| 一个内部网络安全保障系统的设计与实现 |
| 陈伟锋
|
| 专业 | 计算机应用技术
|
| 2001
|
| 学位授予单位 | 中国科学院软件研究所
|
| 学位 | 博士
|
| 学位授予地点 | 中国科学院软件研究所
|
| 关键词 | 身份认证
授权
目录服务
代理
公私密钥
票据
角色
|
| 摘要 | 安全问题正成为网络的热点问题,人们在想方设法保护内部网络免受外部攻击的同时,似乎缺乏对内部网络安全的足够重视。但“家贼难防”,内部网主机间直接相连,内部员工熟知资源的访问控制,在内部网络中传输的数据双缺少加密保护。所有这些使得在内部网中,敏感信息更容易泄露,存在更多的安全威胁。同时随着内部网服务应用的增加,用户所拥有的登录用户名和密码日渐增多,容易造成遗忘或混淆;应用管理员也在用户变更时维护其在各个应用中的权限,保持一致。无论用户或系统管理员,都希望有一套安全的,有效的机制来保障内部网络系统的正常动作。本文提出的安全保障系统就是为了解决上述的两个问题:在保护内部网敏感信息加密传输的同时,提供用户一次性身份认证,也使得系统员能更简便、更有效地管理和维护用户在各个应用中的权限。文章首先通过一个具体的案例,引入内部网存在的安全隐患。安全保障系统要实现的功能和总体设计正是基于这个需求而产生的。在介绍了总体模块划分后,本文从认证和授权两个角度详细阐述了系统的实现和运行情况。最后,文章对整个系统的做了一个简要的评价并提出了改进的意见。 |
| 其他摘要 | Network Security has become a concerned problem. While people try to protect their Network against outside attacks, they pay little attention to internal security. But it is not easy to detect the inside threats. Because of the following reasons, internal security deserves adequate attention. Internal hosts are easy to connect directly. Employees are familiar with the access control to the internal resources. Classified information translated through Intranet is seldom encrypted and easy to be disclosed. With the increase of the Intranet Applications, users have to remember more usernames and passwords, which are often forgotten or confused. Application administrators also have to maintain the users' rights when users' identities are changed. So a secure and efficient system is necessary to both the users and the application administrators to guarantee the perfect operation of the Intranet System. Secure Internal System (SIS) presented in the thesis is to solve these problems. While protecting the classified information translated through Intranet, SIS provides the users a single sign-on. Application administrators can also manage and maintain users' rights efficiently in SIS. Beginning with a particular case, hidden threats of Intranet are introduced, followed by the objects and general design of the SIS. After the discussion of the function modules, we describe the implementation and operation of SIS in detail from Authentication and Authorization aspects. Brief evaluation and improvement comments is presented at last. |
| 页数 | 57
|
| 语种 | 中文
|
| 内容类型 | 学位论文
|
| URI标识 | http://ir.iscas.ac.cn/handle/311060/7320
|
| 专题 | 中科院软件所_中科院软件所
|
推荐引用方式
GB/T 7714 |
陈伟锋. 一个内部网络安全保障系统的设计与实现[D]. 中国科学院软件研究所. 中国科学院软件研究所,2001.
|
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论