()DavidC.KnoxScottG.GaetjenDavidC.Knox,ScottG.Gaetjen,etal.AppliedOracleSecurity:DevelopingSecureDatabaseandMiddlewareEnvironmentsEISBN:978-0-07-161370-5Copyright©2010byTheMcGraw-HillCompanies,Inc.AllRightsreserved.Nopartofthispublicationmaybereproducedortransmittedinanyformorbyanymeans,electronicormechanical,includingwithoutlimitationphotocopying,recording,taping,oranydatabase,informationorretrievalsystem,withoutthepriorwrittenpermissionofthepublisher.ThisauthorizedChinesetranslationeditionisjointlypublishedbyMcGraw-HillEducation(Asia)andTsinghuaUniversityPress.ThiseditionisauthorizedforsaleinthePeople'sRepublicofChinaonly,excludingHongKong,MacaoSARandTaiwan.Copyright©2011byMcGraw-HillEducation(Asia),adivisionoftheSingaporeBranchofTheMcGraw-HillCompanies,Inc.andTsinghuaUniversityPress.-()()©2011-()01-2010-0581McGraw-Hill010-6278298913701121933(CIP)Oracle/()(Knox,D.C.)()(Gaetjen,S.G.).—2011.7AppliedOracleSecurity:DevelopingSecureDatabaseandMiddlewareEnvironmentsISBN978-7-302-25632-8.O….………….Oracle.TP311.138CIP(2011)096077Ahttp://www.tup.com.cn100084010-62770175010-62786544010-62776969c-service@tup.tsinghua.edu.cn010-62772015zhiliang@tup.tsinghua.edu.cn18526036.759412011712011711~400069.00DavidC.KnoxEffectiveOracleDatabase10gSecurityByDesign(McGraw-Hill2004)OracleOTN(OracleTechnologyNetwork)OracleOracleDatabaseVaultOracle(Oracle)OracleOracleOracleDatabaseVaultOracle11gOracleIIOraclewkservice@vip.163.comDavidC.KnoxOracleOracleNationalSecurityGroupOracleOracleR&DOracleProtectedEnterprise&SecurityBusinessOracleInformationAssuranceCenter1995OracleKnoxCIAOracleLDAPPKIKnoxEffectiveOracleDatabase10gSecurityByDesign(McGraw-Hill2004)ThomasKyteExpertOneonOneOracle(Wrox2001)MasteringOraclePL/SQL:PracticalSolutions(Apress2003)OracleKnoxUniversityofMarylandJohnsHopkinsUniversityScottG.GaetjenOracleNationalSecurityGroupIVOracle15CIAOracleJ2EEOracleDatabaseVault2004GaetjenOracleOracleGaetjenJamesMadisonUniversityUniversityofMarylandUniversityCollegeHamzaJahangirOracleEnterpriseArchitecture2004OracleOracle10(J2EE)JahangirOracleITNortheasternGeorgetownMBATylerMuthPublicSectordivisionAPEXOracleTechnologyDaysOracleUserGroupswww.tylermuth.wordpress.comOracleTechnologyNetworkMuthAPEX5TomKyteTomkyteasktom.oracle.comPatrickSackNSGProductEngineeringOracleNationalSecurityGroupProductEngineeringOracleProtectedEnterprise&SecurityBusinessOracleConsultingOracle1988OracleSackCIAOracleSackOracleInformationAssuranceDatabaseVaultOracleOracleDatabaseVaultOracleAuditVaultOracleLabelSecurityOracleDatabaseVaultVMandatoryAccessControlBaseDynamicAccessControlsSackStateUniversityofNewYorkRichardWarkCISSPOracleEnterpriseSolutionsGroup200420022003ERP1996Oracle15OracleWarkOracleWarkComputerSciencesCorporation(CSC)ScienceApplicationsInternationalCorporation(SAIC)Oracle1991UNIXInformixDBAUniversityofTexas(SanAntonio)BryanWiseOraclePublicSectorBI2090OracleWiseOracleMidAtlanticAssociationofOracleProfessionalsOracleGovernmentUsersGroupIOUGBusinessIntelligence,WarehousingandAnalyticsSpecialInterestGroupOracleBIPublisherOracleWiseOracleBusinessIntelligenceUniversityofMarylandUniversityCollegeBrighamYoungUniversityRegisUniversityOracleOracleRichardPadScottHamzaTylerBryanOracleOracleOracleMarkTatumGlenDodsonEdwardScreven——EdMontesFredJusticeJoeMazzafroMarkLunny——VipinSamarPaulNeedhamTammyBednarSandySandy()——DavidKnoxVIIIPatrickSackGlenDodsonRayPrescottGlenRayPatrickSackScottGaetjenWilliam(Bill)MaroulisScottWilliamDatabaseVaultScottBillDatabaseVaultGlenDodsonRaymondPrescottJayGladneyJonBakkeWendyDelmolinoDavidKnoxRustyAustinGailWrightJackBrinsonChiChingChui()ChonLeiBenChangVipinSamarPaulNeedhamDanielWongKamalTbeilehAravindYalamanchiTimothyChormaFrankLeeNinaLewisMariaChenCindyLiMatthewMckerleyXiaofangWangMartinWidjajaSumitJelokaPatriciaHueyErnestChenJamesSpillerTomBestDuncanHarrisHowardSmithAndyWebberJeffSchaumullerOracleNSG(NationalSecurityGroup)OracleDatabaseSecurity()Oracle——PatrickSackScottGaetjenDavidKnoxRichardWarkPatDaviesAlKiesselMattPiermariniColinNurseJavedTabassum——HamzaJahangirOracleOracleOracleOracleOracleOracleEdwardScrevenOracleOracle1..................31.1....................................41.1.1.................................41.1.2.................................51.2.............51.3....................................81.3.1.........................91.3.2.....................................101.4...............121.4.1..............................121.4.2..................131.4.3......................141.5..................................151.5.1..............................161.5.2..............................171.5.3...........181.6..........................................182.......................212.1..............................222.1.1..........................222.1.2..............................232.1.3..................242.1.4..........................24XII2.2...........272.2.1..........282.2.2..............................282.2.3..............................292.2.4..............................312.2.5..................312.3TDE....