【摘要】：在互聯網爆炸式發(fā)展的今天,網絡成為人們日常生產生活中必不可少的一部分。一直以來,人們往往過于強調網絡服務質量的提高,側重于服務類別全面、操作便捷、處理高效等用戶能夠直接感受到的網絡服務的要求,忽視了對于安全的考量和評價,從而無法根本上為用戶提供一個安全可靠的網絡環(huán)境。因此,近年來有學者將安全防護質量的概念引入到人們的視野,旨在將安全問題作為一個關鍵性要素進行研究和分析,摒棄單一考慮某個安全威脅的傳統思維,綜合性對用戶所處系統或所在網絡的安全問題進行分析,給出整體性評價結果。這就使得安全問題不再停留在理論研究分析,而是像QOS一樣成為日常網絡服務中的一個常規(guī)性參考項。以此為背景,本文主要的工作如下： 1、對安全防護質量評價的具體算法進行了研究。安全防護質量作為網絡安全領域的新概念,其目的在于尋找一套可度量、可量化的指標對系統的安全情況進行有效的評估,滿足日益復雜網絡環(huán)境下的安全需求。結合所研究問題難定量的特點,本文提出了采用層次分析法作為評價的基礎算法,建立了改進的基于層次分析法的安全防護質量的評估模型,考慮到近年來語音系統的迅速發(fā)展,本文以會話初始化協議(Session Initiation Protocol,SIP)環(huán)境為案例進行具體分析,明確了具體的評估模型及參數。 2、研究、分析了安全防護質量與訪問控制相結合的具體方法。訪問控制是網絡系統實現安全管理的重要手段,而安全防護質量是系統的天然屬性,兩者關系密切。因此,本文將安全防護質量與基于屬性的訪問控制模型相結合,提出了基于安全防護質量的訪問控制模型,并給出了安全策略的設計方案,為用戶及網絡提供更為可靠的防護手段。 3、本文在上述理論分析的基礎上,搭建了SIP系統,給出了在SIP環(huán)境下的基于安全防護質量的訪問控制模型系統的設計方案和實現,更加靈活、有效的進行了訪問控制。
[Abstract]:In the explosive development of the Internet today, the network has become an essential part of people's daily production and life. All along, people always put too much emphasis on the improvement of the quality of network service, focusing on the comprehensive service category, convenient operation, high efficiency and other network service requirements that users can directly feel, ignoring the consideration and evaluation of security. Therefore, it is impossible to provide a secure and reliable network environment for users. Therefore, in recent years, some scholars have introduced the concept of the quality of safety protection to people's horizons, in order to study and analyze security as a key factor, and to abandon the traditional thinking of considering a single security threat. A comprehensive analysis of the security problems of the system or the network in which the user is located is carried out, and the overall evaluation results are given. This makes the security problem no longer stay in the theoretical research and analysis, but like QOS as a regular reference in daily network services. Based on this background, the main work of this paper is as follows: 1. The specific algorithm of safety protection quality evaluation is studied. As a new concept in the field of network security, the purpose of the security protection quality is to find a set of measurable and quantifiable indicators to effectively evaluate the security situation of the system, and to meet the security needs of the increasingly complex network environment. Combined with the difficult quantitative characteristics of the problems studied, this paper presents an improved evaluation model of safety protection quality based on analytic hierarchy process (AHP), which adopts AHP as the basic algorithm of evaluation, and establishes an improved evaluation model of safety and protection quality based on AHP. Considering the rapid development of voice system in recent years, this paper takes session initialization Protocol (Session Initiation Protocol,SIP) environment as a case to analyze and clarify the specific evaluation model and parameters. 2. The concrete method of combining security protection quality with access control is studied and analyzed. Access control is an important means to realize security management in network systems, and the quality of security protection is a natural attribute of the system, which is closely related to each other. Therefore, this paper combines security protection quality with attribute-based access control model, puts forward an access control model based on security protection quality, and gives the design scheme of security policy. To provide users and the network with more reliable means of protection. 3. On the basis of the above-mentioned theoretical analysis, this paper builds the SIP system, and gives the design scheme and implementation of the access control model system based on the quality of security protection under the SIP environment, which is more flexible and effective for access control.
【學位授予單位】：北京郵電大學
【學位級別】：碩士
【學位授予年份】：2015
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前6條

1 王小明;付紅;張立臣;;基于屬性的訪問控制研究進展[J];電子學報;2010年07期

2 程相然;陳性元;張斌;楊艷;;基于屬性的訪問控制策略模型[J];計算機工程;2010年15期

3 林闖;王元卓;任豐原;;新一代網絡QoS研究[J];計算機學報;2008年09期

4 林闖;肖巖平;王元卓;曾榮飛;;網絡保護質量研究[J];計算機學報;2008年10期

5 李發(fā)澤;胡鋼墩;;基于層次分析和模糊數學的網絡安全評價模型[J];寧夏工程技術;2006年04期

6 呂武玲;黎忠文;;SIP中基于身份認證的安全機制研究[J];計算機技術與發(fā)展;2009年02期

，

本文編號：2464810