Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
�4
�����������
2007��-$6<-IBM1�;/-����90).���(2 2
q���8"% �,������&�� 7�
Ø �+,�!'
§ 90)24�<,
v*�,�
v-�,�
v:�,�
§ 90)24�<,
v90)
v#�24
v% �
v53
v�+24
2007�!-*@L-IBM<�G7-� ��C926��%1= 3
��KJ��&(-�+' =>4+'�&
.A�MB4��08$��BDE�+' :
3=>�LF?��"B4H��I�+'�&4
54�J�.+' 4�&
Ø+' :3=>)�4�&(-�B/;�
–+' 4��#�security��&
–+' 4�,#�integrity��&
2007��-�$'-IBM"�& -��%!�����# 4
4.1 �������
4.1.1 ������������
4.1.2 �������������
4.1.3 ��������
4.1.4 SQL ��������
2007#'-0KZ-IBMF�SD-� � QE5B �+4G 5
4.1.1 1.%@!��!�1.%Ø 1.%@!��database security�
§ \:^<�?1.%��O;1.%@?*�
vXTP"@R[W(
v-=P"@R[P��PN�
6R[1.%@1.�$/�6MDBMS@�A97
§ R[1.%@PN3�A��2�
v��@PNU?���@&?
v��8.&?@��];6V,��@1.%R[PN��V,�3��!�H�@1.%
vY�LU&JI>��!�O;H�@1.%C!�1.%�secure database��)C��1.%�trusted database�
2007��-�$'-IBM"�& -��%!�����# 6
4.1 �������
4.1.1 ������������
4.1.2 �������������
4.1.3 ��������
4.1.4 SQL ��������
2007��-(9C-IBM7�?5-����<6-4��%,8 7
4.1.2 )&��1�+/#���q)&��1�+/#���
�<6�TCB�trusted computing base����subject�����object������3@�.>�D �identification & authentication�:�=E'��discretionary access control�!�=E'��mandatory access control�)&�*$�data integrity�F;AB�hiding cannel�)&��1" �0��formulization of
database security��<�audit�=E2'��access monitor�
2007 - -IBM -( 8
q) TCBØ
Ø
2007 - -IBM - 9
)
ا
v
v (
§
v
2007 - -IBM - ( 10
Ø )
§ / )
/
��� ��� ��
2007 - -IBM - ( 11
(
q (
Ø(
§ (
§
§
Ø (
Ø ) ))
TCB
2007 - -IBM - ( 12
Ø
–§ )
§
§
§
– )
§ )
Ȥ )
§ )
2007 - -IBM - 13
–§
§
§
§
§
» )
§
–§ (
§
§ (
2007 - -IBM - 14
( )
–
§
§ (
§
2007 - -IBM - 15
q DACØ )
Ø / (
1 2 …… i ……
1 …… …… …… / ……
2 …… …… …… / ……
…… …… …… …… …… ……
j / …… / / ……
…… …… …… …… …… ……
2007 - -IBM - 16
)
Ø
– )
§ (
–§
§
– DAC§
2007 - -IBM - ( 17
Ø DAC–
–––
ØDAC– )
– ) Grant / Revoke
–
2007 - -IBM - 18
q MACØ ) )
/
Ø)/ label– label of security level
§ )
– label of security category§ )
Ø ) )
(
2007 - -IBM - ) 19
)
Ø Bell-Lapadula–
(
§ (
§
Ø)
)
2007 - -IBM - 20
( )
Ø
– (
§
–– MAC
Ø MAC––
– (
2007 - -IBM - ( 21
q
Ø insert deleteupdate
Ø
––
Ø
– )
––
2007 - -IBM - 22
q
Ø ( (
Ø
– TCB (/
Ø
– TCB
Ø )
2007 - -IBM - ( 23
q
Ø
)
Ø
2007 - -IBM - 24
q
Ø
– / / / / /
–
Ø )
DBMS( )
2007 - -IBM - 25
Ø
–
§
§
§
–§
§ (
)
2007 - -IBM - 26
– (
§
Ȥ ) /
– / § /
2007 - -IBM - 27
q
Ø (
– )
) )
ØTCB /TCB (
2007��-�$'-IBM"�& -��%!�����# 28
4.1 �������
4.1.1 ������������
4.1.2 �������������
4.1.3 ��������
4.1.4 SQL ��������
2007%'-,@F-IBM;�E8-���!B917!�)0< 29
4.1.3 -*&6"�2�q"�2�6�C��
§ ?�(./)�� B91<>D�2�TCSEC�Trusted Computer System Evaluation Criteria�v1970%5?��G7! �+��1985%�$��GF2���(#A34
• "�=���H���:�=�D, C1, C2, B1, B2, B3, A�
2007��-�04-IBM*�3'-����1)"&���!+ 30
4.1.3 ��%�#q�#%�2���.�
Ø��– 1999��1)"��+-���(,�� �GB 17859-1999�§�$/�%TCSEC#
GB 17859-1999�� TCSEC�� - D
� 1�������� C1 � 2�� ����� C2 � 3�������� B1 � 4������ B2 � 5�������� B3
- A
2007��-�/6-IBM*�5&-����1) %����+ 31
4.1.3 ���$�"
q1) ��+.���(,�� �GB 17859-1999�
'1,�#�0���,
'2,�+.�1��,
'3,��"2��,
'4,�-!���,
'5,�3784��,
2007��-�$'-IBM"�& -��%!�����# 32
4.1 �������
4.1.1 ������������
4.1.2 �������������
4.1.3 ��������
4.1.4 SQL ��������
2007��-(8@-IBM5�>3-����;4-2��!,6 33
4.1.4 SQL�)#�� 0'"
q�SQL’92�&��C17)#�� 0'"��+�
Ø�������/���1Ø?/=�A�
Ø)#�*
Ø:�<B%��$.�9
2007��-*:E-IBM7�@5-���=6.4��!-8 34
4.1.4 SQL�+#�� 3'"q<�>F%��$/�;
ØSQL�3<�>F%�,DB�2 �&��A�&�/G�C13��90��2 �+#3>
F/G3���DB$/�Grant���(�Revoke�?�0)�2 3>F/G
Ø&�/G
v SELECT/
v INSERT/
v DELETE/
v UPDATE/
v REFERENCE/
v EXECUTE/
v USAGE/
2007��-#/7-IBM- 4*-����3+&)���%. 35
4.1.4 SQL�$ ��("�
Ø!��5
– 0�1�– ��– ��type��UDT�'���$ ,��– ��6*/$�2��
Ø'�
–$ �'�
2007��-�'--IBM%�+#-� �)$�"����& 36
4.1.4 SQL������!��
��*
GRANT <���.�(> ON <���,>TO < ���(> [WITH GRANT OPTION]
–��§ grant SELECT�UPDATE on S
to XULIN with grant option
§ grant UPDATE (G) on SC to XULIN
2007��-#19-IBM.�6,-����4-'+���&/ 37
4.1.4 SQL�$����*!�
�"5�
REVOKE < �(<3> ON < ��7>FROM <)� 3> [RESTRICT | CASCADE]
–CASCADE�8:�"–RESTRICT�����8:�";=%�2�"(<���0�"
–��§ revoke UPDATE on S from XULIN cascade
2007�-���-IBM����-������������� 38
4.2 � ����
200748-Hcn-IBM`$l^-��+-h_R]-@Qa 39
4.2 IE7Z.J:
qIE7Z.J:
ØDIE7�IEZV\:#�e:��C�
–V\:�IEZPG:�P= –�e:�&)Y?�)^6�5�iqIE7Z<����j1IEZOK��X0s�eZ<�
Ø>��Ltgm�&IE7��XpkZIE��rU
IEZ.J: �['�"N�,S%�T�!AB
Z�%b2eIE7�ZIEf['��gd*�N�
X5o��/ZFM3IE7�ZIE;(�V\ZW
9��
2007'+-;`m-IBM[�iY-���!fZHX!�3G\ 40
4.2 <6)U"=/q"=/�4
Ø%<6)�<6UOW/��b/U_4��5�–�2dD>9A�MLC�k�"=/]JK�(��gB�@:� l-U�*
–pNF �IU�QT1Uh9
q"=/�4UVUØ�A�SohØa�n�8?pNohUj�Pc,ØE^&<6)0��OWR.
q"=/�4U$S8?Ø"=/]JKU#��MLØe��Ø(�7�3G
2007��-�+2-IBM'�1%-���/&�$����( 41
4.2 ���#���
4.2.1 ��������#,
4.2.2 ���-�#����
4.2.3 ���)�#0*�! ��"
4.2.4 .�
2007��-�9A-IBM4�>2-����<3'1���&5 42
4.2.1 ���!���0�:
q���%�:
Ø=8�:
–57 /�� ���!�0�%;,
Ø+*�:
–$:+* ���0 �#�$@�6()�0-?-
�.�:
–-@�6()�"�$ "�.0:
2007��-�+2-IBM'�1%-���/&�$����( 43
4.2 ���#���
4.2.1 ��������#,
4.2.2 ���-�#����
4.2.3 ���)�#0*�! ��"
4.2.4 .�
2007*,-2NV-IBMJ�TE-��"$SG6D$/5K 44
4.2.2 %4-R�B���(
q �K30+KM�1���U�I30%4-L7�
Ø'�%4-R�– ��!PB��W#��C����)-B��O F�
�>%4-R�
Ø@.&�B%4-R�–[email protected]&�B30%4-Q<
ØA30+H?KM91�30%4-L78�B&��;:B�=�
2007,.-4JU-IBMF�SC-��#&QE9A&�38G 45
4.2.2 '51P�?��)
�='51P�
–L�GR7+1WF����GS?��V$Ks@*-���7@�?R ���M ���B�GR/>�GS?�H§T:?+1WFNB��GR?"�V$��GR��GS��6���G�
–�='51P�O<§�GR?;�H!"�V$F�?�2I6D��NULL��20X/>!�GS%!?�H���K/>�%!?(�
2007 �-���-IBM����-���������� 46
4.2.2 �������������
� � � � � � �� … … … …
993501 � �� 18
… … … … ���
� � ��� �� … … …
993501 CS101 85
993501 EN103 90
… … …
2007��-�+0-IBM(�/&-����-'"%���!) 47
4.2.2 ���,�#����
����
��� �� �� �
�� ��� �
���
E012 � � ���� 53 1200 E001
E025 � � � � 27 800 E012
E001 ��� � 49 3000 NULL
����.�� $���*1�#��.�� �$
2007��-�'+-IBM$�)"-���(#�!����% 48
,���&� ����
� � � � � � �� … … … …
993501 � �� 18
… … … …
��� � � ��� ��
… … …
993501 CS101 85
993501 EN103 90
… … …
��*)�%�� ,����������&����
Foreign key(��) References �� On Delete Cascade;Foreign key(��) References �� On Delete Restrict;Foreign key(��) References �� On Delete Set Null;
Foreign key(��) References �� On Delete No Action;
�����
q“restrict”��no action����
UPDATE PAR SET PID=PID-1
Ø“restrict”��Ø�no action”���
10/17/19 10:51 PM Websoft, Nanjing Univ. [http://ws.nju.edu.cn]
49
PID NAME1 PAR12 PAR23 PAR3
CID CDESC PID51 51DESC 152 52DESC 2
PAR
2007��-�+2-IBM'�1%-���/&�$����( 50
4.2 ���#���
4.2.1 ��������#,
4.2.2 ���-�#����
4.2.3 ���)�#0*�! ��"
4.2.4 .�
2007+.-9Xg-IBMP�aN-��$'_O@M'4?Q 51
4.2.3 (;/RAJ`W�DC"Hq�B(;/RA\��Y>��S0g�
Ø(;/RAB�J`W
Ø(;/RAB�JDC
–�DBMS�g`WjJc�DCE!
Ø(;/RAB�J"H
–�I2J8��L :7J(;/��f�(;/RAB�J[F�=�QV*�
§ 6U3Z�,5^15h�
§ bIK-J�:��N�eZ"H�%�
»�#i) &��T�J"H<G»�]���T�J"HdN
200701-6QY-IBMJ�WF-��(*UH;E*�3:K 52
4.2.3 +82L=CVP�@?�$Bq+82L=>�VP
Ø/2MCL=�"L=�–74I!CL=�\G�L=���R CL=
Ø�NMCL=�SL=�–D,���XD���Z�,�–&D,�–# �NC@?)��/2[�KC,�
Ø�.L=�9Tassertion�–���KA��OU5�CL=>�–'��K�[%<CL=>�
q-L=��ØCONSTRAINT <L=�> <+82L=,�)�>
2007��-!3;-IBM.�:+-����8,%*���$/ 53
SQL97��#�0&6( �
q��4 ��CREATE TABLE�Ø<5��(��
–'�� & 4�
–��(��§��� & "�-�§��(2)���
DEFAULT { default_constant | NULL }§��1("�0&��
–41("�0&��
2007��-�+2-IBM'�1#-���/%�"����( 54
SQL0.����) -�!��q��*!)
��& !) ��,�!) �3$�)
{ NOT NULL |[ CONSTRAINT constraint_name ]
UNIQUE| PRIMARY KEY| CHECK ( search_condition )
| REFERENCES table_name [ ( column_name ) ][ ON DELETE CASCADE | RESTRICT | SET NULL ][ ON UPDATE CASCADE | RESTRICT | SET NULL ] }
������!�)
2007��-�#)-IBM (�-��� &��� ���! 55
SQL'%����"�$����
[ CONSTRAINT constraint_name ]{ UNIQUE ( colname { , colname ... } )
| PRIMARY KEY ( colname { , colname ... } )| CHECK ( search_condition )| FOREIGN KEY ( colname { , colname ... } )
REFERENCES table_name [ ( colname { , colname ... } ) ][ ON DELETE CASCADE | RESTRICT | SET NULL ][ ON UPDATE CASCADE | RESTRICT | SET NULL ] }
��������"�
2007#$-+@L-IBM;�I8-���G:07��&/< 56
SQLHF!�-%=1E�6)'
q���"%>6,(=1.ND?A6�
ØNOT NULL vs. DEFAULT NULL
ØConstraint name–!4�,(=12�JB����KO�–����� 5ALTER TABLE�3�*C�6,(=1��
ØUNIQUE vs. NOT NULL–UNIQUE"%���9�–�KM�candidate key��
UNIQUE + NOT NULL
2007��-#4>-IBM/�=--����:.),���(0 57
SQL<9��%�1*8 +"�
q�����2+$ 1*'@736+���cont.�
ØPRIMARY KEY vs. NOT NULL
ØREFERENCES– FOREIGN KEY��?� vs. PRIMARY KEY��?�–�?�+�1*���5�+;!&
§ CASCADE | RESTRICT | SET NULL
ØCHECK
2007��-�)/-IBM$�."-���,#�!����% 58
SQL-+����&�*���q�('�&�
� ���PRIMARY KEY( <column-list> )
��0���UNIQUE( <column-list> )
Ø ���
FOREIGN KEY ( <fk-column-list> )
REFERENCES <table-name> ( <pk-column-list> )[ ON UPDATE [ RESTRICT | CASCADE | SET NULL ] ][ ON DELETE [ RESTRICT | CASCADE | SET NULL ] ]
��1�%����CHECK( <condition> )
2007��-�$*-IBM �)�-���'������! 59
SQL(& ���"�%����
q����#��"���
�1
CREATE TABLE Student (
sno NUMBER(5)
CONSTRAINT C1 CHECK (sno BETWEEN 90000 AND 99999),
sname VARCHAR (20)
CONSTRAINT C2 NOT NULL,
sage NUMBER(3)
CONSTRAINT C3 CHECK (sage<29) );
2007� -��$-IBM��#�-���!������� 60
SQL" �����������2
CREATE TABLE EMP�Empno NUMBER (4),Ename VARCHAR (10),PersonId VARCHAR(15),Job VARCHAR (9),Mgr NUMBER (4),Sal NUMBER (7, 2),Deptno NUMBER (2),
CONSTRAINT pk PRIMARY KEY( Empno ),
CONSTRAINT uni_name UNIQUE ( PersonId ),
2007�-��"-IBM��!�-���������� �� 61
SQL �����������
CONSTRAINT fk_deptFOREIGN KEY( Deptno )
REFERENCES DEPT( Deptno )ON UPDATE CASCADEON DELETE RESTRICT,
2007�-��"-IBM��!�-���������� �� 62
SQL �����������
CONSTRAINT fk_mgrFOREIGN KEY( Mgr )
REFERENCES EMP( Empno )ON UPDATE CASCADEON DELETE SET NULL,
2007��-� &-IBM��%�-����#�������� 63
SQL$"� ��!����
CONSTRAINT chk_1 CHECK ((Job=‘���� AND Sal>15000) OR(Job=‘&'��� AND Sal between 5000
and 10000) OR(Job<>‘���� AND Job<>‘&'���
ANDSal between 1000 and 5000)
));
2007 "-)9@-IBM5�?3-����=4,2��&+6 64
SQL><��*$7.;�1('
§ ��:1��������#�-1�
���$% 81�*$7./��!��
�7./���0���1�6
2007�!-'5>-IBM2�<0-� ��81+/�$*3 65
SQL;7��(#4,6�.&%
§ �����9�81+3��CS�.�-=��PASCAL0 :8��PAS�<0����"�����3)������(#4,�
CHECK ( NOT ( (S# IN (SELECT S#
FROM SWHERE sd=‘CS’) )
AND(C# IN (SELECT C#
FROM CWHERE cn=‘PAS’) )
) );
2007'(-/DO-IBM@�I>-��� G?4= �*3A 66
SQLHF$"1)B5E�;-+
? PQ�M"1)B5�$#�!;� ���AJ�9�C$� 8��A�J�9��6
��7�N�PASCALI>; 8K�G?4A�%�A��&);��. �G?4���L
2:�<�� ���A;0,"1)
2007��-�$*-IBM!�)�-��' �����" 67
SQL(& ���#�%����
q��#���&
���&
CREATE ASSERTION <name> CHECK( <condition> )
���&
DROP ASSERTION <assertion-name-list>
2007��-�%,-IBM"�* -�� (!�� ���# 68
§ ���-* �+������20�
CREATE ASSERTION ass_1 CHECK (20 <= ALL ( SELECT COUNT(*)
FROM SCGROUP BY C# )
);
SQL)'����$�&���
2007��-�.7-IBM*�4(-����1)"'���!+ 69
SQL30�� �,#/�&��q��%�6���-$��DS�4(� �8�65�PASCAL(�21��PAS�4
CREATE ASSERTION ass_2 CHECK (NOT EXISTS (
SELECT * FROM SC WHEREC# IN ( SELECT C#
FROM CWHERE cn = ‘DS’ )
ANDS# NOT IN ( SELECT SCX.S#
FROM SC SCX, CWHERE SCX.C# = C.C#
AND C.cn=‘PAS’ )) );
2007��-�+2-IBM'�1%-���/&�$����( 70
4.2 ���#���
4.2.1 ��������#,
4.2.2 ���-�#����
4.2.3 ���)�#0*�! ��"
4.2.4 .�
2007.1-:Sb-IBMO�[M-��%'ZN@K'�7?P 71
4.2.4 Y�
qY�
Ø";9/PR������I�G�,U�$� ��
I�G�_BI�TXL�Y�
ØY� I�T�A���I�G�,U�$� ��I
6W��Dc�����+;9*<35\I2�
ØY� >�=H�;9I*<3�8��E"-Q``
]�CV!�X0H��(IJI�&�
– ;9I)�3�8
– H4I0Ha^#F– ;9/PRI���T
2007#&-5S^-IBMM�XJ-� ��WL;I��1:N 72
4.2.4 V��qV��GQ,
ØV����ED.!�
–]"?� 7+O<=�G�!-?H623P��
–��D.F)�62G����4K
ØR>���ED.!�
–(V����C8�D�B_V���/'[GZ`*�GJ%
–]"9�QED.��GSQL��
ØV�\J
–(DBMS@A�V���G�C8�T�YD$0UR>��G\J
2007 �-���-IBM����-������������ 73
4.2.4 ��q�������
CREATE TRIGGER trigger_name { BEFORE | AFTER }
{ INSERT | DELETE
| UPDATE [ OF colname { , colname ... } ] }
ON table_name
[ REFERENCING corr_name_def { , ...... } ]
[ FOR EACH ROW | FOR EACH STATEMENT ]
[ WHEN ( search_condition ) ]
{ statement
| BEGIN ATOMIC statement; { statement; ... } END
2007��-�� -IBM���-��� ���� ���� 74
4.2.4 ���q����������
The corr_name_def that defines a correlation name follows:
{ OLD [ ROW ] [ AS ] old_row_corr_name| NEW [ ROW ] [ AS ] new_row_corr_name
| OLD TABLE [ AS ] old_table_corr_name| NEW TABLE [ AS ] new_table_corr_name }
2007� -���-IBM����-������������ 75
4.2.4 ��q�������
DROP TRIGGER trigger_name ;
2007!"-(;C-IBM6�@4-���?5-2��$,7 76
4.2.4 >��q 4.12
Ø>�����'#�0( 1�A�:3
Ø9.����&�)1( �8#( 1:3+��(%*�=(%�A�1000�����<�B�1000��
CREATE TRIGGER update_sal
BEFORE INSERT or UPDATE(Sal, Pos) ON Teach
FOR EACH ROW
WHEN (:new.Pos =‘(%�) /*/( 1:3�(%*/
BEGIN IF :new.sal < 1000
THEN :new.sal := 1000;
END IF;
END�