目前数据库形式化安全策略模型存在抽象层次较高、缺乏对数据库状态与约束的充分描述等问题,难以辅助用户发现商用数据库设计中的微小缺陷。提出了一种基于PVS语言的数据库形式化安全策略模型建模和分析方法,该方法较以往模型能够更加贴近实际数据库,应用范围更广,安全属性描述更加完整,描述的模型具有灵活的可扩展性,并且保证了建模与验证的效率。最后,将该方法应用于数据库管理系统Beyon DB的安全策略建模分析中,帮助发现了系统若干设计缺陷,证明了方法的有效性。
Because of the high-level abstraction, insufficient description of database states and constraints, it was difficult to find the tiny flaws in design and implementation. Based on PVS, a method for formal description and analysis of database security policy was proposed, which was more close to the actual database, more widely used in reality, and more complete in describing the safe properties, more extendible of the model, and ensure the efficiency of modeling and verification. Finally, this method is applied in the security policy modeling and analyzing of Beyon DB, which is a commercial database, find some security risks in the system design, and thereby verify its effectiveness.