【作者】 徐晓东；

【导师】 胡正名；

【作者基本信息】 北京邮电大学 ， 密码学， 2010， 硕士

【摘要】 信息技术发展到今天,计算机和网络已经渗透到人们生产生活的每一个角落。各个组织和机构都依赖信息化系统来改善业务流程、提高工作效率。但是任何技术都是一把双刃剑,信息技术在带给人们便利的同时,也带来了安全隐患。近些年来,各个企业和组织的信息化越来越深入和广泛,但是内网和终端安全问题却没有得到相应的重视,造成数据泄密事故频增。内网安全事故轻则造成企业商业机密丢失,重则造成国家安全机密泄露,其重要程度可见一斑。从源头上看,内网安全事故可分为主动泄密和被动泄密两种类型,也就是内部泄密和外部泄密。因此,内网安全从这两个方面入手解决问题。解决主动泄密采取事前控制和事后追踪。事前控制即用户行为控制,而用户行为包括从登录到退出系统的所有操作和事件,如登录注销、网络访问、文件操作、软件使用、打印机等外设的使用等。事后跟踪即用户行为的审计。解决被动泄密,要确保数据以密文形式存储于物理介质,计算机、网络等资源必须经过授权才能访问。针对上述问题,本文研究开发了一套终端安全软件,提出了完整的解决方案。它包括主机安全代理、整盘加解密以及其它安全软件。主机代理中的功能模块实现各种控制功能,日志模块实现审计功能,消除内部威胁；整盘透明加解密和电子钥匙统一身份认证方案分别实现数据存储安全和资源授权访问,消除外部威胁。此外,鉴于终端安全软件的诸多模块使用AES进行数据加解密,为提高加解密速度,提升系统整体性能,本文设计了基于GPU的AES加解密算法。更多还原

【Abstract】 In this information era, computers and web have been penetrated in every aspect of people’s life and production. Each organization relies on information system to improve business process and raise work efficiency. But any technology is a double-edged sword. While information technology contributes to the conveniences, it brings about potential security problems as well. In recent years, the informatization process has been implemented both in depth and in width, but the security problems have not got corresponding attention. The seriousness of intranet security accidents ranges from loss of business confidential to threats of national security, which underlies the importance of security concerns.Intranet security accidents can be roughly categorized as active leaking and passive leaking, or internal leaking and external leaking, according to the leaking source. Intranet security seeks solution for the two types respectively. For active leaking, before-hand control and after-hand track are brought forward. The former implies user operation control, including login control, web control, file control, peripheral control, etc; the latter means audit of user behavior. For passive leaking, ensuring the safety of resources is needed, which is completed by data encryption and access authorization.Aiming at these problems, this paper developed a set of terminal security software, proposing a complete solution. It consists of host security monitor, disk encryption and other security software. Various functional modules in host monitor fulfill terminal control tasks. For audit, log module collects and reports all kinds of terminal behaviors. Disk transparent encryption and electronic key authorization ensure data security and access control. Besides, due to the frequent use of encryption operation in security software, this paper designed a GPU-based AES encryption algorithm since system performance is effected by encryption and decryption speed.更多还原