【摘要】：隨著互聯(lián)網(wǎng)和軟件行業(yè)的迅猛發(fā)展，，企業(yè)的信息化需求不斷增加，軟件的購買和運營費用越來越高，SaaS應(yīng)運而生，它通過Internet將軟件以服務(wù)的形式提供給客戶，客戶只要按需租用即可。SaaS模式可以降低企業(yè)運行成本，提高管理效率，為企業(yè)信息化提供了高品質(zhì)，低價位的新選擇。然而，隨著SaaS平臺的廣泛應(yīng)用，安全問題也隨之而來。由于近年來數(shù)據(jù)泄露事件頻發(fā)，給企業(yè)帶來巨大的損失，因此，企業(yè)在選擇SaaS時，首先考慮的就是安全問題能否得到保證，這也是SaaS運營商面臨的主要問題。 本文首先對SaaS平臺存在的安全問題進行了簡單的介紹，并對數(shù)據(jù)安全的相關(guān)技術(shù)：HTTPS、SSL、數(shù)字證書、數(shù)字簽名等進行了簡單的闡述。然后，主要分析了SaaS平臺數(shù)據(jù)傳輸和數(shù)據(jù)存儲存在的安全問題。對于數(shù)據(jù)傳輸問題，主要分析了HTTP傳輸協(xié)議存在的安全隱患，對于數(shù)據(jù)存儲問題，主要分析了由于SaaS多租戶引發(fā)的數(shù)據(jù)隔離問題以及數(shù)據(jù)明文存儲所存在的安全問題。 通過對SaaS平臺數(shù)據(jù)傳輸和存儲問題的分析和研究，提出了SaaS平臺數(shù)據(jù)傳輸安全和存儲安全問題的解決方案。對于數(shù)據(jù)傳輸安全問題，采用基于HTTPS的傳輸方案，使用SSL來確保數(shù)據(jù)的傳輸安全。然后，采用重定向的方案實現(xiàn)HTTPS安全傳輸。對于數(shù)據(jù)存儲安全問題，首先分析了三種數(shù)據(jù)隔離方案，最后選擇了共享數(shù)據(jù)庫，共享架構(gòu)的方案，并在其基礎(chǔ)上提出了對核心字段分割的方案。然后選擇了以字段為加密粒度，對DBMS外層進行加密的方案，基于MD5和DES加密技術(shù)，對敏感數(shù)據(jù)進行加密，在數(shù)據(jù)庫中以密文保存，從而保證數(shù)據(jù)存儲安全。最后，通過應(yīng)用實例驗證了方案的可行性。
[Abstract]:With the rapid development of the Internet and software industry, the information demand of enterprises is increasing, and the purchase and operation costs of software are increasing. SaaS emerges as the times require, and it provides software to customers through Internet. The SaaS model can reduce the operation cost, improve the management efficiency, and provide a new choice of high quality and low price for enterprise informatization. However, with the wide application of SaaS platform, security problems also follow. Because of the frequent data leakage events in recent years, it brings huge losses to enterprises, so when enterprises choose SaaS, the first consideration is whether the security can be guaranteed, which is also the main problem faced by SaaS operators. In this paper, the security problems of SaaS platform are introduced briefly, and the related technologies of data security, such as HTTPS,SSL, digital certificate, digital signature, etc., are briefly described. Then, the security problems of data transmission and data storage in SaaS platform are analyzed. For the problem of data transmission, this paper mainly analyzes the hidden security problems of HTTP transport protocol, and the problem of data isolation caused by SaaS multi-tenancy and the security problem of data plaintext storage for data storage. Based on the analysis and research of data transmission and storage in SaaS platform, the solution of data transmission security and storage security in SaaS platform is put forward. For the security of data transmission, the transmission scheme based on HTTPS is adopted, and SSL is used to ensure the security of data transmission. Then, the redirect scheme is used to realize HTTPS secure transmission. For the problem of data storage security, three kinds of data isolation schemes are analyzed firstly. Finally, a scheme of sharing database and shared architecture is selected, and a scheme of core field segmentation is put forward on the basis of this scheme. Then we choose the scheme of encrypting the outer layer of DBMS with field as encryption granularity. Based on MD5 and DES encryption technology, we encrypt sensitive data and save it in database with ciphertext, so as to ensure the security of data storage. Finally, the feasibility of the scheme is verified by an application example.
【學位授予單位】：西安電子科技大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP309.2;TP393.09

【參考文獻】

相關(guān)期刊論文 前10條

1 秦曉霞;李文華;羅劍芬;;探討數(shù)據(jù)庫加密技術(shù)[J];電腦知識與技術(shù);2008年18期

2 溫靜;任鑠;;SaaS模式下的信息安全探討[J];電腦知識與技術(shù);2009年18期

3 劉國萍;劉建峰;譚國權(quán);;多租戶SaaS服務(wù)安全技術(shù)研究[J];電信科學;2011年S1期

4 儲晨曦;王純;李煒;;基于LAMP架構(gòu)的Web權(quán)限控制組件的設(shè)計與實現(xiàn)[J];電信工程技術(shù)與標準化;2012年09期

5 任艷芳;;基于橢圓曲線密碼(ECC)的數(shù)字簽名技術(shù)[J];硅谷;2013年12期

6 胡華平,陳海濤,黃辰林,唐勇;入侵檢測系統(tǒng)研究現(xiàn)狀及發(fā)展趨勢[J];計算機工程與科學;2001年02期

7 裴瑩;徐俊剛;;基于服務(wù)的企業(yè)標準化培訓平臺[J];計算機應(yīng)用與軟件;2010年01期

8 謝億民;;互聯(lián)網(wǎng)和軟件融合成就SaaS[J];軟件世界;2006年15期

9 宋國江;;SaaS:信息安全新途徑[J];軟件世界;2007年15期

10 莫展宏;;國內(nèi)外SaaS模式的發(fā)展現(xiàn)狀分析[J];商場現(xiàn)代化;2012年07期

本文編號：2390554