CN103186733A

Movatterモバイル変換

Info

Publication number: CN103186733A
Application number: CN2011104597304A
Authority: CN
Inventors: 冯允; 熊刚; 李启文; 蒋迎锋; 梅铁勇
Original assignee: China Mobile Group Guangdong Co Ltd
Current assignee: China Mobile Group Guangdong Co Ltd
Priority date: 2011-12-30
Filing date: 2011-12-30
Publication date: 2013-07-03
Anticipated expiration: 2031-12-30
Also published as: CN103186733B

Abstract

本发明提供一种数据库用户行为管理系统和数据库用户行为管理方法，该数据库用户行为管理系统包括：操作指令获取模块，用于获取用户输入的操作指令；操作指令分析模块，用于对所述操作指令进行分析，得到所述操作指令对应的指令操作范围；合法性判断模块，用于判断所述指令操作范围是否超出所述用户本次操作的允许操作范围；操作指令转发模块，用于当所述指令操作范围未超出所述用户本次操作的允许操作范围时，将所述操作指令转发给数据库；操作指令拦截模块，用于当所述指令操作范围超出所述用户本次操作的允许操作范围时，拦截所述操作指令。本发明能够实时分析用户操作，实时判断用户操作是否合法，实时拦截非法操作。

The present invention provides a database user behavior management system and a database user behavior management method. The database user behavior management system includes: an operation instruction acquisition module, used to obtain the operation instructions input by the user; an operation instruction analysis module, used to analyze the operation instructions The instruction is analyzed to obtain the instruction operation range corresponding to the operation instruction; the legitimacy judgment module is used to judge whether the instruction operation range exceeds the allowable operation range of the user's current operation; the operation instruction forwarding module is used when the operation instruction When the operation range of the instruction does not exceed the allowable operation range of the user's current operation, the operation instruction is forwarded to the database; the operation instruction interception module is used for when the operation range of the instruction exceeds the allowable operation of the user's current operation When in scope, intercept the operation instruction. The invention can analyze user operations in real time, judge whether the user operations are legal in real time, and intercept illegal operations in real time.

Description

Database user behavior management system and database user behavior management method

Technical field

The present invention relates to business support and management information system field, particularly relate to a kind of database user behavior management system and database user behavior management method.

Background technology

Database information is safely the emphasis that each large enterprises pays close attention at present.If database user carries out illegal operation by the backstage to the sensitive data in the database, cause sensitive data to be revealed or by malicious modification, will bring enormous economic loss and serious brand image influence to enterprise.

Present solution is: by 4A (authentication Authentication, number of the account Account, mandate Authorization, audit Audit) system post audit is carried out in user's operation.Be illustrated in figure 1 as the general frame synoptic diagram of Database Systems of the prior art, these Database Systems comprise: 4A system, BOSS (business operation support system, BuSSineSS﹠amp; Operation Support System) fort machine and BOSS database, the 4A system can limit user's access rights etc., but and the Operation Log of recording user, even can be by the operating process of video monitoring system recording user.Back-stage management person can be behind user's complete operation, derive all character orders and the operating process videograph at the BOSS database of user's input, by the mode of reading Operation Log and watching video, come each user's the operation legal artificial judgment of carrying out whether.

As can be seen, only after security incident took place, just can know once had people's violation operation to the keeper, and need audit one by one to the magnanimity Operation Log, even found some illegal operations in audit process, accident impact produces.And it is extremely loaded down with trivial details to recall fix duty from massive logs, and the audit work amount is very big, causes the practical operation content and examines problems such as content coupling accuracy is low, efficient is low, illegal operation discovery success ratio is low.

Obviously, use present 4A solution, can not be to operation user behavior real-time analysis (Analyse), can't the real-time judge user operation whether be legal, can't carry out real-time blocking to the illegal operation behavior.

Summary of the invention

In view of this, the invention provides a kind of database user behavior management system and database user behavior management method, can carry out real-time analysis to user's operation, whether real-time judge user's operation is legal, and real-time blocking is carried out in illegal operation.

For addressing the above problem, the invention provides a kind of database user behavior management system, comprising:

The operational order acquisition module is used for obtaining the operational order of user's input;

The operational order analysis module is used for described operational order is analyzed, and obtains the instruction opereating specification of described operational order correspondence;

The legitimacy judge module is used for judging whether described instruction opereating specification exceeds the permission opereating specification of described this operation of user;

The operational order forwarding module is used for when described instruction opereating specification does not exceed the permission opereating specification of described this operation of user described operational order being transmitted to database;

The operational order blocking module is used for tackling described operational order when described instruction opereating specification exceeds the permission opereating specification of described this operation of user.

Optionally, described database user behavior management system also comprises:

The single synchronization module of worker, what be used for synchronous worker's single system examines the worker singly;

The single analysis module of worker is used for the synchronous worker that examines is singly analyzed, and obtains the synchronous permission opereating specification of examining worker's list and storage;

Wherein, described legitimacy judge module also for examining the permission opereating specification of worker's list from all of storing, extracts the permission opereating specification of examining worker's list of described user's correspondence, as the permission opereating specification of described this operation of user.

Optionally, described database user behavior management system also comprises:

The single identifier acquisition module of worker singly identifies for the worker who obtains described user's input;

Wherein, the single analysis module of described worker also is used for obtaining the single sign of the synchronous worker who examines worker's list and storage;

Described legitimacy judge module extracts with the worker of described user's input and singly identifies the identical permission opereating specification of examining worker's list, as the permission opereating specification of described this operation of user also for examining the permission opereating specification of worker's list from all of storing.

Optionally, described operational order analysis module is based on syntax analyzer and the lexical analyzer of abstract syntax tree generation described operational order is analyzed, and obtains the instruction opereating specification of described operational order correspondence;

The single analysis module of described worker is based on syntax analyzer and the lexical analyzer of abstract syntax tree generation the synchronous worker that examines is singly analyzed, and obtains the synchronous permission opereating specification of examining worker's list and storage.

Optionally, described legitimacy judge module also comprises:

First judge module is used for judging whether described instruction opereating specification relates to the sensitive data of described database;

Second judge module is used for judging whether described instruction opereating specification exceeds the permission opereating specification of described this operation of user when described instruction opereating specification relates to the sensitive data of described database;

Wherein, described operational order forwarding module also is used for when described instruction opereating specification does not relate to the sensitive data of described database described operational order being transmitted to described database.

The present invention also provides a kind of database user behavior management method, comprising:

Obtain the operational order of user's input;

Described operational order is analyzed, obtained the instruction opereating specification of described operational order correspondence;

Judge whether described instruction opereating specification exceeds the permission opereating specification of described this operation of user;

When described instruction opereating specification does not exceed the permission opereating specification of described this operation of user, described operational order is transmitted to database;

When described instruction opereating specification exceeds the permission opereating specification of described this operation of user, tackle described operational order.

Optionally, describedly judge described instruction opereating specification also comprises before whether exceeding the step of permission opereating specification of described this operation of user:

Synchronously in worker's single system to examine the worker single;

The synchronous worker that examines is singly analyzed, obtain the synchronous permission opereating specification of examining worker's list and storage;

The described step of judging whether described instruction opereating specification exceeds the permission opereating specification of described this operation of user comprises:

Examine the permission opereating specification of worker's list from all of storing, extract the permission opereating specification of examining worker's list of described user's correspondence, as the permission opereating specification of described this operation of user.

The worker who obtains described user's input singly identifies;

Obtain the single sign of the synchronous worker who examines worker's list and storage;

Examine the permission opereating specification of worker's list from all of storing, extract with the worker of described user's input and singly identify the identical permission opereating specification of examining worker's list, as the permission opereating specification of described this operation of user.

Optionally, described described operational order is analyzed, the step that obtains the instruction opereating specification of described operational order correspondence comprises:

Based on syntax analyzer and lexical analyzer that abstract syntax tree generates described operational order is analyzed, obtained the instruction opereating specification of described operational order correspondence;

Described the synchronous worker that examines is singly analyzed, the step that obtains the synchronous permission opereating specification of examining worker's list and storage comprises:

Based on syntax analyzer and lexical analyzer that abstract syntax tree generates the synchronous worker that examines is singly analyzed, obtain the synchronous permission opereating specification of examining worker's list and storage.

Optionally, the described step of judging whether described instruction opereating specification exceeds the permission opereating specification of described this operation of user comprises:

Judge whether described instruction opereating specification relates to the sensitive data of described database;

When described instruction opereating specification relates to the sensitive data of described database, judge whether described instruction opereating specification exceeds the permission opereating specification of described this operation of user;

When described instruction opereating specification does not relate to the sensitive data of described database, described operational order is transmitted to described database.

The present invention has following beneficial effect:

Operational order to user's input carries out real-time analysis, whether the operational order of real-time judge user's input is legal operational order, and legal operational order transmitted, real-time blocking is carried out in illegal operation instruction, thereby solved that existing 4A system can not find and the real-time blocking illegal operation, can't realize " mid-event control ", the low problem of audit coupling accuracy in to the data library management.

Description of drawings

Fig. 1 is the general frame synoptic diagram of Database Systems of the prior art;

Fig. 2 is a structural representation of the database user behavior management system of the embodiment of the invention;

Fig. 3 is a flow process synoptic diagram of the database user behavior management method of the embodiment of the invention;

Fig. 4 is another schematic flow sheet of the database user behavior management method of the embodiment of the invention;

Fig. 5 is the another schematic flow sheet of the database user behavior management method of the embodiment of the invention;

Fig. 6 is the general frame synoptic diagram of the Database Systems of the embodiment of the invention;

Fig. 7 is the workflow synoptic diagram of the Database Systems among Fig. 6.

Embodiment

4A solution of the prior art, the basic reason that can not find user's illegal operation and real-time blocking is that Database Systems all carry out transparent transmission to all operational orders, in the embodiment of the invention, all operations instruction to user's input is all analyzed, whether the decision operation instruction is legal, and illegal operation instruction carried out real-time blocking, thereby in a difficult problem that fundamentally solves present database security O﹠M management and control work.

Below in conjunction with drawings and Examples, the specific embodiment of the present invention is described in further detail.

Be illustrated in figure 2 as a structural representation of the database user behavior management system of the embodiment of the invention, this database user behavior management system comprises:

Operationalorder acquisition module 201 is used for obtaining the operational order of user's input; This operational order is the operational order at database.

Operationalorder analysis module 202 is used for described operational order is analyzed, and obtains the instruction opereating specification of described operational order correspondence; Described opereating specification comprises operand and to the operational motion of this operand.

Legitimacy judge module 203 is used for judging whether described instruction opereating specification exceeds the permission opereating specification of described this operation of user;

Operationalorder forwarding module 204 is used for when described instruction opereating specification does not exceed the permission opereating specification of described this operation of user described operational order being transmitted to database;

Operationalorder blocking module 205 is used for tackling described operational order when described instruction opereating specification exceeds the permission opereating specification of described this operation of user.

The database user behavior management system that provides by above-described embodiment, can carry out real-time analysis to the operational order of user's input, whether the operational order of real-time judge user's input is legal operational order, and legal operational order transmitted, real-time blocking is carried out in illegal operation instruction, thereby solved that existing 4A system can not find and the real-time blocking illegal operation, can't realize " mid-event control ", the low problem of audit coupling accuracy in to the data library management.

In the embodiment of the invention, permission opereating specification (being user's operating right) that can pre-configured user's correspondence, and storage.When detecting a certain user's input operation instruction, at first this operational order is analyzed, obtain the instruction opereating specification of this operational order correspondence, and from the permission opereating specification of all user's correspondences of storage, extract the permission opereating specification of this user's correspondence, judge whether the instruction opereating specification of this operational order correspondence exceeds the permission opereating specification of this user's correspondence, if, judge that then this operational order is the illegal operation instruction, this operational order is tackled, otherwise, judge that this operational order is legal operational order, is transmitted to database with this operational order.

In the embodiment of the invention, one worker's single system also can be set, and the user needed to fill in one and examines worker's list before database manipulation of every execution, and this is examined the worker singly store in worker's single system, this is examined in worker's list and records this time of this user to the permission opereating specification of database manipulation.It is single that database user behavior management system all in can periodic synchronous worker single system are examined the worker, for example per three hours synchronously once, perhaps, also can be only when worker's single system has renewal, upgrade synchronously to examine the worker single.With after the examining that the worker is single and come synchronously in worker's single system, can singly analyze examining the worker, obtain examining the worker single in the permission opereating specification (hereinafter to be referred as the permission opereating specification of examining worker's list) of this time of user operation of record.When database user behavior management system detects user's input operation instruction, this operational order is analyzed, obtain the instruction opereating specification of this operational order correspondence, and from the storage all examine the permission opereating specification of worker's list, extract the permission opereating specification of examining worker's list of described user's correspondence, as the permission opereating specification of described this operation of user, whether exceed the permission opereating specification of described this operation of user with the corresponding instruction opereating specification of decision operation instruction.

Corresponding to foregoing description, the database user behavior management system of the embodiment of the invention can also comprise:

Wherein, described legitimacy judge module also for examining the permission opereating specification of worker's list from all of storing, extracts the permission opereating specification of examining worker's list of described user's correspondence, as the permission opereating specification of user's correspondence.

The single analysis module of described worker and aforesaid operations instruction analysis module can adopt same physical function module to realize, also can adopt different physical function modules to realize.

In the embodiment of the invention, can dispose a unique User Identity for each user, and indicate out User Identity this user's the worker that examines in single, thereby what can extract the user easily from a plurality of workers of examining are single examines the worker singly, whether exceeds this user's the permission opereating specification of examining worker's list with the instruction opereating specification of judging the operational order that the user imports.

In the present embodiment, can examine the worker for each singly disposes a worker and singly identifies and (be called key in the present embodiment, the single serial number of worker for example), when the user need operate database, need the worker who examines worker's list of this user's correspondence of input singly to identify, worker according to user's input singly identifies then, examine the permission opereating specification of worker's list from all of storing, extract the permission opereating specification of examining worker list corresponding with the single sign of the worker of described user's input, as the permission opereating specification of described this operation of user, whether exceed the permission opereating specification of this this operation of user with the instruction opereating specification of judging the operational order that the user imports.

Wherein, the single analysis module of above-mentioned worker also is used for the synchronous worker that examines is singly analyzed, and obtains the single sign of the synchronous worker who examines worker's list and storage.Described legitimacy judge module extracts the permission opereating specification of examining worker list corresponding with the single sign of the worker of described user's input, as the permission opereating specification of described this operation of user also for examining the permission opereating specification of worker's list from all of storing.

When the data volume that relates in the database is big, if all carry out matching operation with the permission opereating specification of examining worker's list at each operational order of user, will increase the burden of database user behavior management system.Thereby, in the embodiment of the invention, some important data in the database (for example relate to privacy of user or relate to the data of secret of the trade) can be configured to sensitive data, only carry out matching operation at these sensitive data instruction corresponding and the permission opereating specification of examining worker's list, then can directly transmit for the operational order at general data.

Based on foregoing description, the legitimacy judge module of the embodiment of the invention can also comprise following functional module:

In addition, in above-described embodiment, after the operational order forwarding module was transmitted to database with described operational order, described database can be carried out described operational order, and obtaining an operating result, described database user behavior management system can also return to the user with described operating result.That is to say that described database user behavior management system can also comprise and return module, be used for described database is returned to described user at the operating result of described operational order.

In addition, the database user behavior management system of the embodiment of the invention can also comprise a logging modle, carries out record for the legitimacy of the operational order that the user is imported.

Corresponding to above-mentioned database user behavior management system, the embodiment of the invention also provides a kind of database user behavior management method, be illustrated in figure 3 as a flow process synoptic diagram of the database user behavior management method of the embodiment of the invention, this database user behavior management method may further comprise the steps:

Step 301 is obtained the operational order of user's input.

Step 302 is analyzed described operational order, obtains the instruction opereating specification of described operational order correspondence.

Step 303 judges whether described instruction opereating specification exceeds the permission opereating specification of described this operation of user, if, execution instep 304, otherwise, execution instep 305.

Step 304 is tackled described operational order.

Step 305 is transmitted to database with described operational order.

In addition, in the present embodiment, after operational order is transmitted to database, can also comprise: the step that described database is returned to described user at the operating result of described operational order.

In the embodiment of the invention, can according to user synchronous from worker's single system to examine the worker single, judge whether the instruction opereating specification of the operational order that the user imports exceeds the permission opereating specification of this operation of user.Be illustrated in figure 4 as another schematic flow sheet of the database user behavior management method of the embodiment of the invention, this database user behavior management method may further comprise the steps:

Step 401, synchronously in worker's single system to examine the worker single.

Step 402 is singly analyzed the synchronous worker that examines, and obtains the synchronous permission opereating specification of examining worker's list and storage.

Step 403 is obtained the operational order of user's input.

Step 404 is analyzed described operational order, obtains the instruction opereating specification of described operational order correspondence.

Step 405 is examined the permission opereating specification of worker's list from all of storing, and extracts the permission opereating specification of examining worker's list of described user's correspondence.

Step 406 judges whether described instruction opereating specification exceeds the permission opereating specification of examining worker's list of described user's correspondence, if, execution instep 407, otherwise, execution instep 408.

Step 407 is tackled described operational order.

Step 408 is transmitted to database with described operational order.

In the present embodiment, can examine the worker for each singly disposes a worker and singly identifies (for example worker single serial number), when the user need operate database, need the worker who examines worker's list of this user's correspondence of input singly to identify, worker according to user's input singly identifies then, examine the permission opereating specification of worker's list from all of storing, extract the permission opereating specification of examining worker list corresponding with the single sign of the worker of described user's input, as the permission opereating specification of described this operation of user, whether exceed the permission opereating specification of this this operation of user with the instruction opereating specification of judging the operational order that the user imports.

Be illustrated in figure 5 as the another schematic flow sheet of the database user behavior management method of the embodiment of the invention, this database user behavior management method may further comprise the steps:

Step 501, synchronously in worker's single system to examine the worker single.

Step 502 is singly analyzed the synchronous worker that examines, and obtains the synchronous permission opereating specification of examining worker's list and storage.

Step 503 is obtained the operational order of user's input.

Step 504 is analyzed described operational order, obtains the instruction opereating specification of described operational order correspondence.

Step 505 judges whether described instruction opereating specification relates to the sensitive data of described database, if, execution in step 506, otherwise, execution in step 509.

Step 506 is examined the permission opereating specification of worker's list from all of storing, and extracts the permission opereating specification of examining worker's list of described user's correspondence.

Step 507 judges whether described instruction opereating specification exceeds the permission opereating specification of examining worker's list of described user's correspondence, if, execution in step 508, otherwise, execution in step 509.

Step 508 is tackled described operational order.

Step 509 is transmitted to database with described operational order.

In addition, above-mentionedly judge that whether described instruction opereating specification relates to before the step of sensitive data of described database, can also comprise: the step of the sensitive data of configuration database.

Be illustrated in figure 6 as the general frame synoptic diagram of the Database Systems of the embodiment of the invention, these Database Systems comprise: 4A system, BOSS fort machine, iAnlyser system, BOSS database and worker's single system, wherein, the iAnlyser system is the database user behavior management system of the embodiment of the invention, comprise: Secure Sqlplus client, the single synchro system of worker, grammatical analysis engine, legitimacy judge module, monitor database and display module are elaborated to above-mentioned each module respectively below.

1, Secure Sqlplus client

Be designated hereinafter simply as the SS client, the SS client can be a class Sqlplus client by the JAVA programming, the keeper can arrange authority in operating system, forbid other database access running softwares, only allows the user to use the SS client to the operation that conducts interviews of BOSS database.

The SS client can be obtained all database operating instructions (being the SQL instruction in the present embodiment) of user's input, and call the grammatical analysis engine each bar operational order is carried out grammatical analysis, and analysis result (namely instruct opereating specification) sent to the legitimacy judge module, in addition, the SS client can also be with the key (key of user's input, be that above-mentioned worker singly identifies) etc. information send to the legitimacy judge module, the operational order of the user being imported by the legitimacy judge module carries out the legitimacy judgement, if operational order is judged as legal, the SS client then is transmitted to the BOSS database with this operational order, and the BOSS database returned to the user at the operating result of this operational order, if operational order is judged as illegally, the SS client will be tackled this operational order, and will tackle operation indicating and give the user.

That is to say that this SS client is used for carrying out the function of the single identifier acquisition module execution of operational order acquisition module, operational order forwarding module, operational order blocking module and worker of above-described embodiment.

2, the single synchronization module of worker

The single synchronization module of worker is by worker's single system (AMS system, flow processs such as the support worker singly examines) the Webservice interface that provides, " it is single to examine the worker " that " examine " in worker's single system come synchronously, and incite somebody to action " the single serial number of worker " note as key (key, be that above-mentioned worker singly identifies), call the grammatical analysis engine then, from comprising Chinese, English, in single description of complicated irregular worker such as special character, extract the required operational order of user's Operations Analyst (being the SQL instruction), and this operational order is analyzed, split into parse tree (the simplification set of database object+operation), the most at last key, this worker singly relates to the table name of operation, field list, items of information such as operational motion write in the monitor database.

That is to say that the single synchronization module of this worker is used for the function of the single synchronization module execution of worker of execution above-described embodiment.

3, grammatical analysis engine

Grammatical analysis engine in the present embodiment be one based on the SQL grammatical analysis engine of abstract syntax tree (AST), this grammatical analysis engine can be called by SS client and the single synchronization module of worker, the operational order that the single synchronization module of worker or SS client are sent carries out real-time analysis, obtain the opereating specification (allowing opereating specification or instruction opereating specification) of this operational order correspondence, the for example database table that will operate, field and data content scope etc., and the result that will obtain writes in the monitor database.

That is to say that this grammatical analysis engine is used for carrying out the function of the single analysis module execution of operating operation instruction analysis module, worker of above-described embodiment.

4, legitimacy judge module:

Legitimacy judge module and SS client, monitor database are carried out real-time, interactive.When the user logins the SS client, the SS client sends to the legitimacy judge module with the key of user's input, this moment, the legitimacy judge module can extract the permission opereating specification of examining worker's list (as legitimacy basis for estimation two) of this key correspondence according to this key from monitor database.After the user imports an operational order, the grammatical analysis engine is analyzed this operational order, obtain the instruction opereating specification (as legitimacy basis for estimation three) of this operational order, and the instruction opereating specification that will obtain is write in the monitor database in real time, at this moment, the legitimacy judge module extracts the instruction opereating specification of this operational order, the sensitive data of reference database (as legitimacy basis for estimation one, the table name of sensitive data, field name, the information such as operational motion that limit under this appointed object all are stored in the monitor database) simultaneously.According to above-mentioned three bases for estimation, judge whether this operational order is legal, if wherein any one basis for estimation is undesirable, judge that then this operational order is illegal, in addition, the legitimacy judge module can also write monitor database with the legitimacy judged result.

That is to say that this legitimacy judge module is used for the function of the legitimacy judge module execution of execution above-described embodiment.

5, monitor database

Monitor database receives and also to record following content: the grammatical analysis engine is to the operational order of user's input and examine the analysis result, legitimacy judge module of the operational order of worker in single to the legitimacy judged result of every operational order.Monitor database can be visited by grammatical analysis engine, legitimacy judge module and display module.

6, display module

Can be at the sensitive data of display module front page layout configuration BOSS database (table name, the field name of configuration sensitive data, limit operational motion under this appointed object etc.), simultaneously, display module can also be showed the legitimacy judged result of storing in the monitor database, so that the keeper can directly see the user and carry out what operation, whether this operation legal and interception result etc.

Be illustrated in figure 7 as the workflow synoptic diagram of the Database Systems among Fig. 6:

Step 701, by display module configuration sensitive data information, the operational motion of the table name of appointment sensitive data, field name, restriction etc. are as the foundation one of legitimacy judgement.

Step 702 stores sensitive data information among the table tb.mingan into.

Concrete, can utilize J2EE constructing system application framework, provide the Web operation interface that sensitive data table tb.mingan is carried out maintenance management.

Sensitive data table tb.mingan can be as shown in table 1:

Table 1

Can see that from table 1 the high-risk operation (i.e. the operational motion of Xian Dinging) of table sa_sr_role is insert, update, delete.When database user behavior management system discovery user his-and-hers watches sa_sr_role carries out aforesaid operations, will tackle at once.

Step 703, the single synchronization module of worker utilize in the synchronous worker's single system of Webservice interface to examine the worker single.

For example the synchronizing step of examining worker's list is described below:

Step 7031, setting and extracting the condition of examining worker's list is that worker's single (the single type z_type=' of worker 48 ' AND districts and cities are Foshan z_cust_org=1313) is examined in Foshan.

Step 7032, the BOSS database will be examined worker's single transmit with the form of xml data and give the worker single synchronization module.

Step 7033 makes an explanation to the xml data, and separation and Extraction goes out to examine worker's forms data such as the single serial number of worker, type, related personnel, theme, description of worker's list.

Step 7034 utilizes Hibernate that the worker's forms data after synchronous is saved in the AMS_WORK_ORDER table of monitor database.

Step 704, the grammatical analysis engine singly carries out grammatical analysis to examining the worker, obtains this worker who examines worker's list and singly identifies (key) and allow opereating specification (table name, field and operational motion etc.).

The grammatical analysis engine can use regular expression singly to analyze examining the worker, also can use the syntax analyzer and the lexical analyzer that generate based on Antlr singly to analyze examining the worker.

Use can be finished all working that regular expression can be finished easily based on syntax analyzer and lexical analyzer that Antlr generates, in addition use the syntax analyzer and the lexical analyzer that generate based on Antlr can also finish the work that some regular expressions are difficult to finish, such as the paired coupling of identification left parenthesis and right parenthesis etc.

Construction process based on the grammatical analysis engine of Antlr is as follows:

Behind Antlr generative grammar analyzer and lexical analyzer, can verify whether the expression formula of input is legal based on syntax analyzer and lexical analyzer.To the character string of each input, construct an ANTLRStringStream stream in, with in structure lexical analyzer lexer.The effect of lexical analysis is to produce mark, with a mark stream of lexical analyzer PLSQL3jLexer structure tokens, and then uses tokens structure syntax analyzer parser, finishes the preliminary work of lexical analysis and grammatical analysis.Call the regular sql_command of syntax analyzer at last, finish the checking to expression formula.So far, just can finish the structure of grammatical analysis engine.

Step 705, grammatical analysis engine are examined the single sign of worker of worker's list with this and are allowed opereating specification to store in the tb.shenpi table in the monitor database, the foundation of judging as legitimacy two.

Step 706 makes up the SS client, and in BOSS fort machine operation system authority is set in BOSS fort machine, only allow the user to pass through SS client-access BOSS database.

Java language has cross-platform advantage, can use the java application that can carry out in order line of a band of Java exploitation main in the present embodiment.When the main program is carried out, can obtain the user by the System.in.read tool function that jdk1.6 carries and singly identify (key) operational order and the worker of foreground input.

The worker that step 707, SS client receive user's input singly identifies (key) and operational order;

Step 708 is shown and sensitive data table tb.mingan extracts the permission opereating specification (operational motion ctrl and operand FIELD) of this key correspondence to tb.shenpi according to the key of user input.

Step 709 utilizes java hashmap (shenpiMap) that the permission opereating specification of this key is deposited.

Step 710, the grammatical analysis engine is analyzed the operational order of user's input, obtains the instruction opereating specification of this operational order correspondence.

The SS client is by the character analysis, if "; N " operation of (branch+carriage return) namely regards as this sql instruction and imported and finish, just with whole sentence sql extraction.

Step 711, grammatical analysis engine will instruct opereating specification to be stored in the tb.user_Input table in the monitor database.

Step 712 will instruct opereating specification to be saved among the java hashmap (userMap).

Step 713, the legitimacy judge module carries out value one by one with the item among the userMap in allowing opereating specification shenpiMap, if all have got equivalence, execution in step 714, if get less than equivalence, then execution in step 716.

Step 714, it is legal to be judged to be operational order.

Step 715, (instruction is out.println (runSqlCommd) by the out method operational order of user input to be sent to the BOSS database, out is that the initialization when the Connection Service device of SSh instrument is good, and out.println () is equivalent to send SQL statement and carriage return is submitted to).

Step 716, the decision instruction is illegal.

Step 717, (" (operation is illegal, and your statement is blocked for errSqlCommd+ by method System.out.println! ) "), statement+information is printed to screen, no longer call out.println (runSqlCommd) submission, thereby finish the interception of illegal statement.

In addition, said method also comprises the abnormal operation data mining is gone out correlation function, comprises interception record display, form derivation etc.Use the j2ee framework,, realize application such as " configuration, inquiry, derivation, forms " based on the B/S structure.

The embodiment of the invention, mainly be to solve the short slab of existing 4A system aspect the database security management and control, propose a kind ofly to be advanced to the new type of safe management-control method of " the thing " " in advance " from " afterwards ", accomplish " stretch out one's hand and namely grab " to operator's unlawful practice, accomplish to analyze sentence by sentence in real time, tackle immediately illegal operation, the illegal operation influence is reduced to zero.

The present invention is applicable to the user behavior analysis under the various complex scenes simultaneously, can be widely used in every field such as application system, main frame, the network equipment, fire wall more.

The above only is preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.

Claims

1. a database user behavior management system is characterized in that, comprising:

2. database user behavior management as claimed in claim 1 system is characterized in that, also comprises:

3. database user behavior management as claimed in claim 2 system is characterized in that, also comprises:

4. as claim 2 or 3 described database user behavior management systems, it is characterized in that:

Described operational order analysis module is based on syntax analyzer and the lexical analyzer of abstract syntax tree generation described operational order is analyzed, and obtains the instruction opereating specification of described operational order correspondence;

5. database user behavior management as claimed in claim 1 system is characterized in that described legitimacy judge module also comprises:

6. a database user behavior management method is characterized in that, comprising:

Obtain the operational order of user's input;

7. database user behavior management method as claimed in claim 6 is characterized in that:

Describedly judge described instruction opereating specification also comprises before whether exceeding the step of permission opereating specification of described this operation of user:

Synchronously in worker's single system to examine the worker single;

8. database user behavior management method as claimed in claim 7 is characterized in that:

The worker who obtains described user's input singly identifies;

9. as claim 7 or 8 described database user behavior management methods, it is characterized in that:

Described described operational order is analyzed, the step that obtains the instruction opereating specification of described operational order correspondence comprises:

10. database user behavior management method as claimed in claim 6 is characterized in that, the described step of judging whether described instruction opereating specification exceeds the permission opereating specification of described this operation of user comprises: