【作者】 孟庆华；

【导师】 丁永生；

【作者基本信息】 东华大学 ， 控制理论与控制工程， 2008， 博士

【摘要】 Internet已经演化成一个巨大的服务网络、事务性网络。人们通过Internet享受着这个庞大网络带来的方便,也忍受着与之俱来的窃听、泄密甚至黑客攻击。因此,人们采取了各种各样的安全技术来保护网络、重要设备及机密数据,迫切希望改变拥塞不堪、漏洞不断的网络现状,能使无中心控制的Internet变得安全有序,能在某些智能机制的调控下有弹性有约束地提供有质量保障的网络服务。众所周知,人类社会是一个高度智能的发达的服务网络。它有着局部的结构自治,不同的国家政权维护着某一地域的社会秩序。但从整个世界范围看,这些众多的“异构网络”保持着和谐的兼容性。随着虚拟地球村的形成,世界的经济、生活、服务等早已跨越不同的国家政权组成全球性的“社会联盟”,这种社会联盟显示出在大规模事务管理方面社会智能特性:无中心的动态自适应控制、具有一定可信度的社会信誉评估保障体系和动态均衡特性,这些都为建立可信、可靠、可扩展性的新一代Web服务提供重要的借鉴机理。本论文就是借鉴了这些智能调控机理来控制Web服务的动态事务特性,建立了Web服务动态安全保障体系。首先,我们对Web服务的现状、发展趋势和安全需求作了综述,提出建立可信、可靠、可扩展的Web服务安全目标,指出人类社会的有关安全管理机理对Web服务的动态服务保障和安全管理特性有天然的启迪。根据人类社会的分层次事务、逻辑控制机制,规划了Web服务智能安全控制框架。以后,各章分别对每个分层进行了相关安全机理的研究。社会智能是人类社会进化过程中产生的趋利避害自我保护的逻辑智能。受人类社会智能的启发,设计了网络信息流安全环检测模型,对有关安全闭环机理进行了深入研究和仿真试验对照。并根据此模型开发了安全环防火墙监控技术和三因素身份认证技术。邮局服务是人类社会中普遍存在的跨国家和地区的普适事务。根据社会邮局服务,设计了Web服务流安全集成模型,提出了Web服务事务安全闭环算法和Web服务安全监管闭环算法,并结合相关的安全规范,讨论了Web服务事务安全闭环策略(WS-TRing)、信息流安全闭环策略(WS-Ring)的实现方法。小世界网络是人类社会中普遍存在关系网络、资源网络、信息网络,根据小世界模型设计了可信Web服务的管理及组织模型。详细讨论了其内在机制和实现原理,并且作了有关的仿真试验,验证了Web服务的负载均衡、可信可控的有关机理。社会联盟和社会免疫特性是人类社会大系统之间表现出的自我约束、自我调节的安全自适应特性,通过社会联盟间的彼此协同和对自然灾难的免疫特性,人类社会保持着整体的安全协调和自我免疫。根据此原理,设计了有关的Web服务入侵协同检测及攻击源反向追踪、事务恢复方法,并且设计了一个初步的原型系统加以讨论。最后,对全文研究内容进行了总结,指出研究工作中存在的不足,明确了下一步的研究方向。更多还原

【Abstract】 Internet already evolved to a huge service network and business network.People are enjoying convenience that Internet brings,and endure the interception,secret-divulging and attacks that come with.Therefore,people have adopted various security technologies to protect the network and the secret data.People earnestly hope to change network situation, which includes loopholes,commutation jam,viruses and Trojans,and make the non-center control Internet to become order and safety,automatic controlling,and auto-adapting under certain safety mechanisms.It is well known that the human society is an advanced intelligently developed service-network.It has the partial structure self-government,which maintains predominating in a certain region.But in the entire world scope,these multitudinous "isomerous networks" form a harmonious hybrid collectivity.Along with the formation of virtual earth village,the economy,the life,and the environment of the whole world and so on already bridge over the state power,which makes the entire human society to show more and more social intelligent features in the large-scale regulative scope at business.These features include non-central adaptive control characteristic,the social prestige appraising and safeguarding characteristic at the certain trusty level and the social network expanding characteristic.They can provide an important model mechanism for the establishment credible,reliable,expansible extended and auto-adapted network.As one main service on Internet,Web service not only prevents various network threats,but also protects the credibility,the reliability,the stability and the security for the services.This thesis mainly profits from the human society network certain regulative mechanisms to maintain security,highly effective,stable business characteristics for Web service.First,we make the exhaustive summary to the present situation,the development tendency and the security requirements of Web service,and then propose the credible,reliable, the expandable security goal for Web service.We try to make the related security control mechanism of the human society to map the control for Web service,giving some enlightenment in the service safeguard and security management.The security control frame for Web service intelligence is proposed according to business security logic control mechanism of human society in administrative levels.The frame includes four kinds of different dynamic security safeguard mechanism for Web serves,which are elaborated carrying out in the next chapters.The social intelligence is the logical intelligence which is produced in human society evolution process to protect oneself and minimize losses.The closed-security-ring model for network information flow is designed inspired by the human society intelligence,which is proved with the related experimental comparison.And according to the above the model, closed-security-ring firewall monitoring technology and three factors security authentication technology based on IPv6’s flows mark have been proposed.The post office service is a universal business in the human society,which exists cross different country and local general.According to the post office service,the security integrated model for Web service flows is designed,and closed-security-loop managing algorithm for Web service is proposed.According to the above model,business-security-channel isolates the technology for Web service is put forward,and the business security safeguarded system is also discussed with the related Web service security standard.The small world network is a kind of society relates network,resources network, information network,that universally exists in the human society.According to the mechanism,a credible management and organization model for Web service is designed.Its management mechanism and realization principle are detail discussed,and related simulation experiment is performed to validate that Web services can be load balance,the credible and controllable in the management and organization model.The social federation and immunity characteristic is a self-restraint,self-adjustment, self-adapted characteristic evolved in the human society.Through the social coordination and immunity characteristic,the human society keeps in the whole the secure and the self-immunity state.According to the principle,Web service coordination detecting and business immunity system is designed and discussed.Moreover,a preliminary prototype system is designed to prove the flexibility of the social immunity.Finally,all the researches have been summarized,and some insufficiencies are shown. Also,the further research directions have been pointed out.更多还原