-
公开(公告)号:US5572673A
公开(公告)日:1996-11-05
申请号:US162341
申请日:1993-12-01
申请人: Scott A. Shurts
发明人: Scott A. Shurts
CPC分类号: G06F21/6218 , G06F2221/2113
摘要: A database management system is provided for security of database objects. These objects may be passive elements such as tables, rows, views, the databases themselves, etc., or they may be executable items such as stored procedures or triggers. A mechanism is provided for "certifying" that certain types of objects such as stored procedures, triggers, and views can be safely used to access other, sensitive objects in the database. Certification indicates that (1) a security officer has evaluated and certified the object, and (2) the now certified object has not undergone a defined security-relevant change since certification. Certification is particularly important in the context of a "trusted" stored procedure or a "trusted" stored trigger. "Trusted" executable objects can be executed at sensitivity levels that exceed that of a user or subject. Thus, the subject may use a trusted stored procedure or trigger to access certain objects having higher sensitivity levels than his or her own. If the certified object changes in a security-relevant manner, its "certification state" changes from certified to "suspect" which causes the object to become unexecutable.
摘要翻译: 为数据库对象的安全提供了数据库管理系统。 这些对象可以是诸如表,行,视图,数据库本身等的被动元素,或者它们可以是诸如存储过程或触发器的可执行项目。 提供了一种机制,用于“证明”某些类型的对象(如存储过程,触发器和视图)可以安全地用于访问数据库中的其他敏感对象。 认证表明:(1)安全主管对该对象进行了评估和认证,(2)现在的认证对象自认证以来未经过定义的安全相关变更。 认证在“受信任”存储过程或“受信任”存储的触发器的上下文中尤其重要。 可信任的可执行对象可以在超过用户或主体的灵敏度级别执行。 因此,受试者可以使用信任的存储过程或触发器来访问具有比他或她自己的更高的灵敏度级别的某些对象。 如果认证对象以安全相关的方式更改,则其“认证状态”从认证变为“可疑”,导致对象变为不可执行。
搜索结果
1 条记录 (耗时 0.012 秒)