CN103186733B - Database user behavior management system and database user behavior management method - Google Patents
Database user behavior management system and database user behavior management method Download PDFInfo
- Publication number
- CN103186733B CN103186733B CN201110459730.4A CN201110459730A CN103186733B CN 103186733 B CN103186733 B CN 103186733B CN 201110459730 A CN201110459730 A CN 201110459730A CN 103186733 B CN103186733 B CN 103186733B
- Authority
- CN
- China
- Prior art keywords
- user
- opereating specification
- operational order
- database
- work order
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a kind of database user behavior management system and database user behavior management method, this database user behavior management system comprises: operational order acquisition module, for obtaining the operational order of user's input; Operational order analysis module, for analyzing described operational order, obtains the command operating scope that described operational order is corresponding; Validity judgement module, for judging whether described command operating scope exceeds the permission opereating specification of this operation of described user; Operational order forwarding module, for do not exceed when described command operating scope described user this operation permission opereating specification time, described operational order is transmitted to database; Operational order blocking module, for exceed when described command operating scope described user this operation permission opereating specification time, tackle described operational order.The present invention can real-time analysis user operation, and whether real-time judge user operation is legal, real-time blocking illegal operation.
Description
Technical field
The present invention relates to business support and management information system field, particularly relate to a kind of database user behavior management system and database user behavior management method.
Background technology
The emphasis that the safe Shi Ge large enterprises of current database information pay close attention to.If database user carries out illegal operation by backstage to the sensitive data in database, cause sensitive data to be revealed or by malicious modification, huge economic loss and the impact of serious brand image will be brought to enterprise.
Current solution is: carry out post audit by 4A (certification Authentication, account Account, mandate Authorization, audit Audit) system of users operation.Be illustrated in figure 1 the general frame schematic diagram of Database Systems of the prior art, these Database Systems comprise: 4A system, BOSS (business operation support system, BuSSineSS & OperationSupportSystem) fort machine and BOSS database, 4A system can limit the access rights etc. of user, and can the Operation Log of recording user, even can by the operating process of video monitoring system recording user.Management staff can after user's complete operation, derive all character Command for BOSS database and the operating process videograph of user's input, by reading operations daily record and the mode of watching video, carry out artificial judgment to whether the operation of each user is legal.
Can find out, keeper is only after generation security incident, and just can know once there was people's violation operation, and need to audit one by one to mass operations daily record, even if found some illegal operations in audit process, accident impact produces.And it is extremely loaded down with trivial details to carry out backtracking fix duty from massive logs, audit work amount is very big, causes practical operation content and examination & approval content matching accuracy is low, efficiency is low, illegal operation finds the problems such as success ratio is low.
Obviously, use current 4A solution, to operation user behavior real-time analysis (Analyse), cannot real-time judge user operation whether can not be legal, real-time blocking cannot be carried out to illegal operation behavior.
Summary of the invention
In view of this, the invention provides a kind of database user behavior management system and database user behavior management method, can carry out real-time analysis to user operation, whether real-time judge user operation is legal, and carries out real-time blocking to illegal operation.
For solving the problem, the invention provides a kind of database user behavior management system, comprising:
Operational order acquisition module, for obtaining the operational order of user's input;
Operational order analysis module, for analyzing described operational order, obtains the command operating scope that described operational order is corresponding;
Validity judgement module, for judging whether described command operating scope exceeds the permission opereating specification of this operation of described user;
Operational order forwarding module, for do not exceed when described command operating scope described user this operation permission opereating specification time, described operational order is transmitted to database;
Operational order blocking module, for exceed when described command operating scope described user this operation permission opereating specification time, tackle described operational order.
Optionally, described database user behavior management system also comprises:
Work order synchronization module, for the examination & approval work order in synchronous WorkForm System;
Work order analysis module, for analyzing synchronous examination & approval work order, obtaining the permission opereating specification of synchronous examination & approval work order and storing;
Wherein, described validity judgement module also in the permission opereating specification from all examination & approval work orders stored, extracts the permission opereating specification of examination & approval work order corresponding to described user, as the permission opereating specification of this operation of described user.
Optionally, described database user behavior management system also comprises:
Work order identifier acquisition module, for obtaining the work order mark of described user input;
Wherein, the work order of described work order analysis module also for obtaining synchronous examination & approval work order identifies and stores;
Described validity judgement module also in the permission opereating specification from all examination & approval work orders stored, extracts the permission opereating specification identifying identical examination & approval work order with the work order that described user inputs, as the permission opereating specification of this operation of described user.
Optionally, described operational order analysis module be based on abstract syntax tree generate syntax analyzer and lexical analyzer described operational order is analyzed, obtain the command operating scope that described operational order is corresponding;
Described work order analysis module be based on abstract syntax tree generate syntax analyzer and lexical analyzer synchronous examination & approval work order is analyzed, obtain the permission opereating specification of synchronous examination & approval work order and store.
Optionally, described validity judgement module also comprises:
First judge module, for judging whether described command operating scope relates to the sensitive data of described database;
Second judge module, for when described command operating scope relates to the sensitive data of described database, judges whether described command operating scope exceeds the permission opereating specification of this operation of described user;
Wherein, described operational order also for when described command operating scope does not relate to the sensitive data of described database, is transmitted to described database by described operational order forwarding module.
The present invention also provides a kind of database user behavior management method, comprising:
Obtain the operational order of user's input;
Described operational order is analyzed, obtains the command operating scope that described operational order is corresponding;
Judge whether described command operating scope exceeds the permission opereating specification of this operation of described user;
When described command operating scope does not exceed the permission opereating specification of this operation of described user, described operational order is transmitted to database;
When described command operating scope exceeds the permission opereating specification of this operation of described user, tackle described operational order.
Optionally, described judge described command operating scope whether exceed described user this operation permission opereating specification step before also comprise:
Examination & approval work order in synchronous WorkForm System;
Synchronous examination & approval work order is analyzed, obtains the permission opereating specification of synchronous examination & approval work order and store;
The described step of permission opereating specification judging whether described command operating scope exceeds this operation of described user comprises:
From the permission opereating specification of all examination & approval work orders stored, extract the permission opereating specification of examination & approval work order corresponding to described user, as the permission opereating specification of this operation of described user.
Optionally, described judge described command operating scope whether exceed described user this operation permission opereating specification step before also comprise:
Obtain the work order mark of described user input;
The work order obtaining synchronous examination & approval work order identifies and stores;
The described step of permission opereating specification judging whether described command operating scope exceeds this operation of described user comprises:
From the permission opereating specification of all examination & approval work orders stored, extract the permission opereating specification identifying identical examination & approval work order with the work order that described user inputs, as the permission opereating specification of this operation of described user.
Optionally, describedly to analyze described operational order, the step obtaining command operating scope corresponding to described operational order comprises:
The syntax analyzer generated based on abstract syntax tree and lexical analyzer are analyzed described operational order, obtain the command operating scope that described operational order is corresponding;
Described synchronous examination & approval work order to be analyzed, obtains the permission opereating specification of synchronous examination & approval work order and the step stored comprises:
The syntax analyzer generated based on abstract syntax tree and lexical analyzer are analyzed synchronous examination & approval work order, obtain the permission opereating specification of synchronous examination & approval work order and store.
Optionally, the described step of permission opereating specification judging whether described command operating scope exceeds this operation of described user comprises:
Judge whether described command operating scope relates to the sensitive data of described database;
When described command operating scope relates to the sensitive data of described database, judge whether described command operating scope exceeds the permission opereating specification of this operation of described user;
When described command operating scope does not relate to the sensitive data of described database, described operational order is transmitted to described database.
The present invention has following beneficial effect:
Real-time analysis is carried out to the operational order of user's input, whether the operational order of real-time judge user input is valid operation instruction, and legal operational order is forwarded, real-time blocking is carried out to illegal operation instruction, thus solves existing 4A system and can not find in data base administration and real-time blocking illegal operation, " mid-event control ", problem that audit coupling accuracy is low cannot be realized.
Accompanying drawing explanation
Fig. 1 is the general frame schematic diagram of Database Systems of the prior art;
Fig. 2 is a structural representation of the database user behavior management system of the embodiment of the present invention;
Fig. 3 is a schematic flow sheet of the database user behavior management method of the embodiment of the present invention;
Fig. 4 is another schematic flow sheet of the database user behavior management method of the embodiment of the present invention;
Fig. 5 is the another schematic flow sheet of the database user behavior management method of the embodiment of the present invention;
Fig. 6 is the general frame schematic diagram of the Database Systems of the embodiment of the present invention;
Fig. 7 is the workflow schematic diagram of the Database Systems in Fig. 6.
Embodiment
4A solution of the prior art, the illegal operation of user can not be found and the basic reason of real-time blocking is that Database Systems all carry out transparent transmission to all operational orders, in the embodiment of the present invention, the all operations instruction of user's input is all analyzed, judge that whether operational order is legal, and real-time blocking is carried out to illegal operation instruction, thus fundamentally solving a difficult problem for current database security O&M management and control work.
Below in conjunction with drawings and Examples, the specific embodiment of the present invention is described in further detail.
Be illustrated in figure 2 a structural representation of the database user behavior management system of the embodiment of the present invention, this database user behavior management system comprises:
Operational order acquisition module 201, for obtaining the operational order of user's input; This operational order is the operational order for database.
Operational order analysis module 202, for analyzing described operational order, obtains the command operating scope that described operational order is corresponding; Described opereating specification comprises operand and the operational motion to this operand.
Validity judgement module 203, for judging whether described command operating scope exceeds the permission opereating specification of this operation of described user;
Operational order forwarding module 204, for do not exceed when described command operating scope described user this operation permission opereating specification time, described operational order is transmitted to database;
Operational order blocking module 205, for exceed when described command operating scope described user this operation permission opereating specification time, tackle described operational order.
The database user behavior management system provided by above-described embodiment, real-time analysis can be carried out to the operational order of user's input, whether the operational order of real-time judge user input is valid operation instruction, and legal operational order is forwarded, real-time blocking is carried out to illegal operation instruction, thus solves existing 4A system and can not find in data base administration and real-time blocking illegal operation, " mid-event control ", problem that audit coupling accuracy is low cannot be realized.
In the embodiment of the present invention, can permission opereating specification (i.e. the operating right of user) corresponding to pre-configured user, and store.When detecting that a certain user enters the operating instructions, first this operational order is analyzed, obtain the command operating scope that this operational order is corresponding, and from permission opereating specification corresponding to all users stored, extract the permission opereating specification that this user is corresponding, judge whether the command operating scope that this operational order is corresponding exceeds permission opereating specification corresponding to this user, if, then judge that this operational order is as illegal operation instruction, this operational order is tackled, otherwise, judge that this operational order is as valid operation instruction, this operational order is transmitted to database.
In the embodiment of the present invention, also can arrange a WorkForm System, user, before often performing a database manipulation, needs to fill in an examination & approval work order, and this examination & approval work order is stored in WorkForm System, record the permission opereating specification of this time to database manipulation of this user in this examination & approval work order.Database user behavior management system can all examination & approval work orders in periodic synchronous WorkForm System, such as every three hours synchronous once, or, also can only when WorkForm System has renewal, the examination & approval work order of synchronized update.After examination & approval work order in WorkForm System is synchronously come, can analyze examination & approval work order, obtain the permission opereating specification (the permission opereating specification hereinafter referred to as examination & approval work order) of examining user's this operation of recording in work order.When database user behavior management systems axiol-ogy enters the operating instructions to user, this operational order is analyzed, obtain the command operating scope that this operational order is corresponding, and from the permission opereating specification of all examination & approval work orders stored, extract the permission opereating specification of examination & approval work order corresponding to described user, as the permission opereating specification of this operation of described user, to judge whether the command operating scope that operational order is corresponding exceeds this permission opereating specification operated of described user.
Corresponding to foregoing description, the database user behavior management system of the embodiment of the present invention can also comprise:
Work order synchronization module, for the examination & approval work order in synchronous WorkForm System;
Work order analysis module, for analyzing synchronous examination & approval work order, obtaining the permission opereating specification of synchronous examination & approval work order and storing;
Wherein, described validity judgement module also in the permission opereating specification from all examination & approval work orders stored, extracts the permission opereating specification of examination & approval work order corresponding to described user, as the permission opereating specification that user is corresponding.
Described work order analysis module and aforesaid operations instruction analysis module can adopt Same Physical Implement of Function Module, and different physical function modules also can be adopted to realize.
In the embodiment of the present invention, a unique User Identity can be configured for each user, and User Identity is indicated out in the examination & approval work order of this user, thus the examination & approval work order of user can be extracted easily from multiple examination & approval work order, to judge whether the command operating scope of the operational order that user inputs exceeds the permission opereating specification of the examination & approval work order of this user.
In the present embodiment, (in the present embodiment, key can be called for each examination & approval work order configures a work order mark, such as work order serial number), when user needs to operate database, need the work order mark inputting examination & approval work order corresponding to this user, then according to the work order mark of user's input, from the permission opereating specification of all examination & approval work orders stored, extract the permission opereating specification identifying corresponding examination & approval work order with the work order that described user inputs, as the permission opereating specification of this operation of described user, to judge whether the command operating scope of the operational order that user inputs exceeds the permission opereating specification of this operation of this user.
Corresponding to foregoing description, the database user behavior management system of the embodiment of the present invention can also comprise:
Work order identifier acquisition module, for obtaining the work order mark of described user input;
Wherein, above-mentioned work order analysis module is also for analyzing synchronous examination & approval work order, and the work order obtaining synchronous examination & approval work order identifies and stores.Described validity judgement module also in the permission opereating specification from all examination & approval work orders stored, extracts the permission opereating specification identifying corresponding examination & approval work order with the work order that described user inputs, as the permission opereating specification of this operation of described user.
When the data volume related in database is larger, if all carry out matching operation with the permission opereating specification of examination & approval work order for each operational order of user, the burden of database user behavior management system will be increased.Thus, in the embodiment of the present invention, important for some in database data (such as relate to privacy of user or relate to the data of secret of the trade) can be configured to sensitive data, only carry out matching operation for the operational order that these sensitive datas are corresponding with the permission opereating specification of examination & approval work order, then can directly forward for the operational order for general data.
Based on foregoing description, the validity judgement module of the embodiment of the present invention can also comprise following functions module:
First judge module, for judging whether described command operating scope relates to the sensitive data of described database;
Second judge module, for when described command operating scope relates to the sensitive data of described database, judges whether described command operating scope exceeds the permission opereating specification of this operation of described user;
Wherein, described operational order also for when described command operating scope does not relate to the sensitive data of described database, is transmitted to described database by described operational order forwarding module.
In addition, in above-described embodiment, after described operational order is transmitted to database by operational order forwarding module, described database can perform described operational order, and obtaining an operating result, described operating result can also be returned to user by described database user behavior management system.That is, described database user behavior management system can also comprise one and return module, for described database is returned to described user for the operating result of described operational order.
In addition, the database user behavior management system of the embodiment of the present invention can also comprise a logging modle, and the legitimacy for the operational order inputted user carries out record.
Corresponding to above-mentioned database user behavior management system, the embodiment of the present invention also provides a kind of database user behavior management method, be illustrated in figure 3 a schematic flow sheet of the database user behavior management method of the embodiment of the present invention, this database user behavior management method comprises the following steps:
Step 301, obtains the operational order of user's input.
Step 302, analyzes described operational order, obtains the command operating scope that described operational order is corresponding.
Step 303, judges whether described command operating scope exceeds the permission opereating specification of this operation of described user, if so, performs step 304, otherwise, perform step 305.
Step 304, tackles described operational order.
Step 305, is transmitted to database by described operational order.
In addition, in the present embodiment, after operational order is transmitted to database, can also comprise: the step described database being returned to described user for the operating result of described operational order.
In the embodiment of the present invention, according to the examination & approval work order of user synchronous from WorkForm System, can judge whether the command operating scope of the operational order that user inputs exceeds the permission opereating specification of this operation of user.Be illustrated in figure 4 another schematic flow sheet of the database user behavior management method of the embodiment of the present invention, this database user behavior management method comprises the following steps:
Step 401, the examination & approval work order in synchronous WorkForm System.
Step 402, analyzes synchronous examination & approval work order, obtains the permission opereating specification of synchronous examination & approval work order and stores.
Step 403, obtains the operational order of user's input.
Step 404, analyzes described operational order, obtains the command operating scope that described operational order is corresponding.
Step 405, from the permission opereating specification of all examination & approval work orders stored, extracts the permission opereating specification of examination & approval work order corresponding to described user.
Step 406, judges whether described command operating scope exceeds the permission opereating specification of examination & approval work order corresponding to described user, if so, performs step 407, otherwise, perform step 408.
Step 407, tackles described operational order.
Step 408, is transmitted to database by described operational order.
In the present embodiment, work order mark (such as work order serial number) can be configured for each examination & approval work order, when user needs to operate database, need the work order mark inputting examination & approval work order corresponding to this user, then according to the work order mark of user's input, from the permission opereating specification of all examination & approval work orders stored, extract the permission opereating specification identifying corresponding examination & approval work order with the work order that described user inputs, as the permission opereating specification of this operation of described user, to judge whether the command operating scope of the operational order that user inputs exceeds the permission opereating specification of this operation of this user.
When the data volume related in database is larger, if all carry out matching operation with the permission opereating specification of examination & approval work order for each operational order of user, the burden of database user behavior management system will be increased.Thus, in the embodiment of the present invention, important for some in database data (such as relate to privacy of user or relate to the data of secret of the trade) can be configured to sensitive data, only carry out matching operation for the operational order that these sensitive datas are corresponding with the permission opereating specification of examination & approval work order, then can directly forward for the operational order for general data.
Be illustrated in figure 5 the another schematic flow sheet of the database user behavior management method of the embodiment of the present invention, this database user behavior management method comprises the following steps:
Step 501, the examination & approval work order in synchronous WorkForm System.
Step 502, analyzes synchronous examination & approval work order, obtains the permission opereating specification of synchronous examination & approval work order and stores.
Step 503, obtains the operational order of user's input.
Step 504, analyzes described operational order, obtains the command operating scope that described operational order is corresponding.
Step 505, judges whether described command operating scope relates to the sensitive data of described database, if so, performs step 506, otherwise, perform step 509.
Step 506, from the permission opereating specification of all examination & approval work orders stored, extracts the permission opereating specification of examination & approval work order corresponding to described user.
Step 507, judges whether described command operating scope exceeds the permission opereating specification of examination & approval work order corresponding to described user, if so, performs step 508, otherwise, perform step 509.
Step 508, tackles described operational order.
Step 509, is transmitted to database by described operational order.
In addition, above-mentioned judge whether described command operating scope relates to the step of the sensitive data of described database before, can also comprise: the step of the sensitive data of configuration database.
Be illustrated in figure 6 the general frame schematic diagram of the Database Systems of the embodiment of the present invention, these Database Systems comprise: 4A system, BOSS fort machine, iAnlyser system, BOSS database and WorkForm System, wherein, the database user behavior management system of iAnlyser system and the embodiment of the present invention, comprise: SecureSqlplus client, work order synchro system, grammatical analysis engine, validity judgement module, monitor database and display module, be described in detail to above-mentioned modules below respectively.
1, SecureSqlplus client
Hereinafter referred to as SS client, SS client can be a class Sqlplus client by JAVA programming, keeper can arrange authority in an operating system, forbids that other advaInform SQL*Access run, and only allows a user to use SS client to conduct interviews operation to BOSS database.
SS client can obtain all database operating instructions (being SQL instruction in the present embodiment) of user's input, and call grammatical analysis engine grammatical analysis is carried out to each operational order, and analysis result (i.e. command operating scope) is sent to validity judgement module, in addition, key (the key that user can also input by SS client, i.e. above-mentioned work order mark) etc. information send to validity judgement module, by validity judgement module, validity judgement is carried out to the operational order that user inputs, if operational order is judged as legal, this operational order is then transmitted to BOSS database by SS client, and BOSS database is returned to user for the operating result of this operational order, if operational order is judged as illegally, SS client will be tackled this operational order, and operation indicating will be tackled to user.
That is, this SS client is for performing the function of operational order acquisition module, operational order forwarding module, operational order blocking module and the work order identifier acquisition module execution in above-described embodiment.
2, work order synchronization module
Work order synchronization module is by WorkForm System (AMS system, support the flow processs such as work order examination & approval) the Webservice interface that provides, " the examination & approval work order " of " examining " in WorkForm System is synchronously come, and " work order serial number " is denoted as into key (key, i.e. above-mentioned work order mark), then grammatical analysis engine is called, from comprising Chinese, English, during the complicated irregular work order such as special character describes, extract the operational order (i.e. SQL instruction) needed for user operation analysis, and this operational order is analyzed, split into parse tree (the simplification set of database object+operation), key the most at last, this work order relates to the table name of operation, field list, in the item of information write monitor database such as operational motion.
That is, this work order synchronization module is for performing the function of the work order synchronization module execution in above-described embodiment.
3, grammatical analysis engine
Grammatical analysis engine in the present embodiment is a SQL grammatical analysis engine based on abstract syntax tree (AST), this grammatical analysis engine can by SS client and work order synchronization module call, real-time analysis is carried out to the operational order that work order synchronization module or SS client send, obtain opereating specification corresponding to this operational order (allowing opereating specification or command operating scope), the database table that such as will operate, field and data content scope etc., and the result obtained is write in monitor database.
That is, this grammatical analysis engine is for the function performing operation operational order analysis module in above-described embodiment, work order analysis module performs.
4, validity judgement module:
Validity judgement module and SS client, monitor database carry out real-time, interactive.When user logs in SS client, the key that user inputs is sent to validity judgement module by SS client, now validity judgement module according to this key, can extract the permission opereating specification (as validity judgement according to two) of examination & approval work order corresponding to this key from monitor database.After user inputs an operational order, grammatical analysis engine is analyzed this operational order, obtain the command operating scope (as validity judgement according to three) of this operational order, and the command operating scope obtained is write in monitor database in real time, now, validity judgement module extracts the command operating scope of this operational order, the simultaneously sensitive data (as validity judgement according to, the information such as the table name of sensitive data, field name, the operational motion limited under this appointed object is all stored in monitor database) of reference database.According to above-mentioned three bases for estimation, judge that whether this operational order is legal, if wherein any one basis for estimation is undesirable, then judge that this operational order is illegal, in addition, validity judgement module can also by validity judgement result write monitor database.
That is, this validity judgement module is for performing the function of the validity judgement module execution in above-described embodiment.
5, monitor database
Monitor database receives and records following content: the analysis result of the operational order in the operational order that grammatical analysis engine inputs user and examination & approval work order, validity judgement module are to the validity judgement result of every bar operational order.Monitor database can by grammatical analysis engine, validity judgement module and display module access.
6, display module
Can at the sensitive data of display module front page layout configuration BOSS database (table name of configuration sensitive data, field name, the operational motion etc. limited under this appointed object), simultaneously, display module can also be shown the validity judgement result stored in monitor database, so that keeper directly can see what operation user performs, whether this operation is legal and tackle result etc.
Be illustrated in figure 7 the workflow schematic diagram of the Database Systems in Fig. 6:
Step 701, by display module configuration sensitive data information, specifies the operational motion etc. of the table name of sensitive data, field name, restriction, as the foundation one of validity judgement.
Step 702, is stored into sensitive data information in table tb.mingan.
Concrete, J2EE constructing system application framework can be utilized, provide Web operation interface to carry out maintenance management to sensitive data table tb.mingan.
Sensitive data table tb.mingan can be as shown in table 1:
Table 1
Can see from table 1, the high-risk operation (operational motion namely limited) of table sa_sr_role is insert, update, delete.When database user behavior management system discovery user his-and-hers watches sa_sr_role carries out aforesaid operations, will tackle at once.
Step 703, work order synchronization module utilizes the examination & approval work order in Webservice interface synchronization WorkForm System.
Illustrate below to examination & approval work order synchronizing step be described:
Step 7031, the condition that examination & approval work order is extracted in setting is Foshan examination & approval work order (work order type z_type=' 48 ' AND districts and cities are Foshan z_cust_org=1313).
Step 7032, examination & approval work order is sent to work order synchronization module with the form of xml data by BOSS database.
Step 7033, makes an explanation to xml data, and separation and Extraction goes out to examine the work order data such as work order serial number, type, related personnel, theme, description of work order.
Step 7034, utilizes Hibernate the work order data after synchronous to be saved in the AMS_WORK_ORDER table of monitor database.
Step 704, grammatical analysis engine carries out grammatical analysis to examination & approval work order, obtains work order mark (key) of this examination & approval work order and allows opereating specification (table name, field and operational motion etc.).
Grammatical analysis engine can use regular expression to examination & approval work order analyze, also can use based on Antlr generate syntax analyzer and lexical analyzer to examination & approval work order analyze.
Use the syntax analyzer that generates based on Antlr and lexical analyzer can complete all working that regular expression can complete easily, in addition use the syntax analyzer that generates based on Antlr and lexical analyzer can also complete the work that some regular expressions have been difficult to, such as identify the paired coupling etc. of left parenthesis and right parenthesis.
Construction process based on the grammatical analysis engine of Antlr is as follows:
After Antlr generative grammar analyzer and lexical analyzer, can verify that whether the expression formula of input is legal based on syntax analyzer and lexical analyzer.To the character string of each input, construct an ANTLRStringStream and flow in, construct lexical analyzer lexer with in.The effect of lexical analysis produces mark, constructs a mark stream tokens with lexical analyzer PLSQL3jLexer, and then use tokens to construct syntax analyzer parser, completes the preliminary work of lexical analysis and grammatical analysis.Finally call the regular sql_command of syntax analyzer, complete the checking to expression formula.So far, the structure of grammatical analysis engine can just be completed.
Step 705, the work order of this examination & approval work order mark and permission opereating specification are stored in the tb.shenpi table in monitor database by grammatical analysis engine, as the foundation two of validity judgement.
Step 706, builds SS client in BOSS fort machine, and arranges authority in BOSS fort machine operating system, only allows user by SS client-access BOSS database.
Java language has cross-platform advantage, and Java can be used in the present embodiment to develop the java application that can perform in order line of a band main.When main program performs, the operational order that the System.in.read tool function acquisition user that can be carried by jdk1.6 is inputted on foreground and work order mark (key).
Step 707, SS client receives work order mark (key) and the operational order of user's input;
Step 708, shows according to key to the tb.shenpi of user's input and sensitive data table tb.mingan extracts permission opereating specification corresponding to this key (operational motion ctrl and operand FIELD).
Step 709, utilizes the permission opereating specification of javahashmap (shenpiMap) to this key to deposit.
Step 710, grammatical analysis engine is analyzed the operational order that user inputs, and obtains the command operating scope that this operational order is corresponding.
SS client is analyzed by character, if there is "; N " operation of (branch+carriage return) namely regards as this sql instruction and inputted, just extracted by whole sentence sql.
Step 711, this command operating scope is stored in the tb.user_Input table in monitor database by grammatical analysis engine.
Step 712, is saved in command operating scope in javahashmap (userMap).
Step 713, the item in userMap is carried out value by validity judgement module one by one in permission opereating specification shenpiMap, if all items have got equivalence, performs step 714, if get less than equivalence, then performs step 716.
Step 714, is judged to be that operational order is legal.
Step 715, (instruction is out.println (runSqlCommd) by out method, the operational order that user inputs to be sent to BOSS database, out is that the initialization when connection server of SSh instrument is good, and out.println () is equivalent to send SQL statement and carriage return is submitted to).
Step 716, decision instruction is illegal.
Step 717, by method System.out.println, (" (operation is illegal, and your statement is blocked for errSqlCommd+! ) "), statement+information is printed to screen, no longer calls out.println (runSqlCommd) and submit to, thus complete the interception of illegal statement.
In addition, said method also comprises and goes out correlation function to abnormal operation data mining, comprises interception record display, form derivation etc.Use j2ee framework, based on B/S structure, realize application such as " configuration, inquiry, derivation, forms ".
The embodiment of the present invention, mainly solve the short slab of existing 4A system in database security management and control, proposition one is advanced to the new type of safe management-control method of " thing " " in advance " from " afterwards ", accomplish " stretch out one's hand and namely grab " to operator's unlawful practice, accomplish to analyze sentence by sentence in real time, immediately tackle illegal operation, illegal operation impact is reduced to zero.
The present invention is applicable to the user behavior analysis under various complex scene simultaneously, can more be widely used in the every field such as application system, main frame, the network equipment, fire wall.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (8)
1. a database user behavior management system, is characterized in that, comprising:
Operational order acquisition module, for obtaining the operational order of user's input;
Operational order analysis module, for analyzing described operational order, obtains the command operating scope that described operational order is corresponding;
Validity judgement module, for judging whether described command operating scope exceeds the permission opereating specification of this operation of described user;
Operational order forwarding module, for do not exceed when described command operating scope described user this operation permission opereating specification time, described operational order is transmitted to database;
Operational order blocking module, for exceed when described command operating scope described user this operation permission opereating specification time, tackle described operational order;
Also comprise:
Work order synchronization module, for the examination & approval work order in synchronous WorkForm System;
Work order analysis module, for analyzing synchronous examination & approval work order, obtaining the permission opereating specification of synchronous examination & approval work order and storing;
Wherein, described validity judgement module also in the permission opereating specification from all examination & approval work orders stored, extracts the permission opereating specification of examination & approval work order corresponding to described user, as the permission opereating specification of this operation of described user.
2. database user behavior management system as claimed in claim 1, is characterized in that, also comprise:
Work order identifier acquisition module, for obtaining the work order mark of described user input;
Wherein, the work order of described work order analysis module also for obtaining synchronous examination & approval work order identifies and stores;
Described validity judgement module also in the permission opereating specification from all examination & approval work orders stored, extracts the permission opereating specification identifying identical examination & approval work order with the work order that described user inputs, as the permission opereating specification of this operation of described user.
3. database user behavior management system as claimed in claim 1 or 2, is characterized in that:
Described operational order analysis module be based on abstract syntax tree generate syntax analyzer and lexical analyzer described operational order is analyzed, obtain the command operating scope that described operational order is corresponding;
Described work order analysis module be based on abstract syntax tree generate syntax analyzer and lexical analyzer synchronous examination & approval work order is analyzed, obtain the permission opereating specification of synchronous examination & approval work order and store.
4. database user behavior management system as claimed in claim 1, it is characterized in that, described validity judgement module also comprises:
First judge module, for judging whether described command operating scope relates to the sensitive data of described database;
Second judge module, for when described command operating scope relates to the sensitive data of described database, judges whether described command operating scope exceeds the permission opereating specification of this operation of described user;
Wherein, described operational order also for when described command operating scope does not relate to the sensitive data of described database, is transmitted to described database by described operational order forwarding module.
5. a database user behavior management method, is characterized in that, comprising:
Obtain the operational order of user's input;
Described operational order is analyzed, obtains the command operating scope that described operational order is corresponding;
Judge whether described command operating scope exceeds the permission opereating specification of this operation of described user;
When described command operating scope does not exceed the permission opereating specification of this operation of described user, described operational order is transmitted to database;
When described command operating scope exceeds the permission opereating specification of this operation of described user, tackle described operational order;
Wherein, described judge described command operating scope whether exceed described user this operation permission opereating specification step before also comprise:
Examination & approval work order in synchronous WorkForm System;
Synchronous examination & approval work order is analyzed, obtains the permission opereating specification of synchronous examination & approval work order and store;
The described step of permission opereating specification judging whether described command operating scope exceeds this operation of described user comprises:
From the permission opereating specification of all examination & approval work orders stored, extract the permission opereating specification of examination & approval work order corresponding to described user, as the permission opereating specification of this operation of described user.
6. database user behavior management method as claimed in claim 5, is characterized in that:
Described judge described command operating scope whether exceed described user this operation permission opereating specification step before also comprise:
Obtain the work order mark of described user input;
The work order obtaining synchronous examination & approval work order identifies and stores;
The described step of permission opereating specification judging whether described command operating scope exceeds this operation of described user comprises:
From the permission opereating specification of all examination & approval work orders stored, extract the permission opereating specification identifying identical examination & approval work order with the work order that described user inputs, as the permission opereating specification of this operation of described user.
7. the database user behavior management method as described in claim 5 or 6, is characterized in that:
Describedly analyze described operational order, the step obtaining command operating scope corresponding to described operational order comprises:
The syntax analyzer generated based on abstract syntax tree and lexical analyzer are analyzed described operational order, obtain the command operating scope that described operational order is corresponding;
Described synchronous examination & approval work order to be analyzed, obtains the permission opereating specification of synchronous examination & approval work order and the step stored comprises:
The syntax analyzer generated based on abstract syntax tree and lexical analyzer are analyzed synchronous examination & approval work order, obtain the permission opereating specification of synchronous examination & approval work order and store.
8. database user behavior management method as claimed in claim 5, is characterized in that, the described step judging whether described command operating scope exceeds the permission opereating specification of this operation of described user comprises:
Judge whether described command operating scope relates to the sensitive data of described database;
When described command operating scope relates to the sensitive data of described database, judge whether described command operating scope exceeds the permission opereating specification of this operation of described user;
When described command operating scope does not relate to the sensitive data of described database, described operational order is transmitted to described database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110459730.4A CN103186733B (en) | 2011-12-30 | 2011-12-30 | Database user behavior management system and database user behavior management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110459730.4A CN103186733B (en) | 2011-12-30 | 2011-12-30 | Database user behavior management system and database user behavior management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103186733A CN103186733A (en) | 2013-07-03 |
| CN103186733B true CN103186733B (en) | 2016-01-27 |
Family
ID=48677897
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110459730.4A Active CN103186733B (en) | 2011-12-30 | 2011-12-30 | Database user behavior management system and database user behavior management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103186733B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104426836A (en) * | 2013-08-20 | 2015-03-18 | 深圳市腾讯计算机系统有限公司 | Invasion detection method and device |
| CN103475727A (en) * | 2013-09-18 | 2013-12-25 | 浪潮电子信息产业股份有限公司 | Database auditing method based on bridged mode |
| CN104601353B (en) * | 2013-10-31 | 2018-07-06 | 北京神州泰岳软件股份有限公司 | The O&M operating method and system of a kind of network security production equipment |
| CN104700024B (en) * | 2013-12-10 | 2018-05-04 | 中国移动通信集团黑龙江有限公司 | A kind of method and system of Unix classes host subscriber operational order audit |
| CN103795148A (en) * | 2014-02-27 | 2014-05-14 | 国家电网公司 | Method for achieving misoperation-preventive locking in remote dispatch and remote operation |
| CN105207831B (en) * | 2014-06-12 | 2017-11-03 | 腾讯科技(深圳)有限公司 | The detection method and device of Action Events |
| CN104821897A (en) * | 2015-04-29 | 2015-08-05 | 国网上海市电力公司 | Authority management system used for transformer substation digital platform and application thereof |
| CN106503007B (en) * | 2015-09-08 | 2019-07-23 | 阿里巴巴集团控股有限公司 | Database operation method and device |
| CN106897306B (en) * | 2015-12-21 | 2019-04-30 | 阿里巴巴集团控股有限公司 | Database operation method and device |
| CN108540465A (en) | 2018-03-30 | 2018-09-14 | 北京百度网讯科技有限公司 | SQL injection intercepts detection method, device, equipment and computer-readable medium |
| CN108989914A (en) * | 2018-06-12 | 2018-12-11 | 广东电网有限责任公司 | Fool proof method and device |
| CN113553619A (en) * | 2021-07-23 | 2021-10-26 | 中信银行股份有限公司 | Information protection method and system based on user authority automatic check |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1967560A (en) * | 2006-11-09 | 2007-05-23 | 华为技术有限公司 | Controlling method of business operations competence and generating method of relational database |
| CN101232694A (en) * | 2008-02-04 | 2008-07-30 | 中兴通讯股份有限公司 | Method for managing user purview and judging user operation validity |
| CN101430752A (en) * | 2008-12-22 | 2009-05-13 | 哈尔滨工业大学 | Sensitive data switching control module and method for computer and movable memory device |
| CN101770460A (en) * | 2008-12-31 | 2010-07-07 | 中兴通讯股份有限公司 | Method and device for auditing main memory database |
| CN101887375A (en) * | 2010-06-30 | 2010-11-17 | 中兴通讯股份有限公司 | Method and system for implementing man-machine command system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050203881A1 (en) * | 2004-03-09 | 2005-09-15 | Akio Sakamoto | Database user behavior monitor system and method |
-
2011
- 2011-12-30 CN CN201110459730.4A patent/CN103186733B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1967560A (en) * | 2006-11-09 | 2007-05-23 | 华为技术有限公司 | Controlling method of business operations competence and generating method of relational database |
| CN101232694A (en) * | 2008-02-04 | 2008-07-30 | 中兴通讯股份有限公司 | Method for managing user purview and judging user operation validity |
| CN101430752A (en) * | 2008-12-22 | 2009-05-13 | 哈尔滨工业大学 | Sensitive data switching control module and method for computer and movable memory device |
| CN101770460A (en) * | 2008-12-31 | 2010-07-07 | 中兴通讯股份有限公司 | Method and device for auditing main memory database |
| CN101887375A (en) * | 2010-06-30 | 2010-11-17 | 中兴通讯股份有限公司 | Method and system for implementing man-machine command system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103186733A (en) | 2013-07-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103186733B (en) | Database user behavior management system and database user behavior management method | |
| CN103186637A (en) | Method and device for analyzing user behavior of BOSS database | |
| CN103441986B (en) | Data resource security control method in thin client mode | |
| CN111694840A (en) | Data synchronization method, device, server and storage medium | |
| CN103618652B (en) | A kind of audit of business datum and depth analysis system and method | |
| CN104598218B (en) | For merging and reusing the method and system of gateway information | |
| CN112351024B (en) | Public network communication safety monitoring system and method | |
| CN103475727A (en) | Database auditing method based on bridged mode | |
| US11601453B2 (en) | Methods and systems for establishing semantic equivalence in access sequences using sentence embeddings | |
| KR101888860B1 (en) | Log generator and big data analysis preprocessing system including the log generator | |
| CN103701783A (en) | Preprocessing unit, data processing system consisting of same, and processing method | |
| CN103166777A (en) | Operation method and device for equipment remote operation and maintenance | |
| CN103973782A (en) | Operation and maintenance operation control system and method based on blacklist command setting | |
| CN101453358A (en) | Sql sentence audit method and system for oracle database binding variable | |
| CN105512780A (en) | Cooperative resource management workbench | |
| CN106600231A (en) | Dynamic management system for infrastructure projects | |
| CN105760763A (en) | Grade protection check system based on check knowledge base technology and application method of grade protection check system | |
| KR20120003567A (en) | Log management system, log processing method of the same of and recording medium storing the log processing method of the same of | |
| CN107358098A (en) | SQL SQL injection detection method and device based on plug-in unit | |
| CN104850781A (en) | Method and system for dynamic multilevel behavioral analysis of malicious code | |
| CN112596711A (en) | Personalized authority management setting method and system based on Web system | |
| CN117972704A (en) | Blockchain ecological safety collaborative supervision method | |
| CN107844838A (en) | Power network schedule automation main website O&M operation ticket system and overall process anti-misoperation method | |
| CN110759191B (en) | Elevator control method based on 5G smart park | |
| CN108228448A (en) | A kind of code tracking method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |