Design And Implementation Of Hierarchical Protection Security Mechanism Based On Database In Party Building Business

This topic is based on the problems found by a research institute when it develops its party building system.As a classified unit,the institute needs great security and confidentiality in daily work.So it does a lot of work to put some necessary restrictions on its employees' authority when developing the party building system,including previous research,safety analysis,discussion fo r design and authority devision,so as to ensure that the security and confidentiality of the system are in compliance with relevant national regulations.However,due to the constraints of various aspects,the function of authority control is realized through the front-end code rather than the database,which brings problems such as inadequate database security protection,poor system portability,and heavy tasks for developers.So,it is imperative to achieve classification protection of data and authority control at the database level,improve the security and portability of the party building system and reduce the burden on developers while developing the party building system.Selecting three different types of party building business as examples,this paper introduces a database security mechanism in line with the unit's actual realities.This mechanism combines mandatory access control(MAC)and discretionary access control(DAC)and bases on the SSR model,which greatly improves the security of the party building system.The research content of this paper is as follows:(1)Analyze three different types of party building business,sort out the business process,and clarify the license level and the data confidentiality level of the positions involved in business to prepare for the security mechanism design of the database.(2)Achieve classification protection of data by using the MAC mechanism and the SSR model.Set corresponding security labels for the position role and business data of the party construction business,and control the user's reading and writing operation through the mandatory access policies,so as to improve the security and confidentiality of the database.Among mandatory access policies,read check is to check whether the current position of the current user conforms to MAC rules through the logon trigger.Write check is to check whether the current user's current position meets the demand of MAC rules to view the accessible resources by triggering a trigger on the business data when DML operation is carried out,so as to conduct mandatory access control to data.(3)Make good use of the DAC.DAC,a mechanism applied in all mainstream database management systems,give the right user the right permissions according to business needs.In its implementation,a two-layer design of business role and position role is integrated.So we can assign the object authority to the appropriate business role and assign the business role to the appropriate position to establish the relationship between the user and the position.This can make the whole system more flexible and maintainable.(4)Design a relatively complete database security mechanism through MAC and DAC.Test whether the mechanism is safe enough to meet the requirements of data classification protection by taking a lot of functional tests on the basis of three party building businesses.