【作者】 严芬；

【导师】 陈崚； 殷新春；

【作者基本信息】 扬州大学 ， 计算机应用技术， 2002， 硕士

【摘要】 分布式多层应用系统是由传统的C/S和B/S结构发展而来的，它是目前应用发展的方向。分布式多层应用系统的优点是：易维护、易管理、灵活性强、扩展性好、安全性强、对象可重用、资源利用率高，而且系统的开发效率高。 近年来对分布式技术领域的研究很广泛，研究的内容包括软件体系结构、分布式数据库、开发技术、开发方法等等。在信息安全技术正在发挥着关键性作用的当今网络信息时代，对网络安全体系及安全技术的研究已经进入到一个崭新的阶段，并且出现了很多安全产品。然而，关于分布式多层应用系统的安全性问题却很少有人对它进行专门的研究。分布式系统中，整个系统处于分布式环境下，它的安全性问题比单机应用系统的安全性问题更为复杂。分布式结构中有许多不同的组件，而这些组件之间是相互联系的，它们之间有很强的互操作性，一个组件在调用其它组件提供的服务的同时，也可能正在被其它组件调用。而且，提供服务的企业对象不应该能够被任何人使用，而是只有经过授权的人才能使用授权的企业对象。另外，系统可能会让内部人员以及Internet/Intranet上的用户同时访问系统提供的服务，这也必须考虑系统的安全访问控制问题。由此可以看出，考虑分布式多层应用系统的安全问题的必要性。 针对分布式系统良好的应用前景，及其安全性问题的重要性，我认为研究分布式多层应用系统及其安全机制具有很重要的现实意义。本文以基于Microsoft的COM/DCOM/COM+分布式对象技术的分布式多层体系结构为核心，对分布式多层应用系统的发展及其研究现状进行了分析，简要介绍了分布式多层应用系统中的组件技术、组件安全、组件通讯协议等内容，并对目前比较流行的几种分布式对象技术进行了比较。在给出分布式多层应用系统构建的一般方法以后，对分布式多层应用系统的安全保障机制进行了研究和探索，提出了一个全面的、逐层保障的分布式多层应用系统的安全模型，此安全模型提出从操作系统安全、网络安全、服务器安全、应用程序安全、数据库安全以及企业安全管理与计算机病毒防范等多个层次、多个方面保障分布式多层应用系统的安全性，并提出了将分布式对象技术本身的安全性与其它安全技术相结合的思想。本文提出的安全模型对于开发安全的分布式多层应用系统具有一定的指导意义。另外，作者还对与本文相关的安全技术，如密码技术、证书技术、基于角色的访问控制技术等作了简单介绍。并且，在我们提出的安全模型的基础上，及在对有关安全技术了解的前提下，给合实际应用环境的特点，我们开发了一个基于以COM/DCOM/COM+技术为核心的分布式多层结构的、具有强扬州大学硕士学位论文大的安全保障机制的安全公文流转系统。本文在对系统的总体结构和功能进行介绍之后，重点给出了该系统的安全保障机制。参照前面我们给出的安全模型，我们从物理安全、平台安全、网络安全、应用层安全、数据安全以及安全管理与病毒防治方面保障了安全公文流转系统的安全性，并在文中详细地阐述了木系统是如何将基于CA的安全认证技术、基于角色的访问控制技术、COM/DCO叨COM+安全模型以及智能审计安全模型综合运用到系统中去的，并且作者还对系统的特点及性能作了一个评价。最后，作者对分布式多层应用系统和其安全性研究的发展作出了展望。更多还原

【Abstract】 Distributed multilayer application system is developed from traditional C/S and B/S architecture.And it is the development direction of the current application. The advantage of the distributed mulitlayer application system architecture is that the system can be maintained and managed easily, the flexibility and expansibility can be added, the security of system can be strengthen,object can be reused, resource using rate is high and the system development rate is high.There are many researches about the distributed technology area, and the research contents including the following: software system architecture, distributed database,development technology,development methods,etc.In these days of network information,information security technology is playing the key role. The researches of network security system and security technology have been entered a brand-new phase, and many security productions have been come forth.But the security problem of distributed multilayer application system is rarely has special researches. In distributed system, the whole system lies in distributed envionment, and its security is more complex than stand-alone application system. There are many components with different functions in system, and these components contact and operate each other. When one component is calling the service provided by the other component, it maybe used by another one. Moreover, we don’t wish that everyone can use the business object which provide different services. Only the person who has the privilege can use the business object. In addition, it may be allowed that the inside personnel and the Internet/Intranet user can use the system service in the same time. From the point above, we can see the necessity of considering the security problem of distributed mulitlayer application system.For the cause of the favorable application foreground of distributed system and the importance of its security, I think that do some researches about distributed multilayer application system and its security have very important practical meaning. This paper make the distributed multilayer system architecture based on the COM/DCOM/COM+ distributed objec technology of Microsoft as its core. In this paper, the development course and the research status quo of distributed multilayer application system is analysed, the component technologies and the security of components and communication protocol of components in distributed multilayerapplication system are simply introduced, several popular distributed object technologies are compared. After the usual construction way of distributed multilayer application system is given, the security guarantee methods of distributed multilayer application system is explored and researched. We put forward a systemic,full-scale and step by step guaranteed security model of the distributed multilayer application system. This model guarantee the distributed multilayer application system from the following: operation system security, network security, server security,application program security,database security, security management and computer virus prevention. In this paper, the author put forward the idea of combining the security of distributed object technology and the other security technologies. This security model have guidance significance of developing the security distributed multilayer application system in som degree. In addition, the cipher technology, the certificate technology and RBAC technology are simply introduced also. On the basic of our security model and under the precondition of knowing some security technique, we combine the characteristic of actual application envionment and developed a secure archives system of electronic government. The secure archives system is constructed on the structure of distributed multilayer system with COM/DCOM/COM+ technology as its core and has an very strong security guarantee system. After introducing the whole architecture and function of this system,we give the system security guarantee mechanism as an emphases. Refe更多还原