###
:2019,28(9):251-257
本文二维码信息
码上扫一扫!
基于异构冗余的拟态数据库模型设计与测试
(华东计算技术研究所, 上海 201808)
Design and Test of Mimetic Database Model Based on Heterogeneous Redundancy
(East China Institute of Computing Technology, Shanghai 201808, China)
摘要
图/表
参考文献
相似文献
本文已被:浏览 64次   下载 72
投稿时间:2019-03-06    修订日期:2019-04-02
中文摘要: 数据库作为信息系统核心组件,存放着大量重要数据信息,易受到危害最大的SQL注入攻击.传统数据库防御手段需要攻击行为的特征等先验知识才能实施有效防御,具有静态、透明、缺乏多样性等缺陷.本文在此背景下,以拟态防御动态异构冗余原理为基础,使用保留字拟态化模块、指纹过滤模块、拟态化中间件模块实现SQL注入指令的指纹化、去指纹化、相似性判决,提出具有内生安全性的拟态数据库模型,并使用渗透测试演练系统DVWA中的SQL注入模块对该模型进行安全性测试,验证了拟态数据库模型的可用性和安全性.
Abstract:As the core component of the information system, the database stores a large amount of important data information and is vulnerable to the most harmful SQL injection attacks. Traditional database defense methods require prior knowledge such as the characteristics of attack behavior to implement effective defense, and have the defects of static, transparent, and lack of diversity. In this context, based on the dynamic heterogeneous redundancy principle of mimicry defense, the reserved word mimicry module, fingerprint filtering module and mimetic middleware module are used to realize fingerprinting, de-fingerprinting and similarity judgment of SQL injection instructions. A mimetic database model with endogenous security is proposed, and the model is tested using the SQL injection module in the penetration test rehearsal system DVWA to verify the availability and security.
文章编号:     中图分类号:    文献标志码:
基金项目:国家重点研发计划(2016YFB0800100)
引用文本:
赵琳娜,倪明,喻卫东.基于异构冗余的拟态数据库模型设计与测试.计算机系统应用,2019,28(9):251-257
ZHAO Lin-Na,NI Ming,YU Wei-Dong.Design and Test of Mimetic Database Model Based on Heterogeneous Redundancy.COMPUTER SYSTEMS APPLICATIONS,2019,28(9):251-257

用微信扫一扫

用微信扫一扫