【作者】 刘伟峰；

【导师】 陈怀义；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2003， 硕士

【摘要】 随着计算机和网络技术的飞速发展及广泛应用，人们的生活方式和工作方式也随之改变，但也带来了许多的安全问题，信息安全已成了人们研究的重点。信息安全工具包正是解决信息安全问题的基础，我们基于面向对象技术开发了自主版权的信息安全工具包CIST(Chinese Information Security Toolkit)，它能够提供各种信息安全服务。 在开发CIST的过程中，本人主要设计并实现了消息机制和密钥管理两大部分。 在CIST中，完成和实现PKI功能的有七类对象：设备对象、用户对象、上下文对象、证书对象、密钥集对象、信封对象及会话对象。消息管理机制是CIST中内核的重要组成部分，它负责整个系统中各对象之间的联系以及访问对象时的一些相关检查。在CIST中，各对象之间以及外部与内部之间的通信是通过消息来实现的，而消息的管理和转发则通过消息管理器来完成。消息机制的实现使得系统内部与用户应用程序完全分离，极大地提高了系统的安全强度。 密钥管理包括密钥的产生和密钥的存储、备份及恢复等。密钥的管理遵循了国际上通用的标准和规范，支持密钥以文件、DBMS、HTTP以及LDAP四种形式的存储备份。此外，为了保证运行时敏感数据在内存中的安全，还设计了系统的内存管理方式。 信息安全工具包CIST的设计和实现，对我国在信息安全方面提供了有力的支持，并且，由于信息和网络使用的广泛性，它将会有广阔的应用前景和重要的社会经济效益。更多还原

【Abstract】 Life and working style changes with the rapid development and deployment of computer and network-technologies, however, it brings many security problems. Information security thus becomes the focus of current research. Information security toolkit is just the key to these information security problems. Based on object-oriented techniques we developed self-copyrighted Chinese Information Security Toolkit (CIST), which provides various information security services.In this project, we designed and implemented key management and message mechanism.There are seven types of objects that implement PKI functions. They are: Device Object, User Object, Context Object, Certification Object, Keyset Object, Envelop Object and Session Object. Message management mechanism is the principal part of CIST kernel. It is responsible for communications among objects and checking related to object access in the systems. In CIST, communications among objects and communication between system internals and system externals are implemented via messages. Meanwhile, message management and forwarding are implemented in message manager. This kind of message mechanism implementation makes system internals isolated from user application completely, thus greatly enhanced system security.Key management includes key generation and key storage, backup and restore. Key management follows general specification and standards of this fields that support key storage backup methods in the form of files, DBMS, HTTP and LDAP. Furthermore, system is designed to have its own memory management method in order to secure runtime sensitive data in memory.The designing and implementation of CIST provides powerful support for information security of our nation. What’s more, due to the generosity of information and network deployment, CIST might have profound application perspective as well as social economy benefit.更多还原