【作者】 潘亮；

【导师】 向宏； 陶永杰；

【作者基本信息】 重庆大学 ， 软件工程， 2007， 硕士

【摘要】 随着计算机技术、网络技术以及通信技术的发展和应用,企业信息化已成为企业实现可持续化发展和提高市场竞争力的重要保障。由于计算机网络和信息系统的开放性和脆弱性,为企业管理服务的信息系统客观地存在着已知的或潜在的安全威胁,这些安全威胁将不可避免地延伸到企业的正常运营、生产及销售等经营活动,甚至威胁到企业的生存。企业信息安全问题呈现出许多新特点,如主体的复杂化、安全信息的不完整性、安全度量的相对化、安全需求的个性化和安全措施的自适性等。传统的身份认证及访问控制技术和手段已难以解决异构协同环境中应用系统的安全问题,根本原因在于身份的可伪造性、环境的动态变化以及控制的离散性。本文以提出的任务化角色访问控制模型和企业级PKI/PMI身份认证框架为基础,结合企业层次化的组织架构,提出了一个适合企业异构系统环境中统一身份认证及逐级授权管理框架。本文的具体成果如下:①设计了任务化角色授权模型,该工作在基于角色授权的访问控制基础上完成,并增加了对企业组织层次以及工作任务分发的支持。②设计并实现了企业级的PKI身份证书和PMI属性证书的信任授权原型系统,为企业在复杂异构环境下实现了信任管理核心运行机制,通过符合Web Service规范的接口提供服务。③设计了一个任务化角色授权的信任管理框架。在应用上下文一致性检查的任务管理框架的基础上,结合企业级PKI系统的身份认证技术并增加了任务化角色授权机制来实现信任管理框架。更多还原

【Abstract】 With computer technology, network technology and communication technology development and application of information technology has become a business enterprise to achieve sustainable development and improve the market competitiveness of the important safeguards. As computer networks and information systems openness and vulnerability for enterprise information management services is the existence of an objective system known or potential security threats, these security threats will inevitably extend to the normal operation of enterprises, producing and marketing , and other business activities, and even a threat to the survival of enterprises.Enterprise information security has many new features, such as the complexity of the main security information, with the integrity of the relative safety measure, the security needs of the individual and security measures, such as self-adaptive. Traditional authentication and access control technologies and means have been difficult to resolve heterogeneous collaborative environment Application System security issues, the fundamental reason is that identity can be forged, the environment and the dynamic changes of discrete control. In this paper the task of the role access control model and enterprise-class PKI / PMI authentication framework, the level of enterprises with the organization, raised a heterogeneous system suited to the business environment in uniform identity authentication and management framework levels mandate.The concrete results of this paper are as follows:①design of the tasks mandated role model, the work authorized in role-based access control based on the completion and increased levels of business organizations and the support of distributed tasks.②designed and implemented enterprise-class identity certificates and PKI certificate PMI attribute the trust authorized prototype system for enterprises in complex heterogeneous environments under the trust management of the core operating mechanism, through the Web Service to provide a standardized interface services.③designed a task mandated role of the trust management framework. Check consistency in the application of contextual framework for the management tasks on the basis of combining enterprise-class identity authentication system PKI technology and to increase the role of the task of licensing mechanism to achieve trust management framework.更多还原