节点文献
信息安全评估标准的研究与信息安全系统的设计
Research on the Evaluation Criteria for IT Security & Design of Information Security System
【作者】 陆浪如;
【导师】 南相浩;
【作者基本信息】 解放军信息工程大学 , 军事情报学, 2001, 博士
【摘要】 信息安全是一门融合现代密码学、计算机网络安全和保密通信理论的综合交叉性新兴学科。它具有艰深的理论课题和广泛的应用需求。本文从理论探讨和实际应用两个方面对其进行了研究。论文第一部分(1-4章)较系统完整地搭建了信息安全的理论基础框架;本文首先应用Simmons认证理论对信息系统的相对安全性做了理论推证。通过分析研究信息安全的基本要素,引入了Parker的信息安全新构架。系统分析了安全模型的基本原理与方法,推广了面向对象系统安全模型的定义,提出了一种基于零知识证明的安全模型构想。在较全面地研读了CC标准和CEM后,从安全评估方法、评估原理、评估保证、评估过程和评估结论等方面对通用信息安全评估标准做了综合介绍。第二部分(第5章)从应用层文件加密签名、终端保护和Web加密传输等方面综合考虑,给出了一个实用的信息安全保密工程的系统设计方案;其中包括网络文件加密与签名系统NF_E&D、微机保护与计费系统PC_P&C和Web网页保密系统Web_SPP,每个都可作为独立的应用安全系统,综合起来可以构成功能较齐全、安全机制较完善的安全保密工程系统,此外文中还提出了针对最新数据加密标准AES的高速加密卡设计方案和一种公开公钥的密钥管理体系建议。
【Abstract】 Information Security is a new integrative intersectional subject inosculate with modem cryptograph, computer network Security and secrecy communicate theory. It has abstruse theoretic topics and widely applied requirement. I study it from two sides: discussing in theoretic and application in factual. Part 1 (Chapter 1 - 4) establishes theoretic basic framework of Information Security in systematically and integrally. I make a demonstration in theory for comparative security of information system with Simmons authentication theory. We introduce new information security framework of Parker through analyzing and studying basic elements. Systematically analyzed basic principle and method of security models, extend the definition of the security model which toward object, give a assumption of security model base on the proof of zero-knowledge. After read CC and CEM roundly, synthetically introduced the Common Criteria for IT security evaluation from the Common Evaluation Methodology, evaluation principle, evaluation assurance, evaluation process and evaluate conclusion. In Part 2 (Chapter5)I give a design of security information system, which synthetically considered files encryption and digital signature on application layer, terminal protection and web secret transformation, the scheme contains the Net files Encryption and Digital signature system (NP_E&D), Personal Computer Protect and Counter system (PC P&C) and the Web Web Secure Proxy to Proxy system (Web SPP), each of them can used as independence security application system, It also can compose an security secrecy engineering system with more security functions and more security mechanism when use them synthetically. And there give a design of high speed encrypt card for the Advanced Encryption Standard?AES and a key management system proposal of public public-key system.