【作者】 胡静；

【导师】 陈建勋；

【作者基本信息】 武汉科技大学 ， 计算机应用技术， 2008， 硕士

【摘要】 随着PDA等智能终端的不断普及和互联网的飞速发展,利用手机或PDA等智能终端浏览网页、上网购物越来越成为引领现代人生活的时代潮流,人们在充分享受着互联网所带来的方便和高效的同时,PDA的网络安全问题也日益突出,在PDA等智能终端上安装信息安全防火墙是大势所趋。然而,市场上却没有出现成熟的智能终端防火墙,究其原因,一方面,由于当前3G网络还没开始运行,另一方面,基于智能终端的嵌入式开发也有一定的技术难度,并受到相应开发工具的制约。针对这种情况,本文提出并设计了一个Windows Mobile操作系统下的PDA防火墙软件。本防火墙软件采用基于应用层的封包截获方法,即利用Winsock 2服务提供者接口SPI[1](Service Provider Interface)程序实现防火墙。SPI是新的Windows套接字(Windows Sockets 2.0)所引入的一种新的编程接口。利用这种技术可以在Socket中插入一层,从而可以完成诸如封包截获、传输质量控制、扩展TCP/IP协议栈、URL过滤及网络安全控制等功能。本文首先从PDA智能终端的操作系统和防火墙技术谈起,从课题研究的意义到国内外研究发展的现状,继而引入了PDA所面临的安全问题及合适的解决方法。接着,介绍了信息安全防火墙的相关技术和平台,重点分析了三种防火墙封包截获技术,在详细剖析和比较SPI、TDI、NDIS技术后,针对PDA的自身特点,选择运用SPI技术截获封包。在此基础上,本文详细叙述了本防火墙软件的总体框架结构,并在后续章节分别阐述各个功能模块的具体设计和实现过程。最后通过系统测试和分析提出了本系统的改进方案。更多还原

【Abstract】 Thanks for the fast innovation of intelligent handheld communication technologies for PDA and the World Wide Web, the cutting edge applications like handheld based web page browse and online shopping are leading people towards a much more flexible and interesting future, which enables people to enjoy the fast and convenient services brought by the World Wide Web; while at the same time, it is an absolute industrial trend that protector like information security firewall be installed on handheld terminals due to the out coming network security risk issues. While unfortunately, as a matter of fact, mature network information firewalls for intelligent handheld terminals are not seen in the market, for the reasons below:1. 3G network is not been commercial launched;2. It is still a difficult task to develop embedded applications for intelligent handheld terminals, which is limited by the related developing utilities.For the reasons above, a firewall solution for Windows Mobile based PDA is raised and given by this dissertation. The firewall application adopts encased package capture means on application layer, which uses Winsock 2 SPI[1](Service Provider Interface) to realize network firewall facilities. SPI is a new programming interface introduced by Windows Sockets 2.0, and by using this new technology, programmers are allowed to insert a new layer in Socket, which enables the functions as encased package capture , transmission quality control, extended TCP/IP protocol stack as well as URL filter and network security control.This dissertation covers from research meaning to the existing research situation globally. And it starts from intelligent handheld terminal OS and firewall technology, and introduces the network information security issues of PDA and the corresponding solution. Besides this, platform and technology of this information security firewall design are also introduced, and as a dedicated application for PDA, SPI based encased package capture is adopted after deep analyisis and comparison amaong SPI, TDI as well as NDIS, considering the unique features of PDA. Based on these fundamental understandings, this dissertation discussed the infrastructure and general architecture of this firewall application, and the design and realization of each functional module are expatiated in different chapters. And at last, optimized solution of this application is given by careful system test and analysis.更多还原