【摘要】：光纖通信作為通信網(wǎng)絡(luò)的基礎(chǔ)支撐,擔(dān)負(fù)著事關(guān)國計民生的高速率、大容量信息傳輸任務(wù),也是信息傳送的重要承載主體。當(dāng)前,隨著信息時代的飛速發(fā)展,通信網(wǎng)絡(luò)的規(guī)模日趨龐大,為了實(shí)現(xiàn)通信網(wǎng)絡(luò)的高效、集中管理,各大運(yùn)營商、企業(yè)等相繼開發(fā)、建設(shè)了基于CORBA的綜合網(wǎng)絡(luò)管理系統(tǒng),以提高網(wǎng)絡(luò)運(yùn)維管理水平。由于分布式結(jié)構(gòu)的松散特性以及CORBA平臺自身的復(fù)雜性,加之與CORBA相關(guān)的安全規(guī)范滯后于網(wǎng)絡(luò)管理系統(tǒng)的發(fā)展,分布式網(wǎng)管系統(tǒng)面臨著更加嚴(yán)峻的安全問題。因此,加強(qiáng)對基于CORBA的綜合網(wǎng)絡(luò)管理系統(tǒng)安全性的優(yōu)化設(shè)計研究,提升綜合網(wǎng)管系統(tǒng)的整體安全水平,對于安全光網(wǎng)絡(luò)的建設(shè)、發(fā)展具有重要意義。本文對基于CORBA的綜合網(wǎng)管系統(tǒng)的安全性進(jìn)行了分析,介紹了幾種隱式授權(quán)攻擊方式,并在此基礎(chǔ)上提出了CORBA對象引用相關(guān)安全威脅的對策與方法。主要研究內(nèi)容和創(chuàng)新性成果如下:一是提出了一種能夠威脅CORBA對象引用過程的攻擊方式,通過對多個廠商的CORBA產(chǎn)品進(jìn)行匿名測試攻擊,證明該種通過隱式授權(quán)對對象主鍵實(shí)現(xiàn)有效測算的攻擊方法,可以較為高效地對CORBA產(chǎn)品進(jìn)行攻擊。二是提出了兩種對CORBA產(chǎn)品中對象主鍵進(jìn)行加密的算法,通過對對象主鍵進(jìn)行加密,實(shí)現(xiàn)對來自隱式授權(quán)安全威脅的有效保護(hù)。三是本文實(shí)現(xiàn)了CORBA第三方軟件的加密功能,通過對華為i Manager T2000網(wǎng)絡(luò)管理系統(tǒng)進(jìn)行加密算法的封裝,實(shí)現(xiàn)對華為i Manager T2000綜合網(wǎng)絡(luò)管理系統(tǒng)安全性能的提升,從而證明了本文提出安全性加密算法的正確性和有效性。
[Abstract]:As the basic support of communication network, optical fiber communication is responsible for the task of high speed and large capacity information transmission related to the national economy and people's livelihood, and is also an important carrier of information transmission. At present, with the rapid development of the information age, the scale of the communication network is becoming larger and larger. In order to realize the efficient and centralized management of the communication network, the major operators, enterprises and other major operators have developed one after another, and an integrated network management system based on CORBA has been built. In order to improve the management level of network operation and maintenance. Due to the loose characteristics of distributed structure and the complexity of CORBA platform, and the security specifications related to CORBA lag behind the development of network management system, distributed network management system is facing more serious security problems. Therefore, it is of great significance for the construction and development of secure optical network to strengthen the research on the security optimization design of integrated network management system based on CORBA, and to improve the overall security level of integrated network management system. In this paper, the security of integrated network management system based on CORBA is analyzed, several implicit authorization attacks are introduced, and the countermeasures and methods of CORBA object reference related security threats are put forward. The main research contents and innovative results are as follows: first, an attack method which can threaten the CORBA object reference process is proposed, through anonymous testing attacks on the CORBA products of multiple vendors. It is proved that this attack method, which can effectively measure the primary keys of objects by implicit authorization, can attack CORBA products more efficiently. Secondly, two algorithms for encrypting object primary keys in CORBA products are proposed, which can effectively protect the security threats from implicit authorization by encrypting the object primary keys. Third, this paper realizes the encryption function of CORBA third-party software. By encapsulating the encryption algorithm of Huawei I Manager T2000 network management system, the security performance of Huawei I Manager T2000 integrated network management system is improved. Thus, the correctness and effectiveness of the security encryption algorithm proposed in this paper are proved.
【學(xué)位授予單位】：國防科學(xué)技術(shù)大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.07

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 閆娟;張立仿;柴旭清;;CORBA發(fā)展及其應(yīng)用研究[J];軟件導(dǎo)刊;2009年06期

2 王文龍;徐廣輝;朱中華;;基于CORBA技術(shù)的IEC61850規(guī)約轉(zhuǎn)換裝置[J];電力系統(tǒng)保護(hù)與控制;2009年07期

3 李雅萍;楊尚森;李陽;;CORBA技術(shù)在SCA系統(tǒng)中的應(yīng)用[J];計算機(jī)工程與設(shè)計;2008年16期

4 王薇;高寶建;黃鵬宇;;基于CORBA的安全系統(tǒng)設(shè)計與實(shí)現(xiàn)[J];微電子學(xué)與計算機(jī);2006年10期

5 王育堅;劉辰;馬小軍;;基于CORBA/Web的網(wǎng)管系統(tǒng)的設(shè)計與實(shí)現(xiàn)[J];計算機(jī)應(yīng)用;2006年01期

6 王飛,張s，

本文編號：2484560