【作者】 邓林；

【导师】 韩江洪；

【作者基本信息】 合肥工业大学 ， 计算机应用技术， 2009， 博士

【摘要】 网络信息安全问题自网络诞生之初，就一直是一个困扰网络的建设者和使用者的难题。随着网络应用的不断普及，以及新兴网络技术的发展，网络信息安全已经越来越成为网络社会中的关键问题，成为网络研究的重点和热点。对于网络风险的科学认定、安全防护的原则制定以及安全防护的技术手段等方面展开了研究，将网络信息安全防护原则的确立和实施方法的研究看成一个完整的体系，提出的网络信息安全防护基本思想既源于实践又高于实践，对网络信息安全的防护实践具有指导意义。具体研究内容如下：1．安全评估是网络信息安全防护的始点。对国内外网络信息风险评估的发展历程进行了细致剖析，指出传统评估理论在日新月异的网络时代所存在的欠缺，安全评估领域需要更科学的安全风险评估思想。2．通过对当前网络安全风险评估和网络安全防护的深入研究，首次提出网络安全评估与实施中的“弹性闭合结构”和“无差异性标识未知因素”基本思想。弹性闭合结构基本思想：从宏观上来看构成网络安全威胁的各个方面，是以安全防护对象为中心的一种环状闭合结构。随着时间和其他各种条件的变化，这些安全威胁在闭合的环状结构中的比例、影响程度是动态可变的；相应的，安全防护对策的制定和安全措施的部署必须与这种闭合的环状结构相适应，能够根据时间及其他条件的变化而弹性适应。安全的重点不仅仅局限于严格的防护，最终目标是避灾、减损。无差异标识未知因素基本思想：在分析安全威胁的过程中，首先将所有既定的、潜在可能的、当前安全的各种威胁相关因素都统一视为“无差异标识未知因素”，并认为这些无差异标识未知因素在一定的环境和条件下其性质可在安全与非安全之间相互转化。提出的“弹性闭合结构”以解决网络安全风险评估的范围认定问题，提出的“无差异标识未知因素”以解决风险威胁的对象认定问题，并确定了无差异标识未知因素转化为风险对象的判定原则与方法。网络安全防护不是简单的层次化，而是一个弹性的闭合结构，层次化必须建立在弹性闭合结构基础之上；确定威胁对象过程中，率先以“无差异标识未知因素”作为统一的考察对象，不强行划分风险要素与非风险要素，认为无差异标识未知因素随着时间、环境、对象的变化而动态转化，以未知因素从整体上构成环状闭合结构，不存在评估的盲区和误区。同时阐明了预应式安全防护原则在安全防护上的前瞻性意义。研究了网络信息安全防护的周密性问题，将这种周密性建立在多层次弹性闭合结构的理论基础之上，提出的解决方案充分考虑到了安全策略制定过程中的潜在漏洞问题。在无差异标识未知因素思想的指导下，明确提出不要谈安全就追求“过度安全”，避免防护过当，从而避免在安全实践中不必要的资源浪费。3．信息加密和纠错是保证信息安全的重要技术手段。当信息受各种干扰而出错时，如何纠正错误并正确译出原信息是纠错码理论研究的内容，而研究码或码字的结构是纠错码理论的一个重要研究方向。探讨了码的结构研究中的一个核心问题-码的各种重量分布，研究成果不仅给出了有限环Z_p^k上码字的广度两个递归算法，而且给出了环F₂+uF₂上长为2^s的（1+μ）-常循环码的结构，并利用这个结构，确定了环F₂+uF₂上长为2^s的（1+μ）-常循环码的Hamming距离、Lee距离、Euclidean距离的分布。这些研究结果对纠错码的译码有非常重要的意义。4．对网络安全防护的实现方法开展了多方位的研究。基于多层次弹性闭合结构和无差异标识未知因素基本思想，并根据预应式和周密性原则，提出一系列技术手段和方法，并大量成功地应用于安全实践，从而佐证了弹性闭合结构和无差异标识未知因素理论的可行性。网络安全风险评估的弹性闭合结构和无差异标识未知因素思想希望从根本上科学地解决了安全风险的范围认定和对象认定问题，通过对安全风险评估的科学化、系统化的分析，并在预应式周密性原则的基础上寻求相应的技术手段，从风险认定、对策制定、技术实施为三大层面形成了比较完善的网络安全防护理论体系。更多还原

【Abstract】 The problem of network information security has been a thorny issue for network owners andusers since the birth of network. As network is more and more widely applied and newly-emergingnetwork technology develops, network information security has become the pivotal concern of thenetwork circle and drawn researchers’ most attention. Quite a number of studies focus onconfirming, evaluating, assessing and preventing the network risk. Furthermore, the correspondingcriteria and technology protection measures become more and more diverse. However, the effect isstill not so satisfactory because of the uncertainty and complex of various factors affectingnetwork security,. Therefore, the paper explores a lot about making principles on scientificconfirmation, security protection and technologic measures. Viewing the study on making andimplementing principles of network information security protection as a whole system, the authorproposes a basic idea on network information security protection. The idea derives from real workbut surpasses practice, which is of great significance to guide the protection practice in realoperations. To be specific, the research this paper presents includes the following sections:1. Security assessment is the starting point of network information security protection. Thepaper analyses the developmental process of network information risk assessment at home andabroad and points out that the object of risk assessment has varied from tangible assets tointangible assets. Defects exist in traditional assessment theories, so a more scientific idea aboutrisk assessment is badly needed.2. The study finds out the ideas about multi-layer elastic closed structure andnon-discrepancy unknown factors in network risk assessment. The author has done studies onnetwork risk assessment from many perspectives and come up with multi-layer elastic closedstructure for the improved network risk assessment model to solve the problem of confirming therisk scope. The paper demonstrates that risk factors have a kind of closed structure rather than thesimple layer structure. Moreover, the object of this creative research is non-discrepancy unknownrisk factors. All unknown factors are not divided into safe or danger objects, and the factors haveto dynamically adjust with the change of time, environment, object and so forth In this way, sothat the idea of non-discrepancy unknown factors can tackle the problem of confirmation onnetwork risk objects and also it gives rise to principles and methods of turning non-discrepancyunknown factors into risk objects.The paper also expounds principles of proaction security protection which is a new vision insecurity protection. Based on the thoroughness of the security protection which is guided by thetheory of multi-layer elastic closed structure, the paper proposes a technical plan which takes allvulnerabilities into consideration when designing security strategies. According tonon-discrepancy unknown factors, the author clearly presents the idea that "absolute security"should not be our target because in that situation overprotection would lead to the unnecessaryresource waste.3. The Error-correcting coding theory is the theoretical bases of network informationsecurity. Researches on codes and the structure of codewords are fundamental for the theory oferror-correcting codes. For measuring the complexity of a codeword, the depth of a codeword isan important mathematical character. The paper defined the width of a codeword on the finite ringZ_p^k, pointed out that the width of a codeword was the generalization of the depth of a codewordand gave two recursive algorithms for computing the Width of codewords on the finite ring Z_p^k. The paper also study three kinds of distances of（1+u）-constacyclic codes of length 2^s overthe ring F₂+u F₂. The structure of（1+u）-constacyclic codes of length 2^s over F₂+u F₂ isobtained. Using the structure of such constacyclic codes, the distributions of the Hammingdistances, Lee distances and Euclidean distances of such constacyclic codes are determined. Theresearch results have important significance for error-correcting coding.4. The paper researches on solutions to network information security protection fromdiverse aspects. On the basis of ideas on multi-layer elastic closed structure and non-discrepancyunknown factors, the author, according to principles of proaction and thoroughness, puts forward aseries of technological measures and methods which have already been successfully applied tosecurity practice in order to construct a improved security system about theories as well aspractice.Scientifically speaking, ideas of multi-layer elastic closed structure and non-discrepancyunknown factors solve problems of confirmation on both scope and object. Furthermore,principles of proaction and thoroughness determine the direction and tendency of securityprotection principles. Through scientific and systematic analysis of risk assessment and on thebasis of corresponding technological measures, a better theoretical system of security protection isformed on three levels: confirming risks, making countermeasures and implementing technology.更多还原