中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
一个内部网络安全保障系统的设计与实现
作者: 陈伟锋
答辩日期: 2001
专业: 计算机应用技术
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: 身份认证 ; 授权 ; 目录服务 ; 代理 ; 公私密钥 ; 票据 ; 角色
摘要: 安全问题正成为网络的热点问题,人们在想方设法保护内部网络免受外部攻击的同时,似乎缺乏对内部网络安全的足够重视。但“家贼难防”,内部网主机间直接相连,内部员工熟知资源的访问控制,在内部网络中传输的数据双缺少加密保护。所有这些使得在内部网中,敏感信息更容易泄露,存在更多的安全威胁。同时随着内部网服务应用的增加,用户所拥有的登录用户名和密码日渐增多,容易造成遗忘或混淆;应用管理员也在用户变更时维护其在各个应用中的权限,保持一致。无论用户或系统管理员,都希望有一套安全的,有效的机制来保障内部网络系统的正常动作。本文提出的安全保障系统就是为了解决上述的两个问题:在保护内部网敏感信息加密传输的同时,提供用户一次性身份认证,也使得系统员能更简便、更有效地管理和维护用户在各个应用中的权限。文章首先通过一个具体的案例,引入内部网存在的安全隐患。安全保障系统要实现的功能和总体设计正是基于这个需求而产生的。在介绍了总体模块划分后,本文从认证和授权两个角度详细阐述了系统的实现和运行情况。最后,文章对整个系统的做了一个简要的评价并提出了改进的意见。
英文摘要: Network Security has become a concerned problem. While people try to protect their Network against outside attacks, they pay little attention to internal security. But it is not easy to detect the inside threats. Because of the following reasons, internal security deserves adequate attention. Internal hosts are easy to connect directly. Employees are familiar with the access control to the internal resources. Classified information translated through Intranet is seldom encrypted and easy to be disclosed. With the increase of the Intranet Applications, users have to remember more usernames and passwords, which are often forgotten or confused. Application administrators also have to maintain the users' rights when users' identities are changed. So a secure and efficient system is necessary to both the users and the application administrators to guarantee the perfect operation of the Intranet System. Secure Internal System (SIS) presented in the thesis is to solve these problems. While protecting the classified information translated through Intranet, SIS provides the users a single sign-on. Application administrators can also manage and maintain users' rights efficiently in SIS. Beginning with a particular case, hidden threats of Intranet are introduced, followed by the objects and general design of the SIS. After the discussion of the function modules, we describe the implementation and operation of SIS in detail from Authentication and Authorization aspects. Brief evaluation and improvement comments is presented at last.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/7320
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW004441.pdf(1503KB)----限制开放-- 联系获取全文

Recommended Citation:
陈伟锋. 一个内部网络安全保障系统的设计与实现[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2001-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[陈伟锋]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[陈伟锋]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace