【作者】 周明中；

【导师】 孙林夫；

【作者基本信息】 西南交通大学 ， 计算机应用技术， 2003， 硕士

【摘要】 区域资源优化配置平台基于网络，达到优化配置区域内资源，利用区域优势提升企业竞争力的目的。因为平台是基于Internet构建的，可能受到来自Internet的各种攻击，平台本身和平台数据的安全直接关系到企业对平台的信任程度。信任是提供服务的基础，安全是平台正常工作的保障；另外资源优化配置平台不同于一般的企业网站，对安全配置有特殊要求，所以有必要对平台安全机制深入研究。 本文在分析成德绵区域资源优化配置平台安全特点的情况下，提出了平台安全控制解决方案，并从系统安全和信息安全两方面制定具体的实施方案。 (1) 平台系统安全 平台系统安全是整个平台安全的基础，为平台信息安全提供了有力的支持。通过平台系统安全需求的分析，制定了平台系统安全体系结构，分别从被动防御和主动防御两方面对平台系统安全进行了具体的设计，最后从防火墙配置和入侵检测系统配置的角度，阐述了平台系统安全的具体实施方案。 (2) 平台信息安全 信息安全是平台安全的实施重点。在分析平台信息安全需求的基础上，制定了平台信息安全体系结构，分别从信息访问安全控制和信息传输安全控制这两个方面探讨了平台信息安全控制策略的计划和实施。其中平台信息访问涉及信息存储方式、信息访问权限控制、用户身份验证、密码和日志管理等诸多问题；信息传输安全主要研究信息加密传输方案的选择和实施。 最后详细阐述了用户身份验证策略中提出一种适用于平台的身份验证技术，并给予编程实现，为平台身份验证策略的实现提供支持。 本文是国家863计划项目：2001AA411320以成德绵为核心的区域现代集成制造系统开发及应用的一个组成部分，已经通过由国家863计划专家组组织的验收。更多还原

【Abstract】 The Resource Optimize Configuration Platform of Area (ROCPA) which based on network, is wanted to optimize the resource of the area and improve the competitiveness of the enterprises in the area by the area’s advantage. The platform is based on the Internet, so it should face all kinds of attacks which are from the Internet. Because Security of the platform self and the data in the platform is direct related to enterprises is trust in platform or not, Credit is the bedrock of the services and security is guarantee of area working normally. Otherwise, the ROCPA is not like the ecumenical Enterprises’ Websites, and it has special demands for the configuration of security. From all the above, we can conclude that it is very important to reach the security mechanism of the platform thoroughly.The thesis brings forward the scheme of platform security control, based on analyzing the characteristic of platform security. And then establish the implementary scheme concretely from the two sides -- system security and information security.(1) Platform System SecurityPlatform system security is the base of the platform Security, and gives strongly support to platform information security. The structure of platform system security is determined through analyzing its needs. The platform system security is detail designed from two parts: passive recovery and positive recovery. At last The detail implement plan of platform system security is expatiated from deployment of Firewall and Intrusion Detection System.(2) Platform Information SecurityInformation security is the keystone of platform security. This thesis establishes the structure of platform information security based on analyzing its needs, and probes into the plan and deployment of platform information security control strategy from two parts: information access security control and information transmission security control. Information access security is studied from several ways: information security storage, information access control, useridentity authentication, cipher key management and log management etc. The main which information transmission studied is the selection and deployment of information encryption transmission plan.From analyzing and comparing the parts of information security system, configure scheme is made out, which is established for the concrete configuration of platform information security.In the end, a kind of identity authentication technology fitted for the platform is brought forward, which is expatiated in the user identity authentication strategy. And function modules of the foregoing are implemented which is supported for the platform identity authentication strategy.This thesis serves the national 863 planned project -- "2001AA411320 regional modern integrated manufacture system development and application at the core of Chengdu, Deyang and Mianyang". The group of experts organized of national 863 plan has checked and accepted the project.更多还原