KR20160114492A - Method, server and computer program for security management in database - Google Patents

Abstract

According to an aspect of the present invention, a database security management program is disclosed that is stored in a computer-readable medium to cause a computer to perform the following steps. The steps may include reading one or more data encrypted at the column level from a persistent storage medium or memory; Decoding one or more data encrypted at the column level to generate one or more decrypted data; Generating an index table based on the generated one or more decoded data; And encrypting the generated index table at a block level.

Description

METHOD, SERVER AND COMPUTER PROGRAM FOR SECURITY MANAGEMENT IN DATABASE,

The present invention relates to database security management, and more particularly, to a method, a server, and a computer program for generating an index for an encrypted database.

As computers and Internet technologies evolve, databases are becoming increasingly important for storing large amounts of data efficiently and quickly and easily searching for desired search conditions. Current database systems allow storing and retrieving a large amount of information. Some of this information may include sensitive information such as, for example, a credit card number.

In particular, the security of a database for collecting and managing personal information in financial institutions, Internet portal sites, and the like is designed to prevent the unauthorized user from judging or improperly recording the information processed by the computer, In order to protect the service from being denied in the computer system, and to ensure the integrity, confidentiality and availability of the data in the database management system that holds large amounts of data, it is essential.

In recent years, information leakage due to exposure of a cryptographic key by a database server administrator and a developer has become a serious problem. In other words, the amount of information accumulated in the database existing in the corporation increases proportionally with the tendency that the degree of integration of information becomes higher day by day. As a result, for example, customer information (resident registration number, telephone number Number, account number, etc.) is leaked through the illegal route, the ripple effect of the damage is getting big.

Although leakage of such data may be caused by hacking by external hackers and physical access to the data storage space, in reality, most information leakage is caused by an insider having a proper access right to the database This is caused by an administrator, and the leakage of information by such an insider may cause more serious and fatal damage than an external hacking event.

Conventional techniques for managing such database security have restricted access to specific information to specific users by using a prescribed access control method in a security profile assigned to each client. This technique can prevent a client from accessing unauthorized information. However, these conventional techniques have a disadvantage in that it is impossible to block fraudulent actions of an insider having a legitimate access right (for example, a database administrator) or a person having an OS privilege.

To solve this problem, a method of encrypting confidential information in a user application has been proposed. However, in this method, since all user applications that deal with confidential information must be encrypted / decrypted, encryption / There may be an inconvenience that it is necessary to provide a service.

Furthermore, another conventional technique discloses a technique of encrypting column data of a database table (column level encryption) and storing the data on a disk. Such prior art allows data to be encrypted when it is stored on a disk, but decrypted when data is loaded into the memory, allowing the user to view unencrypted data. However, since the conventional technique implements encryption on a column-by-column basis, a problem may arise in building an index generated based on a column value. That is, since an index is generated based on a column value, if such a column value itself is encrypted, an index range scan performed based on a value range may become impossible. That is, when the index range scan becomes impossible, there is an absolute effect on the essential performance of the database, which is fast and efficient search. With this technique, only a unique search for a single value can be made, but this can also become impossible if Salt is used.

Thus, there is a need in the art for a data security technique that can block unauthorized activity, such as insiders, while protecting confidential information in the database system in an efficient manner and without changing user applications.

Korean Patent Publication No. 10-2006-0058546 U.S. Patent No. 7,111,005

SUMMARY OF THE INVENTION The present invention has been made in view of the foregoing, and is intended to provide a technique for maintaining intrinsic functions of a database while protecting confidential information in an efficient manner in a database system.

The present invention is also intended to provide an efficient database security management technique capable of allowing an index range scan.

A computer program according to an embodiment of the present invention for realizing the above-mentioned problems is disclosed. The computer program is stored in a computer-readable medium to cause a computer to perform the following steps: the step of: storing one or more data encrypted at the column level in a persistent storage medium or memory ; Decoding one or more data encrypted at the column level to generate one or more decrypted data; Generating an index table based on the generated one or more decoded data; And encrypting the generated index table at a block level.

According to one embodiment of the present invention, a database server for database security management is disclosed. The database server decrypts one or more data encrypted at the column level to generate one or more decrypted data, generates an index table based on the one or more decrypted data, and encrypts the generated index table at a block level At least one processor for performing operations; A data table including data encrypted at the column level, and a persistent storage for storing the index table encrypted at the block level.

In accordance with another embodiment of the present invention, a database security management program is disclosed that is stored on a computer-readable medium to cause a computer to perform the following steps. Reading the index table encrypted at the block level from the persistent storage medium in response to the index inquiry request; Decrypting the index table encrypted at the block level to generate a decrypted index table; Performing an index scan on the basis of the decoded index table; Reading from the persistent storage medium one or more data encrypted at the column level corresponding to the result of the index scan; And decoding one or more data encrypted at the column level to generate one or more decrypted data.

According to another embodiment of the present invention, a database server that provides database security management is disclosed. The database server reads the index table encrypted at the block level from the persistent storage medium in response to the index inquiry request, decrypts the index table encrypted at the block level to generate the decrypted index table, Reading one or more data encrypted at the column level corresponding to the result of the index scan from the persistent storage medium and decrypting the one or more data encrypted at the column level to obtain one At least one processor for generating the decoded data; A data table including data encrypted at the column level, and a persistent storage for storing the index table encrypted at the block level.

According to one embodiment of the present invention, a data encryption technique may be provided to protect the confidential information in the database system in an efficient manner and to prevent tampering of the insider without changing the user application.

Also, according to an embodiment of the present invention, an efficient database security management technique capable of allowing an index range scan can be provided.

Various aspects are now described with reference to the drawings, wherein like reference numerals are used to refer to like elements throughout. In the following examples, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of one or more aspects. However, it will be apparent that such aspect (s) may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to facilitate describing one or more aspects.
1 illustrates an exemplary database system in accordance with an embodiment of the present invention.
Figure 2 illustrates by way of example components of a database server according to an embodiment of the present invention.
Figure 3 illustrates an exemplary flow diagram of a data store and index build process in accordance with one embodiment of the present invention.
4 illustrates an exemplary flow chart for an index scan and lookup process in accordance with an embodiment of the present invention.
Figure 5 illustrates an exemplary flow diagram for a data query process in accordance with one embodiment of the present invention.
FIG. 6 illustrates an exemplary encryption scheme in which data and indexes are encrypted and stored in a persistent storage medium according to an embodiment of the present invention.
Figure 7 illustrates an exemplary flowchart for data storage and index build (or update) in accordance with one embodiment of the present invention.
Figure 8 illustrates an exemplary flowchart for an index lookup according to one embodiment of the present invention.

Various embodiments and / or aspects are now described with reference to the drawings. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of one or more aspects. However, it will also be appreciated by those of ordinary skill in the art that such aspect (s) may be practiced without these specific details. The following description and the annexed drawings set forth in detail certain illustrative aspects of one or more aspects. It is to be understood, however, that such aspects are illustrative and that some of the various ways of practicing various aspects of the principles of various aspects may be utilized, and that the description set forth is intended to include all such aspects and their equivalents.

In addition, various aspects and features will be presented by a system that may include multiple devices, components and / or modules, and so forth. It should be understood that the various systems may include additional devices, components and / or modules, etc., and / or may not include all of the devices, components, modules, etc. discussed in connection with the drawings Must be understood and understood.

As used herein, the terms "an embodiment," "an embodiment," " an embodiment, "" an embodiment ", etc. are intended to indicate that any aspect or design described is better or worse than other aspects or designs. . As used herein, the terms 'component,' 'module,' 'system,' 'interface,' and the like generally refer to a computer-related entity and include, for example, hardware, It can mean software.

In addition, the term "or" is intended to mean " exclusive or " That is, it is intended to mean one of the natural inclusive substitutions "X uses A or B ", unless otherwise specified or unclear in context. That is, X uses A; X uses B; Or when X uses both A and B, "X uses A or B" can be applied to either of these cases. It should also be understood that the term "and / or" as used herein refers to and includes all possible combinations of one or more of the listed related items.

It is also to be understood that the term " comprises "and / or" comprising " means that the feature and / or component is present, but does not exclude the presence or addition of one or more other features, components and / It should be understood that it does not. Also, unless the context clearly dictates otherwise or to the contrary, the singular forms in this specification and claims should generally be construed to mean "one or more. &Quot;

The computer readable media herein may include any type of storage medium in which programs and data are stored so that they can be read by a computer system. According to one aspect of the present invention, such medium may be a ROM (Read Only Memory), a RAM (Random Access Memory), a CD (Compact Disk) -ROM, a DVD Storage devices, and the like, and may also be implemented in the form of a carrier wave (e.g., transmission over the Internet). Additionally, such media may be distributed over networked systems and may store computer readable codes and / or instructions in a distributed manner.

Before describing the embodiments of the present invention in detail, it is to be understood that the present invention is not limited to the above-described embodiments, but may be modified and changed without departing from the scope and spirit of the invention. It is also to be understood that the terminology or words used in the present specification and claims should be interpreted with reference to the meaning of the inventive concept of the present invention based on the principle that the inventor can define the concept of appropriate terms to describe his invention in the best way It should be interpreted as a concept.

1 illustrates an exemplary database system 100 in accordance with one embodiment of the present invention.

1, database server 120 may include any type of computer system or computer device, such as, for example, a microprocessor, mainframe computer, digital single processor, portable device, and device controller, have.

Client 110 may refer to nodes in a database system having a mechanism for communicating over a network. For example, the client 110 may include a PC, a laptop computer, a workstation, a terminal, and / or any electronic device having network connectivity. In addition, the client 110 may include any server implemented by at least one of an agent, an application programming interface (API), and a plug-in.

The database server 120 may include a database management system (DBMS) 130 and a persistent storage 140.

Although not shown in FIG. 1, the database server 120 may include one or more memories containing a buffer cache. Also, although not shown in FIG. 1, the database server 120 may include one or more processors. Thus, the DBMS 130 may be operated by the processor on the memory.

Here, the memory is a main storage device directly accessed by the processor, such as a random access memory (RAM) such as a dynamic random access memory (DRAM), a static random access memory (SRAM) Volatile storage devices that are erased instantaneously, but are not limited to these. Such memory may be operated by the processor. The memory may temporarily store a data table containing data values. The data table may include a data value. In an embodiment of the present invention, the data value of the data table may be encrypted in columns and stored in a permanent storage medium. In a further aspect, the memory includes a buffer cache, wherein data may be stored in a data block of the buffer cache. The data may be written to the persistent storage device 140 by a background process.

Persistent storage 140 may include, for example, a magnetic disk, an optical disk and a magneto-optical storage device as well as a storage based on flash memory and / Means a non-volatile storage medium, such as a device, that can continuously store any data. The persistent storage medium 140 may communicate with the processor and memory of the database server 120 through various communication means. In a further embodiment, the persistent storage medium 140 may be external to the database server 120 and be capable of communicating with the database server 120. [

The DBMS 130 is a program for allowing the database server 120 to perform operations such as retrieving, inserting, modifying, and / or deleting necessary data. As described above, in the memory of the database server 120, Lt; / RTI >

And can communicate with each other through the client 110 and the database server 120 network. The network according to an exemplary embodiment of the present invention may be a Public Switched Telephone Network (PSTN), a Digital Subscriber Line (xDSL), a Rate Adaptive DSL (RADSL), a Multi Rate DSL (MDSL) ), Universal Asymmetric DSL (UADSL), High Bit Rate DSL (HDSL), and Local Area Network (LAN).

In addition, the network presented in this specification can be applied to various wireless communication systems such as Code Division Multi Access (CDMA), Time Division Multi Access (TDMA), Frequency Division Multiple Access (FDMA), Orthogonal Frequency Division Multiple Access (OFDMA), Single Carrier- ), And other systems. The techniques described herein may be used in other networks as well as in the networks mentioned above.

FIG. 2 illustrates exemplary components of a database server 120 according to an embodiment of the present invention.

2, the database server 120 may include a persistent storage 140 and a DBMS 130. As shown in FIG. As described above, the DBMS 130 may be operated by one or more memory and one or more processors in the database server 120.

The DBMS 130 may include a transmission / reception module 210, an index management module 220, a data management module 230, an encryption module 240, and a decryption module 250. Each of the modules in the DBMS 130 shown in FIG. 2 can communicate with each other. The modules of such DBMS 130 are exemplary and, depending on the implementation, additional modules may be included or some of the modules may be omitted.

The transmission / reception module 210 can receive data from a user, inquire and index build, inquiry request, and the like. Also, the transmission / reception module 210 may transmit the result information on the data storage, the inquiry, the index build, and the inquiry request.

The index management module 220 may process and manage requests related to index build, update, store, and lookup. The index management module 220 may include a build module 260 and a scan module 270. The build module 260 may perform operations related to building the index and / or updating the built index. The scan module 270 may perform an index scan on the decoded index table.

The data management module 230 may process and manage requests related to storage and retrieval of data. The data management module 230 may include a storage module 280 and a query module 290. The storage module 280 may process and manage requests associated with storage (including updates) of data.

The storage module 280 may determine whether the column in which the data is to be stored is an encrypted designated column, whether the column in which the data is to be stored is an indexed column, and the like. Further, the storage module 280 may decide to store data, index tables, and the like. The storage module 280 may also determine a storage location for the encrypted data and / or the encrypted index table. For example, the storage module 280 may determine the storage location on the data table for the encrypted data. In another example, the storage module 280 may determine the storage location on the persistent storage medium 140 for the encrypted data.

The query module 290 can process and manage requests related to the retrieval (reading) of data. The inquiry module 290 can inquire the value of the corresponding data (s) based on the column key and the row ID acquired according to the index scan in communication with the scan module 270. [

The encryption module 240 may perform encryption on the data before writing (storing) the data to the persistent storage medium 140. [ The encryption module 240 may generate cipher text based on plaintext data. Encryption schemes for data herein may include column-level encryption and block-level encryption (e.g., tablespace) level encryption. Column-level encryption means that the data in the column specified to be encrypted is encrypted. Block level encryption means that data is encrypted on a block-by-block basis. For example, physical data files generated on an OS system are encrypted on a block-by-block basis. In one aspect of the present invention, column-level encryption is performed on the data to be stored, and block-level encryption can be performed on the index to be stored. In a further aspect of the invention, block level encryption may mean that encryption is implemented in units of blocks or more (such as files, segments, and tablespaces).

In a further aspect of the present invention, the encryption module 240 may map a cryptographic comparison code (e.g., a hash function) to the encrypted data and store it in the persistent storage medium 140. Therefore, the encryption comparison code and the encrypted data are recorded in the permanent storage medium 140, and the integrity of the data decrypted by the decryption module 250 through the encryption comparison code can be verified.

In an aspect of the present invention, the operation of writing data (e.g., encrypted data) to the persistent storage medium 140 may include a background process (e.g., a database buffer writer process, a data block writer process, a checkpoint process, And / or a Log writer process). In such a case, if the encryption module 240 stores the encrypted data in a memory (e.g., a buffer cache) (foreground process), the background process may write the encrypted data to the persistent storage medium 140 at a predetermined time . Also, the operation of encrypting the generated index table at the block level may be performed when the background process tries to write the block in the memory to the permanent storage medium.

In one aspect of the present invention, the encryption module 240 may be located across the frontend and backend layers of the DBMS 120. Further, in a further aspect of the present invention, the decryption module 250 may be located in the back-end layer of the DBMS 120.

The decryption module 250 may decrypt the encrypted data to generate deciphered text corresponding to plain text data. Additionally, the decryption module 250 may determine whether the decrypted data is the same as the plaintext data (i.e., integrity verification).

The decryption module 250 may decrypt the loaded data when the encrypted data recorded in the permanent storage medium 140 is loaded into the memory. The decryption module 250 can decrypt the corresponding data in accordance with the encryption method of the encryption module 240. [ In addition, if the decrypted module 250 is stored in the memory with the encrypted data, the decryption module 250 can also decrypt the data.

In the column-level encryption in this specification, a first encryption key is generated on a column-by-column basis, the block-level encryption generates a second encryption key on a block basis, and the first encryption key and the second encryption key have different values Lt; / RTI > Also, the first encryption key and the second encryption key may be stored in a data dictionary (DD) of the permanent storage medium or memory (e.g., a data dictionary cache). In addition, the first encryption key and the second encryption key may be encrypted through a master key and stored in the data dictionary, and the master key may be stored on an external storage medium or on the persistent storage medium.

A decoding method according to an aspect of the present invention may use a symmetric key that is the same as an encryption key used in generating a cipher text in the cipher system. Examples of such encryption / decryption methods include, but are not limited to, DES (Data Encryption Standard), AES (Advanced Encryption Standard), ARIA, Twofish and SEED. In addition, the encryption and decryption method according to an aspect of the present invention may use a public key encryption method having a public key and a private key. Such encryption / decryption methods may include, but are not limited to, for example, RSA, ElGamal, elliptic curve encryption, and backpack encryption.

In a further aspect of the present invention, decoding on a block-by-block index table may be performed when loaded from persistent storage medium 140. [ Also, decryption of data encrypted at the column level can be performed when accessing the corresponding data. In a further aspect of the present invention, the encryption key for block level encryption / decryption and the encryption key for column level encryption / decryption may be different from each other.

In a further aspect of the invention, the encryption module 240 may generate an encrypted data value based on a data value (plain text value). The encryption module 240 can determine the encryption function based on the encryption information included in the encryption key, and generate the encrypted data value using the encryption function that operates based on the data value.

The encryption key may include at least information related to the encryption mode, an encryption data type, and length information of the data. The encryption mode may include, for example, DES (Data Encryption Standard), AES (Advanced Encryption Standard), ARIA, Twofish and SEED as described above.

The encryption key can be used for encryption and decryption. The encryption function may include an encryption algorithm that can change the plain text into a cipher text. The encryption function may refer to the encryption key when performing encryption and decryption. The encryption key may be stored in the database server 120 or may be stored outside the database server 120. Also, for additional security, the encryption key may be encrypted and stored via a master key. This master key can have a global value for one system. The master key may be stored in an external storage medium or in the database server 120. An encryption (decryption) technique according to an aspect of the present invention may be made up of a combination of various encryption algorithms, encryption keys, and / or encryption options (whether or not to use an initialization vector, etc.).

The encrypted data may be stored in the persistent storage medium 140 with a password comparison code generated based at least in part on the value of the one or more data and the location information on the persistent storage medium 140 where the value of the data is to be stored have. That is, the password comparison code can be used to verify the integrity of the decrypted text. Such a password comparison code may include a hash value generated using a hash algorithm such as, for example, a secure hash algorithm (SHA), MD5, or the like.

In a further aspect of the invention, the hash algorithm may be adapted to match the encrypted data value based at least in part on the data values of the data table and the location information of the data values (e.g., location information in the persistent storage) A hash value can be generated. The location information may include at least one of a row identifier and a column key. For example, a row identifier (rowid) may be based, at least in part, on the location at which the data value on the data block is to be written.

If the hash value is not used, the insider having the legitimate access right can obtain the encrypted data value and store the encrypted data value at a position different from the original position in the data table. In this case, since the decrypted data value of the encrypted data value is output as a valid data value, the database server 120 can not detect the modulation of the data. By matching the hash value to the encrypted data value, the database server 120 can detect the modulation of the data. However, when the hash value is simply based on the plaintext of the data, the insider having the legitimate access right obtains the encrypted data value and the matched hash value, and stores the decrypted data Value is valid and the hash value based on the decrypted data value is the same as the hash value based on the data value (plaintext data value), whether or not the data is tampered with can be detected. However, the hash value according to an embodiment of the present invention may be based at least in part on the storage location of the encrypted data. Accordingly, the database server 120 according to an embodiment of the present invention for attacking the storage location of the data as described above stores the hash value based on the decrypted data value and the storage location of the decrypted data value, It is possible to detect the change of the position of the valid encrypted data value.

Figure 3 illustrates an exemplary flow diagram of a data store and index build process in accordance with one embodiment of the present invention.

The operations in FIG. 3 may be performed by the database server 120. The encryption and decryption operations in FIG. 3 may be implemented transparently and automatically for the client 110.

The order of the flowcharts shown in FIG. 3 may be variable depending on the implementation, and some orders may be added or some orders may be omitted.

The transceiver module 210 may receive a data store request (305). The data storage request here may refer to a request to write (insert and / or update) data to the DB. The transmission / reception module 210 may forward the corresponding data storage request to the storage module 280 (310).

The storage module 280 may determine 315 whether the corresponding column of the table in which the data is to be stored is an encrypted designated column, according to a predetermined (e.g., client's) schema. In addition, according to a predetermined schema, the storage module 280 may determine whether the corresponding column of the table in which data is to be stored is an indexed column (320). In one aspect of the invention, steps 315 and 320 may be performed independently or atomically. If the corresponding column of the table in which the data is to be stored is an encrypted designated column and an indexed column, the storage module 280 decides to store the data in the persistent storage medium 140, (325). ≪ / RTI >

The encryption module 240 may perform column-level encryption on the data based on a predetermined encryption algorithm (330). As described above, column level encryption means to encrypt a value for any data belonging to the corresponding column (i.e., the encrypted designated column). For example, the value for the specific data in the encrypted column can be encrypted in the form "% $! G # &".

The encryption module 240 may pass 340 the storage request to the persistent storage medium 140 for the encrypted data after the encryption is complete. For example, such a store request and encrypted data may be stored in the buffer cache of the memory of the database server 120. Data encrypted at the column level, for example, by a background process, may then be stored in the data segment of the persistent storage medium 140. Thus, in response to a write (including update) request for data, data encrypted in a manner transparent to the client may be written 350 to the persistent storage medium 140, via the process described above.

Referring to FIG. 3, in connection with building an index for data, the encryption module 240 may forward the decryption request for the encrypted data to the decryption module 250 (335). For example, the encryption of the data in step 330 may be performed at the front end of the database server 120. Therefore, since the index build is performed in the backend of the database server 120, it is necessary to decrypt the encrypted data in advance in order to perform the index build process.

In one aspect of the present invention, the decryption module 250 may perform column-level decryption on the data based on the encryption information for the column-level encrypted data from the encryption module 240 (345 ). That is, the decryption module 250 may decrypt one or more data encrypted at the column level to generate one or more decrypted data.

As described above, for example, in the case of an index build (e.g., insert data), the decryption module 250 decrypts the encrypted data by the encryption module 240 before the encrypted data is written to the persistent storage medium 140 The decryption module 250 can perform decryption on the encrypted data obtained from the memory. In another example, in the case of an update of the index, the decryption module 250 may perform decryption on the encrypted data by obtaining the encrypted data from the persistent storage medium 140. [ The encryption / decryption method can be performed based on the encryption / decryption method described in FIG.

Referring back to FIG. 3, the decryption module 250 may forward the index build request for the decrypted data to the build module 260 (355).

The build module 260 may generate an index table based on the decrypted data (360). In one aspect of the invention, the build module 260 may generate an index table based, at least in part, on the size attribute for the column in which the one or more decoded data is to be stored. Also, the build module 260 builds an index table based on at least one of a B-tree index method, a bitmap index method, and a function based index (FBI) technique. can do.

In one aspect of the present invention, the build module 260 may forward the encryption request for the index table built after the index build is completed to the encryption module 240 (365).

The encryption module 240 may perform block level (e.g., table space level) encryption on the built index table (370). The encryption module 240 may then pass 375 a disk save request for the index table encrypted at the block level. The index table encrypted at the block level, for example, by a background process, may then be stored as an index segment of the persistent storage medium 140. Thus, through the manner described above, an encrypted index table can be built that allows index range scanning.

In a further embodiment of the present invention, when a data update request is received, the database server 120 performs an index scan and / or an index lookup process, which will be described below with respect to FIG. 4, Data update and index update can be implemented through the build process.

4 illustrates an exemplary flow chart for an index scan and lookup process in accordance with an embodiment of the present invention.

The operations in FIG. 4 may be performed by the database server 120. FIG. The encryption and decryption operations in FIG. 4 may be implemented transparently and automatically for the client 110.

The order of the flowcharts shown in FIG. 4 may be variable depending on the implementation, and some orders may be added or some orders may be omitted.

The transceiver module 210 may receive an index lookup request (405). The index inquiry request may be, for example, an index range scan request. The transceiver module 210 may forward the index inquiry request to the scan module 270 (410).

The scan module 210 may perform processing for an index lookup request. The scan module 270 may also pass an index scan request (415) so that the encrypted index table may be loaded into the memory from the persistent storage medium 140. The transfer of such an index scan request may be integrated into a single process.

In response to the index scan request, the index table encrypted at block level from the persistent storage medium 140 to the decryption module 250 may be loaded 420. The loading of this encrypted index table may be loaded block by block from the persistent storage medium 140.

The decryption module 250 may decrypt the index table encrypted at the block level to generate the decrypted index table (425). The decryption module 250 may forward the decrypted index table to the scan module 270.

The scan module 270 may perform an index scan on the decoded index table (435). The index scan in this specification may mean a process of performing a scan on an index to find a column key and / or a row ID for the index. In the present specification, the index lookup may refer to a process of finding a value (i.e., a record) of data corresponding to a rowid of a column in a scanned index.

The scan module 270 may forward the index scan results to the query module 290 (440). The inquiry module 290 may then generate and deliver a data value inquiry request according to the index scan result values (i.e., the column key and the row ID) (445).

In this case, data encrypted at the column level from the persistent storage medium 140 may be loaded (450). The decryption module 250 may decrypt the data encrypted at the column level (455). The decoded data may be transmitted to the inquiry module 290 (460). In addition, the inquiry module 290 may generate a result value for the index inquiry and forward it to the transmission / reception module 210.

In a further aspect of the invention, in the case of a process for index updating, an index scan process (e.g., steps 405 through 435) may be performed after step 320 in FIG. 3, as described above.

According to a further aspect of the present invention, if the indexed table includes all the encrypted columns, the index scan and index lookup may be completed by decoding the index table encrypted at the block level.

As described above, since the index table is not encrypted / decrypted on a column-by-column basis and encryption / decryption is performed on a block-by-block basis, index range scanning can be efficiently performed while securing data security. In an encryption / decryption scheme according to an aspect of the present invention, a single key search, a range search, and a composite key search for a secured database may be allowed .

Figure 5 illustrates an exemplary flow diagram for a data query process in accordance with one embodiment of the present invention.

The operations in FIG. 5 may be performed by the database server 120. FIG. The decryption operations in FIG. 5 may be implemented transparently and automatically for the client 110. FIG.

The order of the flowcharts shown in Fig. 5 may vary depending on the implementation, and some orders may be added or some orders may be omitted.

As shown in FIG. 5, the transceiver module 210 may receive 510 a data inquiry request from a client, for example. The transmission / reception module 210 may forward the data inquiry request to the inquiry module 290 (520).

The inquiry module 290 may process the inquiry request and forward 530 the data inquiry request so that the encrypted data corresponding to the inquiry request may be loaded from the persistent storage medium 140.

The column-level encrypted data corresponding to the inquiry request may then be loaded (540). The decryption module 250 may decrypt the data encrypted at the column level to generate decrypted data (550). The decryption module 250 may transmit the decrypted data to the inquiry module 290 (560).

The inquiry module 290 processes the decoded data (or without processing), generates a data inquiry result value, and transmits the data inquiry result value to the transmission / reception module 210 (570).

6 illustrates an exemplary encryption scheme in which data and indexes are encrypted and stored in the persistent storage medium 140 according to one embodiment of the present invention.

As shown in FIG. 6, the persistent storage medium 140 may include a data segment (or table segment) 610 and an index segment 620. Here, the data segment is an area where the data table can be stored, and the index segment is an area where the index table can be stored. That is, different areas of the persistent storage medium 140 may be allocated depending on whether the object is a (data) table or an index.

According to one aspect of the present invention, block level encryption is performed on the index table, and column level encryption is performed on the data table.

According to an aspect of the present invention, when loading index level encrypted data and block level encrypted data from the persistent storage medium 140 to the DBMS 130 (i.e., memory), decryption may be automatically performed. Also, when data and indexes are stored from the DBMS 130 (i.e., memory) to the persistent storage medium 140, encryption may be automatically performed. Thus, security management in a transparent manner to the client can be made possible through the above-described technical features.

Since the data segment 610 stores data in which column-based encryption is applied, the column for the name and date of birth is not encrypted, and only the column for the credit card number can be encrypted. Also, since the index segment to which the block-based encryption is applied is stored in the index segment 620, the entire index table can be encrypted and stored, as shown in FIG.

Figure 7 illustrates an exemplary flowchart for data storage and index build (or update) in accordance with one embodiment of the present invention.

Operations in Fig. 7 can be performed by the database server 120. Fig. The encryption and decryption operations in FIG. 7 can be implemented transparently and automatically for the client 110. FIG.

The order of the flowcharts shown in Fig. 7 may be variable depending on the implementation, and some orders may be added or some orders may be omitted.

The database server 120 may read 710 the one or more data encrypted at the column level from the persistent storage medium or memory. That is, column-level encryption may mean column-by-column encryption of the selected data.

The database server 120 may then generate 720 one or more decrypted data by decoding one or more data encrypted at the column level. This is because, in generating the index table, when the index table is generated based on the encrypted data, the index range scan becomes impossible. That is, in order to allow the index range scan and to secure the index, the generation of the index table may be performed based on the decrypted data (i.e., plain text data) (730).

As shown in FIG. 7, the database server 120 may encrypt the generated index table at block level (740). That is, since the index table is generated based on the decrypted data, the index table can be encrypted at the block level in order to maintain security for the index table.

The database server 120 may then store the encrypted index table in the persistent storage medium 140 (750).

That is, in the case of the encryption technique according to an aspect of the present invention, a smaller amount of data is encrypted (eventually speeding up) as compared with a technique in which both the data table and the index table are encrypted at the table space level. In addition, the encryption / decryption technique according to an aspect of the present invention is advantageous in that the index range scan can be performed when compared with the technique of encrypting the data table on a column-by-column basis (no separate encryption is applied to the index table) . In addition, since the encryption / decryption technique according to an aspect of the present invention encrypts the index table at the block level, the size attribute value for the column stored in the index table is not exposed. Therefore, . ≪ / RTI >

Figure 8 illustrates an exemplary flowchart for an index lookup according to one embodiment of the present invention.

The operations in Fig. 8 can be performed by the database server 120. Fig. The encryption and decryption operations in FIG. 8 can be implemented transparently and automatically for the client 110. FIG.

The order of the flowcharts shown in Fig. 8 may be variable depending on the implementation, and some orders may be added or some orders may be omitted.

In response to the index lookup request (e.g., an index range scan request), the database server 120 may retrieve 810 the index table encrypted at the block level from the persistent storage medium 140. Then, the database server 120 may generate a decoded index table by decoding the index table encrypted at the block level (820).

The database server 120 may perform an index scan based on the decoded index table (830). That is, since an index scan is performed based on the decoded index table, an index table according to unencrypted data can be obtained. Accordingly, the database server 120 can obtain the results (e.g., column key and row ID) according to the index scan.

The database server 120 may retrieve 840 the column-level encrypted one or more data from the persistent storage medium, which may correspond to the result of the index scan. The database server 120 may then decrypt one or more data encrypted at the column level to generate one or more decrypted data (850). Thus, by reading the value (record) of such decrypted data, a result value for the index inquiry request can be generated.

Thus, the encryption / decryption scheme described above (i.e., a combination of column-level encryption and block-level encryption) can allow efficient protection of data while allowing index range scans.

Those skilled in the art will appreciate that the various illustrative logical blocks, modules, processors, means, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be embodied directly in electronic hardware, (Which may be referred to herein as "software") or a combination of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends on the design constraints imposed on the particular application and the overall system. Those skilled in the art may implement the described functionality in various ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.

The various embodiments presented herein may be implemented as a method, apparatus, or article of manufacture using standard programming and / or engineering techniques. The term "article of manufacture" includes a computer program, carrier, or media accessible from any computer-readable device. For example, the computer-readable medium can be a magnetic storage device (e.g., a hard disk, a floppy disk, a magnetic strip, etc.), an optical disk (e.g., CD, DVD, etc.), a smart card, But are not limited to, devices (e. G., EEPROM, cards, sticks, key drives, etc.). The various storage media presented herein also include one or more devices and / or other machine-readable media for storing information. The term "machine-readable medium" includes, but is not limited to, a wireless channel and various other media capable of storing, holding, and / or transferring instruction (s) and / or data.

It will be appreciated that the particular order or hierarchy of steps in the presented processes is an example of exemplary approaches. It will be appreciated that, based on design priorities, certain orders or hierarchies of steps in processes may be rearranged within the scope of the present invention. The appended method claims provide elements of the various steps in a sample order, but are not meant to be limited to the specific order or hierarchy presented.

The description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features presented herein.

110: Client
120: Database server
130: Database Management System (DBMS)
140: Persistent storage
210: transmitting / receiving module
220: Index management module
230: Data management module
240: Encryption module
250: Decryption module
260: Build module
270: scan module
280: storage module
290: inquiry module
610: Data segment
620: Index Segment

Claims (13)

A database security management program stored on a computer-readable medium for causing a computer to perform the following steps,
The steps include:
Reading one or more data encrypted at a column level from a permanent storage medium or memory;
Decoding one or more data encrypted at the column level to generate one or more decrypted data;
Generating an index table based on the generated one or more decoded data; And
Encrypting the generated index table at a block level;
/ RTI >
A database security management program stored in a computer-readable medium. The method according to claim 1,
Storing the index table encrypted at the block level in the persistent storage medium;
≪ / RTI >
A database security management program stored in a computer-readable medium. The method according to claim 1,
And encrypting the generated index table at a block level,
A method according to any of the preceding claims, wherein a background process is performed when a block in memory is to be written to the persistent storage medium.
A database security management program stored in a computer-readable medium. The method according to claim 1,
Further comprising encrypting and storing the one or more data at a column level,
The step of encrypting and storing the one or more data at a column level comprises:
Storing the one or more data encrypted at the column level in a data segment of the persistent storage medium;
/ RTI >
A database security management program stored in a computer-readable medium. 5. The method of claim 4,
Wherein the column-level encryption generates a first encryption key in units of columns, the block-level encryption generates a second encryption key in units of blocks or blocks, and the first encryption key and the second encryption key are different Lt; / RTI >
A database security management program stored in a computer-readable medium. 6. The method of claim 5,
Wherein the first encryption key and the second encryption key are stored in a data dictionary (DD) of the permanent storage medium or memory,
A database security management program stored in a computer-readable medium. The method according to claim 6,
Wherein the first encryption key and the second encryption key are encrypted through a master key and stored in the data dictionary,
The master key is stored in an external storage medium or a database server.
A database security management program stored in a computer-readable medium. The method according to claim 1,
Storing the index table encrypted at the block level as an index segment of the permanent storage medium;
≪ / RTI >
A database security management program stored in a computer-readable medium. The method according to claim 1,
Wherein the step of generating the index table comprises:
Generating the index table based at least in part on a size attribute for the column in which the one or more decoded data is to be stored;
/ RTI >
A database security management program stored in a computer-readable medium. The method according to claim 1,
Wherein the step of generating the index table comprises:
A method based on at least one of a B-tree index method, a Bitmap index method, and a Function Based Index (FBI)
A database security management program stored in a computer-readable medium. The method according to claim 1,
The encryption /
And automatically performed transparently to the client of the database server,
A database security management program stored in a computer-readable medium. The method according to claim 1,
The one or more data encrypted at the column level,
Wherein the value of the one or more data and the value of the data are stored in the persistent storage medium together with a password comparison code generated based at least in part on location information to be stored,
A database security management program stored in a computer-readable medium. As a database server,
At least one or more decrypted data generated at the column level is decrypted to generate at least one decrypted data, an index table based on the at least one decrypted data is generated, and at least a block level encryption key One processor; And
A persistent storage for storing a data table including data encrypted at the column level and an index table encrypted at the block level;
/ RTI >
Database server.

Images