【作者】 吴远成；

【导师】 戴宗坤； 曲斌；

【作者基本信息】 四川大学 ， 电子与通信工程， 2003， 硕士

【摘要】 随着各种信息电子化和政府上网、电子政务等项目的实施，对Web网页内容的访问控制和内容保密的需求越来越明显。本文探讨了采用X.509的电子证书机制，利用SSL技术，对用户进行强认证，采用X509电子证书的认证系统，是公认可靠的认证机制，其安全性是建立在牢固的数学基础上，经过多年的使用始终没有失效，本文还从系统实施的角度考察了SSL技术所面临的攻击，说明了采用X509证书的SSL技术设计合理，抗攻击性强；同时，利用RBAC的方法，对希望访问某种资源的用户进行基于角色的访问控制，RBAC方法，即基于角色的访问控制方法，这种访问控制方法，是计算机安全专家经过研究多种访问控制方法，包括现在仍普遍使用的自主访问控制和强制访问控制的基础上提出的，这种访问控制方法既能保证集中管理，又能使管理开销降低。通过身份认证和访问控制的方法，可以对内部信息实施有效的保护，并在某国家机关信息系统上实现了这种机制。本文可作为机关、公司上网后，对Web网页内容进行强认证和授权的技术参考。更多还原

【Abstract】 With the development of digitalization of information and the advance of electronic government, there is an increasing requirement for classified access and content confidential of web pages. This article discusses a method of strong authentication, taking advantage of X509 technologies and SSL mechanism, to offer user identification. The authentication mechanism using X509 certificates is well known robust mechanism to identify communication entities. Its security is based on well founded mathematics theories. After so many year’s usage, it still works fine. This article also inspected the attacks that SSL will face, showing that it is well designed and can stand various kinds of attacks. Meanwhile, I introduce RBAC method to fulfill the need for role based access control. The RBAC method, also called Role Based Access Control method, is introduced by security experts after intensive researches over the access control methods including that are widely used nowadays, such as DAC and MAC. It can give administrators ability of centralized control as well as reduce the cost of management .Through the adoption of X509 certificate mechanism and RBAC access control, we can effectively protect internal information. A implementation of a hypothesis entity is demonstrated. This article can provide a reference to a schema that deploy authentication and authorization to web pages of entities like government departments, companies.更多还原