and session row label in the range of his authorization; design an optimized scheme for the storage of label, it can save much space; and has made use of cache technology to improve efficiency and so on.Have tested the system's functions and performance through experiments. The results show that DM EMAC subsystem has achieved the desired functions, the MAC supplied by it has stronger express ability, better usability and better agility, and the performance loss caused by its application is acceptable. |
PDF Full Text Request