本文選題：Web服務(wù)　切入點(diǎn)：可信計(jì)算　出處：《國(guó)防科學(xué)技術(shù)大學(xué)》2014年碩士論文

【摘要】：在網(wǎng)絡(luò)和計(jì)算機(jī)技術(shù)迅猛發(fā)展的形式下,Web服務(wù)因其應(yīng)用靈活以及與用戶的動(dòng)態(tài)實(shí)時(shí)交互的特點(diǎn),被越來(lái)越多的平臺(tái)所應(yīng)用。特別是在一些關(guān)鍵領(lǐng)域如金融、政務(wù)等系統(tǒng)都將Web服務(wù)作為行業(yè)的主要平臺(tái)�？梢哉f(shuō)Web服務(wù)的出現(xiàn)為人們的生產(chǎn)和生活帶來(lái)了前所未有的便捷。與此相對(duì)應(yīng)的是,隨著Web服務(wù)應(yīng)用的不斷擴(kuò)展和深化,Web服務(wù)日益突出的安全問(wèn)題成為其繼續(xù)應(yīng)用、發(fā)展的瓶頸。傳統(tǒng)的信息安全技術(shù)或因防御滯后,延誤了防御的最佳時(shí)機(jī);或因檢測(cè)技術(shù)復(fù)雜,增加了系統(tǒng)的復(fù)雜性,降低了系統(tǒng)使用效率。都難以有效保障信息的安全�；谝陨媳尘�,本文研究了Web服務(wù)的基本架構(gòu)、協(xié)議體系、安全需求及Web服務(wù)傳統(tǒng)安全機(jī)制,通過(guò)分析傳統(tǒng)安全機(jī)制的缺陷及不足,認(rèn)為在傳統(tǒng)被動(dòng)防御的思想下,通過(guò)病毒識(shí)別、防火墻、入侵檢測(cè)等外防為主的手段和技術(shù)已無(wú)法應(yīng)對(duì)越來(lái)越多源自系統(tǒng)內(nèi)部的威脅的實(shí)際情況,進(jìn)而提出借鑒可信計(jì)算主動(dòng)防御的思想,通過(guò)信任根和信任鏈的構(gòu)建和延伸,改造Java虛擬機(jī),構(gòu)建可信保障框架,從終端接入的源頭建立安全體系,來(lái)保障信息服務(wù)的安全。相關(guān)工作和創(chuàng)新點(diǎn)如下:(1)借鑒可信計(jì)算的思想及其關(guān)鍵技術(shù),構(gòu)建信任根和信任鏈,并將傳統(tǒng)的信任根和信任鏈拓展、延伸到應(yīng)用層,并在此基礎(chǔ)上構(gòu)建了服務(wù)的可信保障框架。(2)通過(guò)對(duì)Java虛擬機(jī)運(yùn)行機(jī)制和模塊組成及安全性分析,擴(kuò)展標(biāo)準(zhǔn)JVM模塊,設(shè)計(jì)實(shí)現(xiàn)可信增強(qiáng)的Java虛擬機(jī),并基于可信增強(qiáng)的Java虛擬機(jī)研究了基于Java語(yǔ)言的Web服務(wù)安全增強(qiáng)技術(shù)。(3)著重研究了可信增強(qiáng)Java虛擬機(jī)的服務(wù)發(fā)布、加載時(shí)、運(yùn)行時(shí)可信度量技術(shù)和安全可信審計(jì)技術(shù)的設(shè)計(jì)與實(shí)現(xiàn)。在此基礎(chǔ)上圍繞可信增強(qiáng)技術(shù)的安全性目標(biāo),對(duì)惡意軟件或病毒的篡改、入侵者攻破系統(tǒng)對(duì)系統(tǒng)的日志內(nèi)容進(jìn)行刪除等案例進(jìn)行了安全性分析。文章在最后構(gòu)造了相關(guān)測(cè)試用例,對(duì)實(shí)現(xiàn)的可信增強(qiáng)Web服務(wù)進(jìn)行了安全性測(cè)試,分析了安全增強(qiáng)實(shí)施的性能影響。
[Abstract]:With the rapid development of network and computer technology, Web services have been used by more and more platforms because of their flexible application and dynamic real-time interaction with users, especially in some key fields such as finance. Government affairs and other systems regard Web services as the main platform of the industry. It can be said that the emergence of Web services for people's production and life has brought unprecedented convenience. With the continuous expansion and deepening of Web service application, the increasingly prominent security problems become the bottleneck of its continuous application. Traditional information security technology has delayed the best time of defense because of the lag of defense, or because of the complexity of detection technology. The complexity of the system is increased, and the efficiency of the system is reduced. It is difficult to ensure the security of information effectively. Based on the above background, this paper studies the basic architecture, protocol architecture, security requirements and traditional security mechanism of Web services. By analyzing the defects and shortcomings of the traditional security mechanism, the author thinks that under the traditional passive defense thought, through the virus identification, the firewall, Intrusion detection and other external defense methods and techniques can no longer cope with more and more threats from within the system, and then put forward the idea of active defense of trusted computing, through the construction and extension of trust root and chain of trust. In order to guarantee the security of information service, the Java virtual machine is reformed, the trusted guarantee framework is constructed, and the security system is established from the source of terminal access. The related work and innovations are as follows: 1) drawing lessons from the idea of trusted computing and its key technologies. The trust root and the trust chain are constructed, and the traditional trust root and trust chain are extended to the application layer. On this basis, the trusted guarantee framework of the service is constructed. (2) by analyzing the running mechanism, module composition and security of the Java virtual machine, the trust root and trust chain are extended to the application layer. Extend standard JVM module, design and implement trusted enhanced Java virtual machine, and research Web service security enhancement technology based on Java language based on trusted enhanced Java virtual machine. Design and implementation of runtime confidence measurement and security trusted audit technology. Based on this, the tampering of malicious software or virus around the security goal of trusted enhancement technology, This paper analyzes the security of the intrusion attack system by deleting the log contents of the system. In the end, the paper constructs the related test cases, and tests the security of the implemented trusted enhanced Web service. The performance impact of security enhancement implementation is analyzed.
【學(xué)位授予單位】：國(guó)防科學(xué)技術(shù)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.09

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 沈昌祥;張煥國(guó);王懷民;王戟;趙波;嚴(yán)飛;余發(fā)江;張立強(qiáng);徐明迪;;可信計(jì)算的研究與發(fā)展[J];中國(guó)科學(xué):信息科學(xué);2010年02期

2 譚良;徐志偉;;基于可信計(jì)算平臺(tái)的信任鏈傳遞研究進(jìn)展[J];計(jì)算機(jī)科學(xué);2008年10期

3 毛承品;范冰冰;龍燦;;基于協(xié)同的web服務(wù)安全模型構(gòu)建及實(shí)現(xiàn)[J];計(jì)算機(jī)系統(tǒng)應(yīng)用;2007年09期

4 龔豫鄂;方家騏;;Web服務(wù)安全體系結(jié)構(gòu)研究[J];計(jì)算機(jī)工程與設(shè)計(jì);2006年13期

5 嚴(yán)毅,寧葵,唐天兵;Web服務(wù)的安全技術(shù)[J];微機(jī)發(fā)展;2005年09期

，

本文編號(hào)：1666149