【作者】 白朝阳；

【导师】 刘晓冰；

【作者基本信息】 大连理工大学 ， 企业管理， 2010， 博士

【摘要】 信息保密一直都是我国理论界和实业界关心的热点研究领域,产品信息作为企业知识创新的重要载体之一,其安全保密管理关系到企业的生存和发展。随着企业信息化的深入发展,产品信息贯穿产品全生命周期,表现为动态性、异构性、分布性的特点,产品信息保密管理的难度和复杂度大大提高,传统的产品信息保密管理方法在产品信息动态、实时的保密管理方面显得乏力,这要求人们从新的视角来审视企业产品信息保密管理,建立满足PLM需求的产品信息保密管理系统。本文针对企业产品信息保密管理存在的问题,在分析和研究国内外信息保密管理理论及其在企业应用现状的基础上,结合我国企业保密管理的实际需求,应用系统化、集成化的管理思想,研究了产品信息保密管理体系和相关技术方法。论文分析了企业产品信息保密管理的内涵,建立了面向信息保密的产品信息模型和产品信息资产模型,并分析了PLM环境下产品信息保密的特征和产品信息保密管理的需求,以此为基础构建了产品信息保密管理的体系结构,分析了产品信息保密管理的层次结构和功能结构,提出了产品信息保密管理的关键技术,并根据系统集成的实际难点,提出基于系统过滤的系统集成模型。从降低产品信息保密管理复杂度的角度,提出面向系统边界的产品信息保密控制方法。根据企业产品信息保密管理的现状和相关国际标准,建立产品信息保密系统边界模型,通过对产品信息保密系统边界的控制对象进行安全性分析,建立系统边界控制对象概念模型、基于系统边界的层次化威胁模型和面向过程的系统边界安全约束模型。在上述研究基础上,提出产品信息保密系统边界操作控制方法,包括基于规则的边界操作控制方法和基于约束关联的系统边界操作控制方法,通过上述方法,实现产品信息边界操作动态、实时控制,防止产品信息泄密。研究面向保密管理的产品信息跟踪方法。通过建立产品信息状态模型,分析产品信息流动过程中的信息状态变化,建立面向过程的产品信息状态跟踪模型,实现产品信息位置跟踪；通过分析产品信息流动过程中信息间的关系,建立基于向量空间的产品信息拓扑结构模型,并对信息拓扑结构树进行形式化处理,实现产品信息关系跟踪。该方法为实现产品信息边界操作控制提供了必要的决策支持,是实现产品信息保密集成管理的基础。以PMI模型为基础,从企业全局的角度研究面向过程控制的PMI授权管理方法。在分析PLM环境下权限管理的过程动态性基础上,对系统约束进行了层次划分,给出了系统约束集成模型,建立了基于T-RBAC的访问控制模型；针对企业对机密信息保密的特殊需求,利用基于T-RBAC的访问控制模型,提出了企业机密信息访问控制管理方法,着重研究机密信息保密管理的流程和特殊控制机制与方法；根据上述研究,将T-RBAC模型引入PMI角色模型,提出基于T-RBAC的PMI授权管理方法。该方法在保持原PMI模型优点基础上,能够实现基于角色、任务、角色和任务的3种访问控制,为企业信息保密管理提供保障。将论文研究成果与工程实际结合,根据企业产品信息保密管理现状和具体管理需求状况,建立产品信息保密管理的系统软件原型及相应系统架构、功能等,给出了系统分析、系统设计方法,并对系统软件原型进行测试和分析。产品信息保密管理方法及其信息支持系统的研究,为产品信息保密管理的应用提供了一组基础性方法,有利于推动产品信息保密管理理论与实践的发展,对现阶段我国企业具有现实意义。更多还原

【Abstract】 Information security is focused by both academic researchers and enterprise practitioners, and Product information is one of carrier with knowledge innovation in an enterprise,whose security management is important for enterprises development.With the development of enterprises information construction, the period of product information security management covers the whole product life, which increases the difficulty and complexity of management. Traditional product information management method becomes weak in dynamic and real-time product management, while it is an opportunity to the innovation of product information security management to build up the system of product information security management for PLM.To deal with some problems in the product information security management, on the basis of analyzing the information security theories and application status in enterprises, according to the ideas of system theory and integration theory, a product information security management system framework and its implementation techniques are studied in the dissertation with different engineering methods.The contents of product information security management are analyzed, and the paper builds product information model and product information assets model for security management. The product information security management framework structure is proposed based on analyzing the features and requirement of product information security management in PLM environment, which includes hierarchy structure and functional structure. And then the paper presents the key technologies of Product information security management and a system integration model based on filtering system according to the real difficulties for system integration process.From the reduced complexity of perspective, a system boundary control method for product information security is proposed. By building the system boundary model, the security management objects in the system boundary are analyzed. And then a concept model for system boundary controlling objects, a hierarchical threat model based on system boundary and a security constrain model for system boundary controlling process are proposed. And on the base of the above models a system boundary control method for product information security management is presented including a system boundary operation control method based on rules and a system boundary operation control method on constrain relationships, which can achieve the dynamic, real-time control and prevent leakage of product information.The method of controlling and managing product information flow is proposed. By analyzing the change characters in product information business process in PLM environment, a condition describing model of product information is presented, which realizes that dynamic conditions of product information can be tracked. Thus, a querying and tracking method for processes of product information based on information topologic structure Model is proposed through the relation study among product information, product information topologic structure and vector spaces, which realizes the process of locating and tracking quickly. The method provides the necessary decision support for product information security boundary operation control, and it is the base of product information security management.From the overall view of enterprises an authorization management for process control based on PMI model is researched. By analyzing dynamic process of access control in PLM and hierarchical system constrains, an access control model based on T-RBAC is built. And to deal with special protection requirement for sensitive information, an access control method for sensitive information of enterprises is presented, which focuses on special control method for sensitive information managing process. According to the above study, by introducing T-RBAC model into PMI role mode a PMI security management method based on T-RBAC is proposed, which can support information security management with three ways of access control including access control based on role, task and role and task.Combining the study result and security management situation in enterprise, an information system software prototype based on the product information security management conditions and requirements for enterprises is established including system framework,function model, system analysis method, system design method and system implementation method, which is tested and analyzed. The study of product information security management method and its support system is favorable to promoting information security management theory and practice with practically significant to enterprises.更多还原