银行安全中英文对照外文翻译文献

银行安全中英文对照外文翻译文献3PAGE2银行安全中英文对照外文翻译文献中英文对照外文翻译文献(文档含英文原文和中文翻译)PAGE2DatabaseSecurityinaWebEnvironmentIntroductionDatabaseshavebeencommoningovernmentdepartmentsandcommercialenterprisesformanyyears.Today,databasesinanyorganizationareincreasinglyopeneduptoamultiplicityofsuppliers,customers,partnersandemployees-anideathatwouldhavebeenunheardofafewyearsago.Numerousapplicationsandtheirassociateddataarenowaccessedbyavarietyofusersrequiringdifferentlevelsofaccessviamanifolddevicesandchannels–oftensimultaneously.Forexample:•Onlinebanksallowcustomerstoperformavarietyofbankingoperations-viatheInternetandoverthetelephone–whilstmaintainingtheprivacyofaccountdata.•E-CommercemerchantsandtheirServiceProvidersmuststorecustomer,orderandpaymentdataontheirmerchantserver-andkeepitsecure.•HRdepartmentsallowemployeestoupdatetheirpersonalinformation–whilstprotectingcertainmanagementinformationfromunauthorizedaccess.•Themedicalprofessionmustprotecttheconfidentialityofpatientdata–whilstallowingessentialaccessfortreatment.•Onlinebrokeragesneedtobeabletoprovidelargenumbersofsimultaneoususerswithup-to-dateandaccuratefinancialinformation.Thiscomplexlandscapeleadstomanynewdemandsuponsystemsecurity.Theglobalgrowthofcomplexweb-basedinfrastructuresisdrivinganeedforsecuritysolutionsthatprovidemechanismstosegregateenvironments;performintegritycheckingandmaintenance;enablestrongauthenticationandnon-repudiation;andprovideforconfidentiality.Inturn,thisnecessitatescomprehensivebusinessandtechnicalriskassessmenttoidentifythethreats,vulnerabilitiesandimpacts,andfromthisdefineasecuritypolicy.Thisleadstosecuritydefinitionsthroughouttheinfrastructure-operatingsystem,databasemanagementsystem,middlewareandnetwork.Financial,personalandmedicalinformationsystemsandsomeareasofgovernmenthavestrictrequirementsforsecurityandprivacy.Inappropriatedisclosureofsensitiveinformationtothewrongpartiescanhaveseveresocial,legalandregulatoryconsequences.Failuretoaddressthebasicscanresultinsubstantialdirectandconsequentialfinanciallosses-witnessthefraudlossesthroughthecompromiseofseveralmillioncreditcardnumbersinmerchants’databases[Occf],plusassociateddamagetobrand-imageandlossofconsumerconfidence.Thisarticlediscussessomeofthemainissuesindatabaseandwebserversecurity,andalsoconsidersimportantarchitectureanddesignissues.ASimpleModelAtthesimplestlevel,awebserversystemconsistsoffront-endsoftwareandback-enddatabaseswithinterfacesoftwarelinkingthetwo.Normally,thefront-endsoftwarewillconsistofserversoftwareandthenetworkserveroperatingsystem,andtheback-enddatabasewillbearelationalorobject-orienteddatabasefulfillingavarietyoffunctions,includingrecordingtransactions,maintainingaccountsandinventory.TheinterfacesoftwaretypicallyconsistsofCommonGatewayInterface(CGI)scriptsusedtoreceiveinformationfromformsonwebsitestoperformonlinesearchesandtoupdatethedatabase.Dependingontheinfrastructure,middlewaremaybepresent;inaddition,securitymanagementsubsystems(withsessionanduserdatabases)thataddressthewebserver’sandrelatedapplications’requirementsforauthentication,accesscontrolandauthorizationmaybepresent.Communicationsbetweenthissubsystemandeitherthewebserver,middlewareordatabaseareviaapplicationprograminterfaces(APIs)..ThissimplemodelisdepictedinFigure1.Securitycanbeprovidedbythefollowingcomponents:•Webserver.•Middleware.•Operatingsystem.网络服务器客户端网络服务器客户端浏览器数据库及数据库管理系统中间件APIAPIAPIAPIAPIAPI 安全管理系统用户数据库数据库会话用户数据库数据库会话..Figure1:ASimpleModel.•DatabaseandDatabaseManagementSystem.•Securitymanagementsubsystem.ThesecurityofsuchasystemaddressesAspectsofauthenticity,integrityandconfidentialityandisdependentonthesecurityoftheindividualcomponentsandtheirinteractions.Someofthemostcommonvulnerabilitiesarisefrompoorconfiguration,inadequatechangecontrolproceduresandpooradministration.However,eveniftheseareasareproperlyaddressed,vulnerabilitiesstillarise.Theappropriatecombinationofpeople,technologyandprocessesholdsthekeytoprovidingtherequiredphysicalandlogicalsecurity.Attentionshouldadditionallybepaidtothesecurityaspectsofplanning,architecture,designandimplementation.Inthefollowingsections,weconsidersomeofthemainsecurityissuesassociatedwithdatabases,databasemanagementsystems,operatingsystemsandwebservers,aswellasimportantarchitectureanddesignissues.Ourtreatmentseeksonlytooutlinethemainissuesandtheinterestedreadershouldrefertothereferencesforamoredetaileddescription.DatabaseSecurityDatabasemanagementsystemsnormallyrunontopofanoperatingsystemandprovidethesecurityassociatedwithadatabase.Typicaloperatingsystemsecurityfeaturesincludememoryandfileprotection,resourceaccesscontrolanduserauthentication.Memoryprotectionpreventsthememoryofoneprograminterferingwiththatofanotherandlimitsaccessanduseoftheobjectsemployingtechniquessuchasmemorysegmentation.Theoperatingsystemalsoprotectsaccesstootherobjects(suchasinstructions,inputandoutputdevices,filesandpasswords)bycheckingaccesswithreferencetoaccesscontrollists.Securitymechanismsincommonoperatingsystemsvarytremendouslyand,forthosethatarelacking,thereexistsspecial-purposesecuritysoftwarethatcanbeintegratedwiththeexistingenvironment.However,thiscanbeanexpensive,time-consumingtaskandintegrationdifficultiesmayalsoadverselyimpactapplicationbehaviors.Mostdatabasemanagementsystemsconsistofanumberofmodules-includingdatabasequeryinganddatabaseandfilemanagement-alongwithauthorization,concurrentaccessanddatabasedescriptiontables.Thesemanagementsystemsalsouseavarietyoflanguages:adatadefinitionlanguagesupportsthelogicaldefinitionofthedatabase;developersuseadatamanipulationlanguage;andaquerylanguageisusedbynon-specialistend-users.Databasemanagementsystemshavemanyofthesamesecurityrequirementsasoperatingsystems,buttherearesignificantdifferencessincetheformerareparticularlysusceptibletothethreatofimproperdisclosure,modificationofinformationandalsodenialofservice.Someofthemostimportantsecurityrequirementsfordatabasemanagementsystemsare:•Multi-LevelAccessControl.•Confidentiality.•Reliability.•Integrity.•Recovery.Theserequirements,alongwithsecuritymodels,areconsideredinthefollowingsections.Multi-LevelAccessControlInamulti-applicationandmulti-userenvironment,administrators,auditors,developers,managersandusers–collectivelycalledsubjects-needaccesstodatabaseobjects,suchastables,fieldsorrecords.Accesscontrolrestrictstheoperationsavailabletoasubjectwithrespecttoparticularobjectsandisenforcedbythedatabasemanagementsystem.Mandatoryaccesscontrolsrequirethateachcontrolledobjectinthedatabasemustbelabeledwithasecuritylevel,whereasdiscretionaryaccesscontrolsmaybeappliedatthechoiceofasubject.Accesscontrolindatabasemanagementsystemsismorecomplicatedthaninoperatingsystemssince,inthelatter,allobjectsareunrelatedwhereasinadatabasetheconverseistrue.Databasesarealsorequiredtomakeaccessdecisionsbasedonafinerdegreeofsubjectandobjectgranularity.Inmulti-levelsystems,accesscontrolcanbeenforcedbytheuseofviews-filteredsubsetsofthedatabase-containingthepreciseinformationthatasubjectisauthorizedtosee.Ageneralprincipleofaccesscontrolisthatasubjectwithhighlevelsecurityshouldnotbeabletowritetoalowerlevelobject,andthisposesaproblemfordatabasemanagementsystemsthatmustreadalldatabaseobjectsandwritenewobjects.Onesolutiontothisproblemistouseatrusteddatabasemanagementsystem.ConfidentialitySomedatabaseswillinevitablycontainwhatisconsideredconfidentialdata.Forexample,itcouldbeinherentlysensitiveoritssourcemaybesensitive,oritmaybelongtoasensitivetable,thusmakingitdifficulttodeterminewhatisactuallyconfidential.Disclosureisalsodifficulttodefine,asitcanbedirect,indirect,involvethedisclosureofboundsorevenmereexistence.Aninferenceproblemexistsindatabasemanagementsystemswherebyuserscaninfersensitiveinformationfromrelativelyinsensitivequeries.Atrivialexampleisarequestforinformationabouttheaveragesalaryofanemployeeandthenumberofemployeesturnsouttobejustone,thusrevealingtheemployee’ssalary.However,muchmoresophisticatedstatisticalinferenceattackscanalsobemounted.Thishighlightsthefactthat,althoughthedataitselfmaybeproperlycontrolled,confidentialinformationmaystillleakout.Controlscantakeseveralforms:notdivulgingsensitiveinformationtounauthorizedparties(whichdependsontherespectivesubjectandobjectsecuritylevels),loggingwhateachuserknowsormaskingresponsedata.Thefirstcontrolcanbeimplementedfairlyeasily,thesecondquicklybecomesunmanageableforalargenumberofusersandthethirdleadstoimpreciseresponses,andalsoexemplifiesthetrade-offbetweenprecisionandsecurity.Polyinstantiationreferstomultipleinstancesofadataobjectexistinginthedatabaseanditcanprovideapartialsolutiontotheinferenceproblemwherebydifferentdatavaluesaresupplied,dependingonthesecuritylevel,inresponsetothesamequery.However,thismakesconsistencymanagementmoredifficult.Anotherissuethatarisesiswhenthesecuritylevelofanaggregateamountisdifferenttothatofitselements(aproblemcommonlyreferredtoasaggregation).Thiscanbeaddressedbydefiningappropriateaccesscontrolusingviews.Reliability,IntegrityandRecoveryArguably,themostimportantrequirementsfordatabasesaretoensurethatthedatabasepresentsconsistentinformationtoqueriesandcanrecoverfromanyfailures.Animportantaspectofconsistencyisthattransactionsexecuteatomically;thatis,theyeitherexecutecompletelyornotatall.Concurrencycontroladdressestheproblemofallowingsimultaneousprogramsaccesstoashareddatabase,whileavoidingincorrectbehaviororinterference.Itisnormallyaddressedbyaschedulerthatuseslockingtechniquestoensurethatthetransactionsareserialsableandindependent.Acommontechniqueusedincommercialproductsistwo-phaselocking(orvariationsthereof)inwhichthedatabasemanagementsystemcontrolswhentransactionsobtainandreleasetheirlocksaccordingtowhetherornottransactionprocessinghasbeencompleted.Inafirstphase,thedatabasemanagementsystemcollectsthenecessarydatafortheupdate:inasecondphase,itupdatesthedatabase.Thismeansthatthedatabasecanrecoverfromincompletetransactionsbyrepeatingeitheroftheappropriatephases.Thistechniquecanalsobeusedinadistributeddatabasesystemusingadistributedschedulerarrangement.Systemfailurescanarisefromtheoperatingsystemandmayresultincorruptedstorage.Themaincopyofthedatabaseisusedforrecoveryfromfailuresandcommunicateswithacachedversionthatisusedastheworkingversion.Inassociationwiththelogs,thisallowsthedatabasetorecovertoaveryspecificpointintheeventofasystemfailure,eitherbyremovingtheeffectsofincompletetransactionsorapplyingtheeffectsofcompletedtransactions.Insteadofhavingtorecovertheentiredatabaseafterafailure,recoverycanbemademoreefficientbytheuseofcheckpointing.Itisusedduringnormaloperationstowriteadditionalupdatedinformation-suchaslogs,before-imagesofincompletetransactions,after-imagesofcompletedtransactions-tothemaindatabasewhichreducestheamountofworkneededforrecovery.Recoveryfromfailuresindistributedsystemsismorecomplicated,sinceasinglelogicalactionisexecutedatdifferentphysicalsitesandtheprospectofpartialfailurearises.Logicalintegrity,atfieldlevelandfortheentiredatabase,isaddressedbytheuseofmonitorstocheckimportantitemssuchasinputranges,statesandtransitions.Error-correctinganderror-detectingcodesarealsoused.SecurityModelsVarioussecuritymodelsexistthataddressdifferentaspectsofsecurityinoperatingsystemsanddatabasemanagementsystems.Forexample,theBell-LaPadulamodeldefinessecurityintermsofmandatoryaccesscontrolandaddressesconfidentialityonly.TheBellLaPadulamodels,andothermodelsincludingtheBibamodelforintegrity,aredescribedmorefullyin[Cast95]and[Pfle89].Thesemodelsareimplementation-independentandprovideapowerfulinsightintothepropertiesofsecuresystems,leadtodesignpoliciesandprinciples,andsomeformthebasisforsecurityevaluationcriteria.WebServerSecurityWebserversarenowoneofthemostcommoninterfacesbetweenusersandback-enddatabases,andassuch,theirsecuritybecomesincreasinglyimportant.Exploitationofvulnerabilitiesinthewebservercanleadtounforeseenattacksonmiddlewareandbackenddatabases,bypassinganycontrolsthatmaybeinplace.Inthissection,wefocusoncommonwebservervulnerabilitiesandhowtheauthenticationrequirementsofwebserversanddatabasesaremet.Ingeneral,awebserverplatformshouldnotbesharedwithotherapplicationsandshouldbetheonlymachineallowedtoaccessthedatabase.Usingafirewallcanprovideadditionalsecurity-eitherbetweenthewebserverandusersorbetweenthewebserverandback-enddatabase-andoftenthewebserverisplacedonade-militarizedzone(DMZ)ofafirewall.Whilefirewallscanbeusedtoblockcertainincomingconnections,theymustallowHTTP(andHTTPS)connectionsthroughtothewebserver,andsoattackscanstillbelaunchedviatheportsassociatedwiththeseconnections.VulnerabilitiesVulnerabilitiesappearonaweeklybasisand,here,weprefertofocusonsomegeneralissuesratherthanspecificattacks.Commonwebservervulnerabilitiesinclude:•Nopolicyexists.•Thedefaultconfigurationison.•Reusablepasswordsappearinclear.•Unnecessaryportsavailablefornetworkservicesarenotdisabled.•Newsecurityholesarenottracked.Eveniftheyare,well-knownvulnerabilitiesarenotalwaysfixedasthesourcecodepatchesarenotappliedbysystemadministratorandoldprogramsarenotre-compiledorremoved.•Securitytoolsarenotusedtoscanthenetworkforweaknessesandchangesortodetectintrusions.•Faultyandbuggysoftware-forexample,bufferoverflowandstacksmashingAttacks•Automaticdirectorylistings-thisisofparticularconcernfortheinterfacesoftwaredirectories.•Serverrootfilesaregenerallyvisibleoraccessible.•Lackoflogsandbackups.•Fileaccessisoftennotexplicitlyconfiguredbythesystemadministratoraccordingtothesecuritypolicy.Thisappliestoconfiguration,client,administrationandlogfiles,administrationprograms,andCGIprogramsourcesandexecutables.CGIscriptsallowdynamicwebpagesandmakeprogramdevelopment(in,forexample,Perl)easyandrapid.However,theirsuccessfulexploitationmayallowexecutionofmaliciousprograms,launchingofdenial-of-serviceattacksand,ultimately,privilegeescalationonaserver.WebServerandDatabaseAuthenticationWhileuser,browserandwebserverauthenticationarerelativelywellunderstood[Garf97],[Ghos98]and[Tree98],theintroductionofadditionalcomponents,suchasdatabasesandmiddleware,raiseanumberofauthenticationissues.Thereareavarietyofoptionsforauthenticationinasimplemodel(Figure1).Firstly,boththewebserveranddatabasemanagementsystemcanindividuallyauthenticateauser.Thisoptionrequirestheusertoauthenticatetwicewhichmaybeunacceptableincertainapplications,althoughasinglesign-ondevice(whichaimstomanageauthenticationinauser-transparentway)mayhelp.Secondly,acommonapproachisforthedatabasetoautomaticallygrantuseraccessbasedonwebserverauthentication.However,thisoptionshouldonlybeusedforaccessingpubliclyavailableinformation.Finally,thedatabasemaygrantuseraccessemployingthewebserverauthenticationcredentialsasabasisforitsownuserauthentication,usingsecuritymanagementsubsystems(Figure1).Weconsiderthislastoptioninmoredetail.Web-basedcommunicationsusethestatelessHTTPprotocolwiththeimplicationthatstate,andhenceauthentication,isnotpreservedwhenbrowsingsuccessivewebpages.Cookies,orfilesplacedonuser’smachinebyawebserver,weredevelopedasameansofaddressingthisissueandareoftenusedtoprovideauthentication.However,afterinitialauthentication,thereistypicallynoreauthenticationperpageinthesamerealm,onlytheuseofunencryptedcookies(sometimesinassociationwithIPaddresses).ThisapproachprovideslimitedsecurityasbothcookiesandIPaddressescanbetamperedwithorspoofed.Astrongerauthenticationmethod,commonlyusedbycommercialimplementations,usesdigitallysignedcookies.Thisallowsadditionalsystems,suchasdatabases,tousedigitallysignedcookiedata,includingasessionID,asabasisforauthentication.Whenauserhasbeenauthenticatedbyawebserver(usingapassword,forexample),asessionIDisassignedandisstoredinasecuritymanagementsubsystemdatabase.Whenausersubsequentlyrequestsinformationfromadatabase,thedatabasereceivesacopyofthesessionID,thesecuritymanagementsubsystemchecksthissessionIDagainstitslocalcopyand,ifauthenticationissuccessful,useraccessisgrantedtothedatabase.ThesessionIDistypicallytransmittedintheclearbetweenthewebserveranddatabase,butmaybeprotectedbySSLorevenbyphysicalsecuritymeasures.Thecommunicationsbetweenthebrowserandwebservers,andthewebserversandsecuritymanagementsubsystem(anditsdatabases),arenormallyprotectedbySSLanduseawebserversecurityAPIthatisusedtodigitallysignandverifybrowsercookies.Thecommunicationsbetweentheback-enddatabasesandsecuritymanagementsubsystem(anditsdatabases)arealsonormallyprotectedbySSLanduseadatabasesecurityAPIthatverifiessessionIdsoriginatingfromthedatabaseandprovidesadditionaluserauthorizationcredentials.ThewebserversecurityAPIisgenerallyproprietarywhile,forthedatabasesecurityAPI,manyvendorshaveadoptedstandardssuchastheGenericSecurityServicesAPI(GSS-API)orCORBA[RFC2078]and[Corba].ArchitectureandDesignSecurityrequirementsfordesigning,buildingandimplementingdatabasesareimportantsothatthesystems,aspartoftheoverallinfrastructure,meettheirrequirementsinactualoperation.Thevarioussecuritymodelsprovideanimportantinsightintothedesignrequirementsfordatabasesandtheirmanagementsystems.SecureDatabaseManagementSystemArchitecturesInmulti-leveldatabasemanagementsystems,avarietyofarchitecturesarepossible:trustedsubject,integritylocked,kernelsandreplicated.Trustedsubjectisusedbymostoftheleadingdatabasemanagementsystemvendorsandcanbeintegratedinexistingproducts.Basically,thetrustedsubjectarchitectureallowsuserstoaccessadatabaseviaanuntrustedfront-end,atrusteddatabasemanagementsystemandtrustedoperatingsystem.Theoperatingsystemprovidesphysicalaccesstothedatabaseandthedatabasemanagementsystemprovidesmultilevelobjectprotection.Theotherarchitectures-integritylocked,kernelsandreplicated-allvaryindetail,buttheyuseatrustedfront-endandanuntrusteddatabasemanagementsystem.Fordetailsofthesearchitecturesandresearchprototypes,thereaderisreferredto[Cast95].Differentarchitecturesaresuitedtodifferentenvironments:forexample,thetrustedsubjectarchitectureislessintegratedwiththeunderlyingoperatingsystemandisbestsuitedwhenatrustedpathcanbeassuredbetweenapplicationsandthedatabasemanagementsystem.SecureDatabaseManagementSystemDesignAsdiscussedabove,thereareseveralfundamentaldifferencesbetweenoperatingsystemanddatabasemanagementsystemdesign,includingobjectgranularity,multipledatatypes,datacorrelationsandmulti-leveltransactions.Otherdifferencesincludethefactthatdatabasemanagementsystemsincludebothphysicalandlogicalobjectsandthatthedatabaselifecycleisnormallylonger.Thesedifferencesmustbereflectedinthedesignrequirementswhichinclude:•Access,flowandinferencecontrols.•Accessgranularityandmodes.•Dynamicauthorization.•Multi-levelprotection.•Polyinstantiation.•Auditing.•Performance.Theserequirementsshouldbeconsideredalongsidebasicinformationintegrityprinciples,suchas:•Well-formedtransactions-toensurethattransactionsarecorrectandconsistent.•Continuityofoperation-toensurethatdatacanbeproperlyrecovered,dependingontheextentofadisaster.•Authorizationandrolemanagement–toensurethatdistinctrolesaredefinedandusersareauthorized.•Authenticatedusers-toensurethatusersareauthenticated.•Leastprivilege-toensurethatusershavetheminimalprivilegenecessarytoperformtheirtasks.•Separationofduties-toensurethatnosingleindividualhasaccesstocriticaldata.•Delegationofauthority-toensurethatthedatabasemanagementsystempoliciesareflexibleenoughtomeettheorganization’srequirements.Ofcourse,someoftheserequirementsandprinciplesarenotmetbythedatabasemanagementsystem,butbytheoperatingsystemandalsobyorganizationalandproceduralmeasures.DatabaseDesignMethodologyVariousapproachestodesignexist,butmostcontainthesamemainstages.Theprincipleaimofadesignmethodologyistoprovidearobust,verifiabledesignprocessandalsotoseparatepoliciesfromhowpoliciesareactuallyimplemented.Animportantrequirementduringanydesignprocessisthatdifferentdesignaspectscanbemergedandthisequallyappliestosecurity.Apreliminaryanalysisshouldbeconductedthataddressesthesystemrisks,environment,existingproductsandperformance.Requirementsshouldthenbeanalyzedwithrespecttotheresultsofariskassessment.Securitypoliciesshouldbedevelopedthatincludespecificationofgranularity,privilegesandauthority.Thesepoliciesandrequirementsformtheinputtotheconceptualdesignthatconcentratesonsubjects,objectsandaccessmodeswithoutconsideringimplementationdetails.Itspurposeistoexpressinformationandprocessflowsinacompleteandconsistentway.Thelogicaldesigntakesintoaccounttheoperatingsystemanddatabasemanagementsystemthatwillbeusedandwhichofthesecurityrequirementscanbeprovidedbywhichmechanisms.Thephysicaldesignconsiderstheactualphysicalrealizationofthelogicaldesignand,indeed,mayresultinarevisionoftheconceptualandlogicalphasesduetophysicalconstraints.SecurityAssuranceOnceaproducthasbeendeveloped,itssecurityassurancecanbeassessedbyanumberofmethodsincludingformalverification,validation,penetrationtestingandcertification.Forexample,ifadatabaseistobecertifiedasTCSECClassB1,thenitmustimplementtheBell-LaPadulamandatoryaccesscontrolmodelinwhicheachcontrolledobjectinthedatabasemustbelabeledwithasecuritylevel.Mostofthesemethodscanbecostlyandlengthytoperformandaretypicallyspecifictoparticularhardwareandsoftwareconfigurations.However,theinternationalCommonCriteriacertificationschemeprovidestheaddedbenefitofamutualrecognitionarrangement,thusavoidingtheprospectofmultiplecertificationsindifferentcountries.ConclusionThisarticlehasconsideredsomeofthesecurityprinciplesthatareassociatedwithdatabasesandhowtheseapplyinawebbasedenvironment.Ithasalsofocusedonimportantarchitectureanddesignprinciples.Theseprincipleshavefocusedmainlyontheprevention,assuranceandrecoveryaspects,butotheraspects,suchasdetection,areequallyimportantinformulatingatotalinformationprotectionstrategy.Forexample,host-basedintrusiondetectionsystemsaswellasarobustandtestedsetofbusinessrecoveryproceduresshouldbeconsidered.Anyfit-for-purpose,securee-businessinfrastructureshouldaddressalltheaboveaspects:prevention,assurance,detectionandrecovery.Certainindustriesarenowstartingtospecifytheirownsetofglobal,securee-businessrequirements.Internationalcardpaymentassociationshaverecentlystartedtorequireminimuminformationsecuritystandardsfromelectroniccommercemerchantshandlingcreditcarddata,tohelpmanagefraudlossesandassociatedimpactssuchasbrand-imagedamageandlossofconsumerconfidence.银行安全中英文对照外文翻译文献3PAGE9网络环境下的数据库安全简介数据库在政府部门和商业机构得到普遍应用已经很多年了。现在，任何组织的数据库对不同的供应商、消费者、股东以及普通员工日益开放——这是一个几年前从来没有听到的想法。众多的应用程序和与它们相关联的数据经常同时被具有不同存取级别的用户通过多种不同的设备和通道进行存取。例如：在线银行允许消费者通过互联网或电话办理各种不同的银行业务，同时要维持账目信息的保密性：(1)电子商务系统及他们的服务提供商必须在他们的商务服务器上保存客户信息、订单信息以及支付信息等数据，并且要保持这些数据的安全性。(2)人力资源部门允许员工更新他们的个人信息，同时要保护从未经授权的通道传来的可靠的管理信息。(3)职业医师必须保护病人信息的机密性，同时为了治疗也允许访问一些基本的信息。(4)在线经纪人业务系统需要能够同时为大量用户提供最新的、精确的金融信息。这些复杂的情况对系统的安全性提出了许多新的需求。随着复杂的网络基础设施在全球的发展越来越需要一种安全解决方案，这种方案能供提供隔离外界环境的机制、执行完整性检查并保持完整性、强大的授权鉴定并且不会出现异常、能够提供机密性。返回来说，这使通过全面的商业和技术风险来鉴别威胁、攻击和影响成为必要，并且从这制定一个安全策略。这导致安全定义贯穿整个基础结构—操作系统、数据库管理系统、中间件和网络。金融信息系统、个人信息系统和医疗信息系统以及政府部门的某些领域都对安全性和抗干扰性有严格的需求。向不正当的人不恰当的泄漏敏感信息会引起严重的社会、法律和调整的结果。对基本要素失败的描述会导致直接的和因此而产生的金融损失—通过威胁商业数据库中几百万信用卡卡号带来的诈骗损失就是很好的证明，再加上对商标形象造成的损害和消费者信任度的降低等相关联的损失。本篇论文讨论数据库和网络服务器的安全等一些主要的问题，并且考虑了重要的体系结构和设计的问题。一个简单的模型从简单的层次来说，一个网络服务系统包括前台软件和后台数据库，接口软件将两者连接起来。通常，前台软件由服务器软件和网络服务器操作系统组成，后台数据库可能是一个关系型或面向对象的数据库，它能完成各种复杂的功能，包括：记录事务、维护账目和详细目录。接口软件一般由通用网关接口(CGI)脚本组成，这个脚本用来接收网站执行在线查询或更新数据库功能提交的窗口信息。中间件的出现依赖于基础结构；另外，安全管理子系统（拥有会话机制和用户资料库）描述网络服务器和相关的需求来实现鉴定、连接控制和授权。这个子系统不管是跟网络服务器、中间件或者是数据库进行通信都是通过应用程序接口（API）进行的。图1描述了这个简单的模型。以下组件可以提供安全性：(1)网络服务器(2)中间件(3)操作系统(4)数据库及数据库管理系统(5)安全管理系统 安全管理系统中间件数据库及数据库管理系统客户端浏览器网络服务器数据库会话用户数据库保障该系统安全的关键这样一个安全系统实现了真实性、完整性及机密性方面的功能，这些功能是依靠各个组件的安全性及它们之间的相互作用实现的。一些最常见的攻击是由于缺乏配置、对控制程序不恰当的改变和缺乏管理引起的。但是，即使这些地方都恰当的设置过，攻击仍然会出现。恰当的结合