DBMS是一种用于操纵和管理数据库的大型软件,被广泛应用于电子商务、社交网络和门户网站等应用系统中,用于企业核心数据和个人隐私数据的存储。当今针对数据库的各类攻击给数据库中存储的企业核心数据和个人隐私数据造成了极大的威胁。其中,以SQL注入为代表的大量针对DBMS的攻击均是利用其安全设计缺陷进行的。因而在使用DBMS前对其设计的安全性进行测评,检测其是否满足数据库管理系统设计标准是十分有必要的。目前尽管出现了以NoSQL为代表的非关系型数据库,但关系型数据库仍占据主导地位,MySQL作为当前最为流行的开源DBMS,应用十分广泛。文章从对数据库进行SQL合规性测试这一角度出发,设计并实现了一套安全性测评系统——DCS MySQL Test Suit,并对MySQL系统进行了相关测评。该系统基于SQL92标准对MySQL在语法语义上的安全性进行测试,并具有体积小、便于移植等优点。%Database management system (DBMS) is large software for manipulating and managing databases, which is widely used in E-commerce, social networks and other application systems. Today, attacks against company core data and personal privacy data stored in databases are becoming considerable threats, a great amount of which, mainly SQL injection, exploit the flaw of DBMS’s security design. Thus it is quite necessary to evaluate the security of DBMS design, and examine whether the implement satisifes the DBMS standards. Despite the emergence of NoSQL and other Non-relational DBMS, rational DBMS still dominates. MySQL is the most popular open source DBMS nowadays. This paper introduces DCS MySQL Test Suit, a DBMS secure evaluation system in the perspective of conformance, and implements it on MySQL. The system evaluates the semantic security of MySQL based on the SQL92 standard, and has advantages of lightweight and easy transplantation.
展开▼
