基于SQL+Server的网络考试系统数据库安全的研究-软件工程专业论文.docxVIP

摘 摘 要 网络考试系统是一个数据密集型应用系统，其数据库系统担负着存储和管理 考试系统所有数据的任务，敏感数据一旦泄漏将直接影响考试的公平和权威性。 本文结合网络考试系统的安全保护特点，针对网络数据库所带来的非法访问、黑 客攻击、数据篡改等安全问题进行了分析，在SQL Server本身的安全管理机制的 基础上，利用身份认证技术、数字签名技术、访问控制技术和数据库加密技术等 形成一套安全增强方案，主要是：针对非法用户访问数据库的安全漏洞，提出了 对管理人员进行“口令+RSA数字签名”双重认证、对考生进行Hash签名认证的身 份认证方案；针对合法用户非法访问数据库和黑客攻击等安全漏洞，提出巧用SQL Server的隔离控制技术增强访问控制：针对数据库中敏感数据的安全需求，提出 数据库加密模型，用“密文挪用法”对AES加密算法进行改进以解决加密后数据扩 张的问题，并在an／解密引擎模块中实现用该算法对敏感数据进行加密，同时，设 计了一套方便有效的密钥管理方案，即“用户口令保护用户密钥，用户密钥保护数 据密钥，数据密钥进行数据加／解密”。该安全增强方案在一定程度上弥补了当前 大多数网络考试系统在数据库安全方面的缺陷。 关键词：网络考试系统；SQL Server；数据库安全；数据库加密；密钥管理 AbstractNetwork Abstract Network examination system is a data—intensive application system，the database system in which has been responsible for the storage and management of all the data． The leak of sensitive data will have a direct impact on the fairness and authority to the examination system．Aiming at the problem brought by network database，such as the illegal visit，hacker attacks and data tampered，the thesis presents a set of security enhancement scheme based on the security management mechanism in SQL Server, which combined with the security features of the examination system．The scheme uses the identity authentication techniques，digital signature，Access Control Technology and database encryption technology,mainly have been：For database security loopholes against unauthorized users，raising the need for managers of double Authentication”password+RSA Digital Signature”，and for candidates conducted Hash Signature Authentication：Aiming at the illegal visit of legitimate users and hacker attacks，using the isolation control technology in SQL Server to enhance the access control；In view of the security needs of database sensitive data，the thesis presents a database encryption model．AES encryption algorithm has been improved using”code misappropriated law”to solve the encrypted data expansion，and has been used to encrypt sensitive data in the encryption／decoder engine module．At the same time，the thesis designs a convenient