【作者】 樊冰；

【导师】 吕锋；

【作者基本信息】 武汉理工大学 ， 通信与信息系统， 2003， 硕士

【摘要】 电子政务被列为“信息高速公路”的五个应用领域之首，而公文流转系统是电子政务系统中重要的子系统之一，它对于提高行政效率，提高现代化管理水平，提高政府工作的透明度等具有重要意义。该系统的安全问题直接关系到国家利益，需要先进而可靠的信息安全保障，因此必须进行网络安全和应用安全两方面的设计。 本文以鄂州市电子政务系统的建设为背景，选用Lotus Domino／Notes作为软件开发平台，对公文流转系统进行了安全性的分析与设计，作者的主要工作包括以下内容： 1．分析目前网络安全的常用技术，重点研究了电子政务信息安全防御系统的功能组成，并对“三网一库”建设中的安全性问题特别是三网之间的物理隔离进行了仔细研究，提出了鄂州市电子政务系统的网络安全框架，该框架具有高扩展性、高可用性和良好的安全性。 2．结合Lotus Domino／Notes软件开发平台对公文流转系统应用安全性进行分析，研究了基于Lotus Domino／Notes的系统安全策略。在公文流转系统开发过程中，基于网状结构的设计思想，建立了网状安全设计模型并强化了其中的安全防范点。在系统设计中应用该模型能有效提高设计效率和质量，增强系统的安全性。 3．对安全访问控制模型进行研究，提出了一种适应公文流转系统的基于多数据库、工作流与角色的访问控制(MDWRBAC)模型。该模型具有以下特点：(1)引入工作流对象，根据工作流状态激活角色和委托授权，从而保证了在工作流程的各个阶段只有相应的角色才能在相应的权限下工作；(2)角色反馈信号给工作流，可以动态地改变系统的工作流流向，解决了复杂流程系统的动态授权问题；(3)将数据分为公用数据和系统数据，并彼此隔离，普通角色只能访问公用数据，不能修改系统数据，而管理角色只能访问系统数据，不能访问普通角色的数据，从而减少了系统数据冗余，提高了访问效率，更便于对系统的安全管理。实践证明，该模型能较好的满足系统对访问控制的要求。 4．在对鄂州市电子政务系统进行需求分析的基础上，确立了公文流转系统的功能模块，并在系统开发中对安全策略进行设计与研究，以收文管理模块和发文管理模块为例介绍了安全策略的具体应用与实现。 本文的研究工作在电子政务及其他信息系统的安全领域具有一定的理论和实用价值，可为信息系统的安全设计提供参考。更多还原

【Abstract】 "E-government" is always considered the premier concept in the five-field application of the "Information Superhighway" throughout of the world. Document flow system is an important subsystem of E-government, which is helpful to increase the efficiency of government’s work, improve the level of modern management, to enhance the transparency of official business. The security of government’s system has relation to the benefit of country, so it is necessary to design the securities of network and application in system.The research is under the background of construct E-government system of Ezhou. This paper adopted Lotus Domino/Notes through comparing kinds of existing development platform. Then the security problem and its design in government’s document flow system are introduced. The author’s main workings are given as follows:Firstly, the paper analyzes the command technology of network security is, takes an emphases on researching security recovery system of E-government and studying physical insulation among three networks. Then security network frame of E-government of Ezhou is presented, which is of good expansibility and usability and security.Secondly, the applying security of document flow system is analyzed with Lotus Domino/Notes that is a developing platform. The paper researches the security policy in document flow system. On the basis of the design idea of reticular formation, the security design of reticular formation is modeled and its points of keeping security are consolidated. When the model is applied in the system, the efficiency and quality of design are increased and the security is enhanced.Thirdly, this paper presents a new model called Multi-Database , workflow and role-based access control (MDWRBAC) , on the basis of full analyzing role-based access control models. The characters of MDWRBAC model are as follows. 1. The workflow object is presented. It activates the role and commissions the authorization according to the workflow state, which ensures that only the corresponding role can work with the permission in each periods of the workflow. 2. The role’s feedback signal to workflow can alter the system workflow dynamically and solve the dynamical authorization in the complex flow system. 3. Data is divided into two insulated parts: public data and system data. The common role can only access public data, moreover, the administrative role can only access system data . That ensures the system data security , lessens data redundancy and increases access efficiency. The fulfillment indicates MDWRBAC model can meet the security requirements of access control.Finally, through analyzing the demands of E-government of Ezhou. thepaper establishes the function module of document flow system. Take sending and receiving file administration systems for example, security policies are applied and realized in the system after they are researched.The research in the paper has definite theoretic and practical value in the field of security of information system. It is a useful reference for designing the security of information system.更多还原