作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2011, Vol. 37 ›› Issue (12): 33-35. doi: 10.3969/j.issn.1000-3428.2011.12.011

• 软件技术与数据库 • 上一篇    下一篇

数据库恶意事务恢复日志系统

陈 敏 1,陈 榕 1,王云帆 2   

  1. (1. 中国长江三峡集团公司信息中心,湖北 宜昌 443002;2. 中国长江电力股份有限公司,湖北 宜昌 443002)
  • 收稿日期:2010-12-24 出版日期:2011-06-20 发布日期:2011-06-20
  • 作者简介:陈 敏(1984-),女,硕士,主研方向:数据库安全; 陈 榕,高级工程师、硕士;王云帆,工程师

Log System for Recovery from Database Malicious Transaction

CHEN Min 1, CHEN Rong 1, WANG Yun-fan 2   

  1. (1. Information Center, China Three Gorges Project Corporation, Yichang 443002, China; 2. China Yangtze Power Co., Ltd., Yichang 443002, China)
  • Received:2010-12-24 Online:2011-06-20 Published:2011-06-20

摘要: 恶意事务攻击成功后的数据恢复机制要求日志文件必须同时记录写操作信息和读操作信息。为此,提出一种数据库恶意事务恢复日志策略,并基于该策略设计日志系统。在日志系统中,结构化查询语言(SQL)语句过滤可保护日志文件的安全,拒绝终端客户对日志文件的非法操作;敏感信息设置从行级和列级2个方面设置日志记录必须满足的约束条件,可有效控制日志文件的规模;写日志产生器通过使用触发器的临时表完成对写操作的记录;读日志产生器通过重构SQL语句产生临时表,再访问临时表完成对读操作的记录。实验结果表明,该系统可有效记录数据库读写操作,但同时会降低整体系统的效率。

关键词: 恶意事务恢复, 日志系统, 敏感信息, 写日志产生器, 读日志产生器

Abstract: Recovery from malicious transaction has become an important method to protect database, the new recovery mechanism raises new requirement that the log file should not only record information of write operation but also the information of read operation. To fulfill the new requirement, a new log strategy is proposed, According to this strategy, the log system is designed and implemented, the system is composed by four parts: SQL statements filtrating, sensitive information setting, write log generator and read log generator. Structured Query Language(SQL) statements filtrating aims to protect the log file from malicious users. Sensitive information setting gives constraints to log record to control the size of log file. Write log generator uses triggers to records the information of write operation. Read log generator records the information of read operation via re-constructing SQL statements, creating temporary table and accessing temporary table. Experimental result shows that log system records database operations effectively, but decreases the efficiency of the whole system.

Key words: recovery from malicious transaction, log system, sensitive information, write log generator, read log generator

中图分类号: