计算机应用 ›› 2018, Vol. 38 ›› Issue (12): 3450-3454.DOI: 10.11772/j.issn.1001-9081.2018051152

• 网络空间安全 • 上一篇    下一篇

面向密文数据库的中间件系统设计与实现

宋天煜, 杨庚   

  1. 南京邮电大学 计算机学院、软件学院、网络空间安全学院, 南京 210023
  • 收稿日期:2018-06-04 修回日期:2018-07-04 出版日期:2018-12-10 发布日期:2018-12-15
  • 通讯作者: 宋天煜
  • 作者简介:宋天煜(1992-),男,江苏南通人,硕士研究生,主要研究方向:网络与信息安全;杨庚(1961-),男,江苏建湖人,教授,博士,CCF高级会员,主要研究方向:网络与信息安全、分布式与并行计算、大数据隐私保护。
  • 基金资助:
    国家自然科学基金资助项目(61572263);江苏省自然科学基金政策引导类计划-前瞻性联合研究项目(2016ZS04)。

Design and implementation of middleware system for ciphertext database

SONG Tianyu, YANG Geng   

  1. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing Jiangsu 210023, China
  • Received:2018-06-04 Revised:2018-07-04 Online:2018-12-10 Published:2018-12-15
  • Contact: 宋天煜
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61572263), the Jiangsu Natural Science Foundation Policy Guidance Program-Prospective Joint Research Project (2016ZS04).

摘要: 针对传统密文数据库中加解密方式对上层应用不透明、缺乏独立的密钥管理机制和无法对多用户进行安全管理等问题,设计并实现了一种面向密文数据库的中间件系统。首先,通过解析和改写数据库客户端和服务器端发出的数据报,实现对敏感数据加解密;然后,通过设置独立的密钥管理模块和使用二级密钥管理的方式,实现对密钥的管理;最后,通过独立的用户管理模块进行用户权限判断、身份动态认证和用户身份的撤销与更新,实现对密文数据库用户的管理。实验测试结果表明,相比传统密文数据库,所提中间件系统有着较好的安全性,且随着数据量的增大,其传输效率不断提高。该中间件系统可以有效保障密文数据库的安全,并具有高效的数据传输效率。

关键词: 密文数据库, 中间件系统, 数据加解密, 密钥管理, 动态认证

Abstract: In traditional ciphertext database, the encryption and decryption method is not opaque to the upper application, short of independent key management mechanism and unable to manage multi-user security. In order to solve the problems, a new middleware system for ciphertext database was designed and implemented. Firstly, the encryption and decryption of sensitive data were realized by parsing and rewriting the datagram sent by database client or database server. Then, key management was realized by setting up independent key management module and using secondary key management. Finally, through the independent user management module, the management of users in ciphertext database was realized by means of user authority judgment, identity dynamic authentication, user identity cancellation and update. The experimental results show that, compared with the traditional ciphertext database, the proposed middleware system has better security, and its transmission efficiency is constantly improved with the increase of data volume. The proposed middleware system can effectively guarantee the security of ciphertext database and has high data transmission efficiency.

Key words: ciphertext database, middleware system, data encryption and decryption, key management, dynamic authentication

中图分类号: