安全数据库顶层规范中SQL操作的形式化分析与验证.pdfVIP

优先出版 计 算 机 应 用 研 究 第32 卷 安全数据库顶层规范中SQL 操作的形式化分析与验证* 汪志鹏，杨明慧，陈 兵，王 福 (公安部第三研究所 网络身份技术事业部，上海 201204) 摘 要：开发高安全等级数据库管理系统需要在顶层规范设计中进行形式化分析和验证，而对SQL 操作的安全性分析 验证是其中的重要环节。本文介绍了安全数据库形式化顶层规范，定义了顶层规范中 SQL 操作的描述，在此基础上给 出简单SQL 操作的定义，并对其进行分析验证，最后将一般 SQL 操作的分析验证转化为多个简单 SQL 操作的分析验 证。验证过程表明，该方法既对SQL 操作做了完整清晰的描述，又简化了证明。 关键词：形式化顶层规范；安全数据库；SQL 操作；形式化分析与验证 中图分类号：TP311.13 文献标志码：A Formal specification and verification for SQL operations in top level specification of secure database WANG Zhi-peng, YANG Ming-hui, CHEN Bing, WANG Fu (Network Electronic Identity Technology Division, Third Research Institute of Ministry of Public Security, Shanghai 201204, China) Abstract: Formal specification and verification is required for high security level DBMS in the top level specification design. The specification and verification towards SQL operations is important especially. This paper proposed a novel approach to solve the specification and verification issues towards SQL operations. Firstly, our work formally defined the SQL operations in FTLS; then, it gave the definitions of the simple SQL operations and proposed a method to verify them; finally, our work transformed the verification of the SQL operations in FTLS to the verification of the component simple SQL operations. The process of verification shows that our approach makes a comprehensive specification of SQL operations and simplifies the verification procedure. Key Words: formal top level specification; secure database; SQL operation; formal specification and verification 的分析