数据库标签安全测试技术  

作　　者：李斌[1] 熊微[2] 叶晓俊[2] 郭颖[1] 张翀斌[1] 

机构地区：[1]中国信息安全测评中心,北京100085 [2]清华大学软件学院,信息系统与工程研究所,北京100084

出　　处：《清华大学学报（自然科学版）》2012年第10期1388-1395,1414,共9页Journal of Tsinghua University(Science and Technology)

基　　金：通用基础软件测试评估资助项目(2009ZX01045-004-001-03)

摘　　要：为了对高安全数据库管理系统(DBMS)进行安全评估,需要构建其强制访问控制(MAC)策略模型及满足测试需求的测试用例集。论文围绕通用准则第二部分的访问控制策略(FDP_ACC)组件评估要求和DBMS产品标签安全分级、范围、分组等强制访问控制组件元素,定义了一种基于有限状态机概念的模型元素和组件元素之间处理机制,设计了标签组件元素与主体、客体绑定后的读写操作策略规则;给出了一种基于数据库标签安全机制的形式化的五元组自动机模型,并基于图的深度优先遍历方法和迁移覆盖准则得到强制访问控制机制状态迁移树和迁移序列;最后采用W3C组织制定的有限状态机规范语言(SCXML)对论文提出的自动机模型进行了形式化的描述,给出了深度优先遍历自动机的SCXML文件中状态的方法。论文最后演示验证了自动生成满足迁移覆盖的、用于数据库安全标签评估的、抽象测试用例集测试用例序集。Safety evaluations of high-security database management systems（DBMS） need to be guided by an adequate security policy model and a test suite that are automatically generated according to the testing requirements.The access control policy components of the second part of the common criteria and elements of the label security component in current commercial DBMS products,such as the security level,category and group of the mandatory access control（MAC） components,are used to define a database label model based on the finite state mechanism.The system also gives handling mechanisms between various elements of components with read/write policy rules for labeling component elements binding database subjects and database objects.A formal model is gives for a five-tuple automaton for database label security and a graphics-traverse search method to produce a state transition tree and transition sequences for the migration coverage criteria of the five-tuple automaton.W3C State Chart XML（SCXML） is used to describe the five-tuple automaton with a method to process the SCXML of the five-tuple automaton.A security policy example is given for high-security DBMS to illustrate the process to produce the coverage test suite for DBMS security label assessment.

关 键 词：数据库安全 安全策略模型 标签安全 有限状态机 测试用例集 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]