【作者】 刘晓东；

【导师】 吕锋；

【作者基本信息】 武汉理工大学 ， 通信与信息系统， 2003， 硕士

【摘要】 在信息全球化的今天，网络数据库的应用使得资源共享和数据通信得以实现，对于人们提高工作效率、节约劳动成本有着及其重要的意义。然而由于互联网络是一个面向社会各界的开放的信息资源库，网络数据库在方便人们办公的同时，也产生了许多安全问题。这使人们通过网络数据库正常的工作活动受到极大威胁。因此，如何保证网络数据库的安全，便成为设计数据库时需要重点考虑的问题。 本文以中国粉体工业信息网网站的建设为背景，对网络数据库安全性进行了分析与设计，主要包括以下内容： 1．分析了当前网络数据库安全研究现状，提出了网络数据库安全模型。 2．分析了当前网站安全的常用技术，重点研究了网站的防火墙防御系统的功能组成，并对网络隔离技术进行了仔细研究，提出了中国粉体工业网网站的网络安全结构。该网络安全结构具有良好的安全性。 3．给出了网站数据库的简要设计，并在此基础上对智能卡认证技术进行了深入研究。在研究基于RSA密钥算法智能卡认证技术的基础上，提出了基于散列函数的智能卡访问认证方法。秘密信息和智能卡结合的身份认证是一种适用于向数据库请求敏感信息所采用的新型身份认证技术，能够实现通信数据的安全。 4．分析了基于角色的存取控制技术。提出了基于角色控制安全数据库管理系统模型。根据模型，本文按照“角色”把用户分为一般用户，会员用户和网站管理员三类，赋予不同的访问权限。一般用户拥有访问网站一般信息权限；会员用户拥有访问网站一般信息和敏感信息权限；网站管理员拥有网站的最高控制管理权限。 根据以上内容，本文建立了用户—角色映射表和角色授权表。通过角色授权表中的角色数字，认证服务器能够对不同用户动态地采用不同安全级别的认证技术，并能根据认证结果做出授权判断。这种方法可通过应用程序实现授权而不需依赖于具体数据库。 最后，本文详细介绍了数据库安全系统的实现。该系统能够提供身份认证、角色授权和日志记录等功能。本文提出的网络数据库安全模型能够保障网络数据库的安全。更多还原

【Abstract】 In the information-globalized days, the application of network database makes resource and data communications share to be realized, which is very significant for people to enhance work efficiency and economize work cost. However, because Internet is an information resource open to different class in society, while network database brings people convenience, it also results in many secure problems. This threatens people’s natural work activity from network database greatly. Thus, how to ensure the security of network database becomes a significant problem when us design it.On the ground of the construction of China Powder Industry Information Web, this paper analyzes and designs the security of network database, and it mainly includes the following content:1. The paper analyzes the current research actuality of network database, and brings forward the general security model of network database.2. The paper analyzes the current usual technologies of Web, and studies the functional structure of firewall defense system of the Web emphatically and network isolation technology particularly, then puts forward the network security structure of the Web. The network security system structure has sound security.3. The paper realizes the design of Web database. On the basis of the database, studies smart card identity identification technology thoroughly. On the basis of study of secret key algorithm RSA based smart card identity identification technology then puts forward HASH function based smart card identity identification method. The identification of secret information combined with Smart Card is new kind identity identification technology adapting to requesting database for sensitive information, which can acquire secure data communications.4.The paper analyzes role-based access control (RBAC) technologies and puts forward role-based control secure database management system model. According to the model, the paper divides client accessing the web database into ordinary user, member user and web administrator three types with different authorities. Ordinary user owns ordinary information authority of accessing to web; member user has the authority of accessing to both ordinary and sensitive information; while web administrator owns the super administration authority.On the basis of the above resolution, the paper constructs user-role mapping table and role authorization table. By the role number of role authorization table, Certification Server can use different security-class identification technologies according to diverse users dynamically, and decides responding authorization with the identification results. This method can be realized by program without dependence on concrete database.In the end, the paper introduces the realization of database security system. The systemcan offer such functions as identity identification, role authorization and log records. The network database security resolution presenting by the paper can safeguard the security of network database completely.更多还原