【作者】 王昌晶；

【导师】 薛锦云；

【作者基本信息】 江西师范大学 ， 计算机软件与理论， 2004， 硕士

【摘要】 信息安全在银行、电信、政府机关大型软件系统中的重要性愈来愈显突出，这些领域的软件系统对安全性要求极高。由于信息安全对国民经济的影响日益加深，研究信息安全的关键技术，尤其是基础理论及其实际应用尤其显得重要和紧迫。本文拟研究信息安全的两大基础理论，其一是密码学，现代信息安全的基石是密码学，包括传统密码学，对称密码学，非对称密码学，消息摘要，数字签名，公开密钥基础设施PKI，SSL：其二是密码协议，它是应用密码学，使用密码协议可以对保证网络通信协议的认证性、秘密性、完整性和非否认性，这对于大型软件系统十分重要。本文对密码协议采用形式化方法进行分析和验证，这是一种严格而有效的方法。在此基础上，将给出一个基于J2EE大型电子银行应用系统的安全体系结构模型，为银行、电信、政府机关大型软件系统的安全提供保障。 针对上述研究目标，本文主要进行了以下工作： (1)研究密码学和信息安全的基本理论和关键技术 (2)针对安全协议分析和设计的困难性，对现有的安全协议形式化分析和验证方法进行了分析比较 (3)使用形式化方法BAN逻辑分析验证NSSK协议，针对NSSK协议的一个缺陷提出了改进方法，并对该协议进行了优化 (4)使用形式化方法Kailar逻辑分析CMP协议，并指出了Kailar逻辑的特点及局限性 (5)研究核心Java安全模块及其类库 (6)针对“没有整体安全设计和安全部署，即无计算机信息安全可言”这一论断，使用面向对象语言Java，提出一个基于J2EE的四层电子银行应用程序的安全体系结构模型更多还原

【Abstract】 Information security’s significance is more and more prominent in the software system of bank, telecom and government, it requires very high security. Because information security increasingly affect economy deeply. research to its key technolgies, especially its basic theory and application is of importance and pressure. This thesis focus on its two basic theory, one is cryptography , it is a foundation of modern information security; the other is security protocol, its aim is ensure authentication security integrity and non-repudiation of network communication protocol , and it is very important to software system. What’s more, this thesis use formal method to analyze and verify security protocol , formal method is regraded as a strict and valid method. Then we will present a security architecture model of e-bank application system based on J2EE, it provides guarantee to software system of bank, telecom and government. According to these research aims, this paper mainly conduct following works: (1)Research basic theory and key technologies of cryptography and information security(2)According to the difficulty of security protocol analysis and design, we discuss formal methods of security protocol at present(3)Using BAN logic analyze NSSK protocol, according to a deficiency of NSSK protocol we pose a improving method , and optimize it(4)Using Kailar logic analyze CMP protocol and point to its characteristic and limitation(5) Research core Java security module and its class libraries(6)According to the judgment that "if no overall security design and deploy there is no computer information security", we pose a security architecture model founding on four layers e-bank application system更多还原