| 发明名称 | Destruction of sensitive information | ||
| 摘要 | Provided are techniques for deleting sensitive information in a database. One or more objects in a database that are accessed by a statement are identified. It is determined that at least one object among the identified one or more objects contains sensitive information by checking an indicator for the at least one object. One or more security policies associated with the at least one object are identified. The identified one or more security policies are implemented for the at least one object to delete sensitive information. | ||
| 申请公布号 | US9600685(B2) | 申请公布日期 | 2017.03.21 |
| 申请号 | US201313943574 | 申请日期 | 2013.07.16 |
| 申请人 | International Business Machines Corporation | 发明人 | Cherel Thomas;Milman Ivan M.;Oberhofer Martin;Padilla Donald A. |
| 分类号 | G06F7/00;G06F17/30;G06F21/62 | 主分类号 | G06F7/00 |
| 代理机构 | Konrad, Raynes, Davda and Victor LLP | 代理人 | Davda Janaki K.;Konrad, Raynes, Davda and Victor LLP |
| 主权项 | 1. A method, comprising: providing, using a processor of a computer, a database that includes a database catalog and a database Input/Output (I/O) layer; providing statements that include a delete secure level clause, wherein the statements comprise a DROP TABLE statement, a DROP INDEX statement, a DROP TABLESPACE statement, an ALTER TABLESPACE statement, and an ADMIN_MOVE_TABLE statement, wherein the statements are executed against the database; storing a table in the database catalog that includes a secure delete column with an indicator that indicates whether each object in the database has secure information and a security policies column storing locations of security policies for each object in the database; receiving a statement from the statements that identifies one or more objects in the database to be accessed and that specifies a level of secure deletion from among different levels of secure deletion with the delete secure level clause, wherein the level of secure deletion indicates how to overwrite the secure information; determining that at least one object among the identified one or more objects contains sensitive information by checking an indicator in the secure delete column of the table in the database catalog for the at least one object, wherein the at least one object that contains sensitive information is stored in one of a raw device, a file container or a portion of a file; identifying the security policies in the security policies column of the table in the database catalog that are associated with the at least one object and that specify details of a secure deletion procedure; selecting one or more of the identified security policies based on the level identified in the statement; and implementing the selected one or more of the identified security policies for the at least one object to delete the sensitive information by invoking, with the database I/O layer, one or more secure delete operations comprising at least one of releasing the raw device, releasing the file container or releasing the portion of the file. | ||
| 地址 | Armonk NY US | ||