本文選題：單點(diǎn)登錄 + 身份認(rèn)證��； 參考：《河北農(nóng)業(yè)大學(xué)》2015年碩士論文

【摘要】：隨著云計(jì)算的在各領(lǐng)域的廣泛應(yīng)用,云計(jì)算的安全問(wèn)題顯得更加突出。相較于傳統(tǒng)的網(wǎng)絡(luò)安全問(wèn)題,隱私和安全是云數(shù)據(jù)管理環(huán)境中的主要風(fēng)險(xiǎn)。云計(jì)算最重要的服務(wù)是數(shù)據(jù)存儲(chǔ),把數(shù)據(jù)存到云端,所說(shuō)的云端實(shí)際上是由云服務(wù)提供商提供的大型數(shù)據(jù)存儲(chǔ)中心,云端存儲(chǔ)的數(shù)據(jù)資源可以同時(shí)為多個(gè)用戶(hù)所使用。身份管理和身份認(rèn)證是云用戶(hù)面臨的一個(gè)大問(wèn)題。為了保證云環(huán)境中用戶(hù)的數(shù)據(jù)和隱私安全,必須使用高效的用戶(hù)身份管理和認(rèn)證方法。單點(diǎn)登錄技術(shù)使用不同用戶(hù)身份的管理來(lái)提高云用戶(hù)的隱私和安全,確保用戶(hù)的訪(fǎng)問(wèn)授權(quán),保證提供安全的云數(shù)據(jù)管理環(huán)境的有效方法。單點(diǎn)登錄技術(shù)是應(yīng)用于不同系統(tǒng)之間,既可實(shí)現(xiàn)同域也可實(shí)現(xiàn)跨域登錄的“一鍵切換”。論文分析了當(dāng)前農(nóng)業(yè)信息云平臺(tái)的安全和用戶(hù)隱私存在的問(wèn)題,深入研究了單點(diǎn)登錄技術(shù),建立了一套適合農(nóng)業(yè)信息云平臺(tái)的單點(diǎn)登錄模型,另外,為了進(jìn)一步提高用戶(hù)信息和平臺(tái)數(shù)據(jù)的安全性建立了用戶(hù)行為分析模型。論文的主要工作如下:(1)建立了基于CAS的單點(diǎn)登錄模型,對(duì)傳統(tǒng)的CAS登錄機(jī)制做了改進(jìn),對(duì)用戶(hù)的帳號(hào)和密碼進(jìn)行加密處理,確保用戶(hù)信息安全。(2)采用Acegi和CAS相結(jié)合的用戶(hù)訪(fǎng)問(wèn)權(quán)限控制技術(shù),對(duì)用戶(hù)身份認(rèn)證和訪(fǎng)問(wèn)權(quán)限進(jìn)行統(tǒng)一管理,避免用戶(hù)多次進(jìn)行身份認(rèn)證,在系統(tǒng)內(nèi)部可以進(jìn)行自由切換,降低了應(yīng)用系統(tǒng)的維護(hù)和管理成本,同時(shí)提高了安全性和可擴(kuò)展性。(3)在用戶(hù)身份認(rèn)證的基礎(chǔ)上,引入了用戶(hù)行為認(rèn)證機(jī)制,對(duì)平臺(tái)用戶(hù)的網(wǎng)絡(luò)操作行為(用戶(hù)行為習(xí)慣)建立了用戶(hù)行為認(rèn)證模型。引入用戶(hù)訪(fǎng)問(wèn)行為偏離度的概念,有效的過(guò)濾掉一部分信任度低的訪(fǎng)問(wèn)請(qǐng)求。論文中的單點(diǎn)登錄技術(shù)具體應(yīng)用到某省農(nóng)業(yè)信息云平臺(tái),配置了農(nóng)業(yè)信息云平臺(tái)所需的運(yùn)行環(huán)境,并測(cè)試了整個(gè)單點(diǎn)登錄系統(tǒng)的性能,實(shí)驗(yàn)結(jié)果符合預(yù)期,實(shí)現(xiàn)了用戶(hù)隱私保護(hù)和系統(tǒng)安全。
[Abstract]:With the wide application of cloud computing in various fields, the security of cloud computing becomes more and more prominent.Compared with traditional network security, privacy and security are the main risks in cloud data management environment.The most important service of cloud computing is to store data to the cloud. The cloud is actually a large data storage center provided by cloud service provider. The data resource stored in cloud can be used by multiple users at the same time.Identity management and identity authentication is a big problem for cloud users.In order to ensure the security of user's data and privacy in cloud environment, efficient user identity management and authentication methods must be used.Single sign-on technology uses the management of different user identities to improve the privacy and security of cloud users, to ensure user access authorization, and to ensure an effective method to provide a secure cloud data management environment.Single sign-on (SSO) technology is a kind of "one key switch" which can be applied to different systems, both in the same domain and across domains.This paper analyzes the security and user privacy problems of the current agricultural information cloud platform, deeply studies the single sign-on technology, and establishes a single sign-on model suitable for the agricultural information cloud platform.In order to further improve the security of user information and platform data, a user behavior analysis model is established.The main work of this paper is as follows: (1) the single sign-on model based on CAS is established, the traditional CAS login mechanism is improved, and the user's account number and password are encrypted.To ensure the security of user information, the user access rights control technology combined with Acegi and CAS is adopted to manage the user identity authentication and access authority uniformly, to avoid user identity authentication many times, and to switch freely within the system.It reduces the maintenance and management cost of the application system, and at the same time improves the security and expansibility. It introduces the mechanism of user behavior authentication on the basis of user identity authentication.The user behavior authentication model is established for the network operation behavior (user behavior habit) of platform users.The concept of user access behavior deviation is introduced to effectively filter out some access requests with low trust.The single sign-on technology in this paper is applied to the agricultural information cloud platform of a certain province, and the running environment of the agricultural information cloud platform is configured, and the performance of the whole single sign-on system is tested. The experimental results are in line with the expectation.User privacy protection and system security are realized.
【學(xué)位授予單位】：河北農(nóng)業(yè)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2015
【分類(lèi)號(hào)】：TP309;S126

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 沈海波;洪帆;;基于Cookie的跨域單點(diǎn)登錄認(rèn)證機(jī)制分析[J];計(jì)算機(jī)應(yīng)用與軟件;2006年12期

，

本文編號(hào)：1754170