【摘要】：隨著計(jì)算機(jī)技術(shù)的蓬勃發(fā)展和網(wǎng)絡(luò)應(yīng)用的推廣,人們?cè)谙硎芑ヂ?lián)網(wǎng)帶來(lái)的諸多便利的同時(shí),安全需求也在發(fā)生變化。人們對(duì)信息的處理更傾向于電子化,為了預(yù)防來(lái)自系統(tǒng)內(nèi)外的威脅,系統(tǒng)不僅要求保密性,而且還要求信息的完整性。這些變化使得保障數(shù)據(jù)安全問(wèn)題日益凸顯,一些訪問(wèn)控制需求難以用傳統(tǒng)的DAC和MAC來(lái)描述和管理,因此有必要研究更加完善的訪問(wèn)控制方法,對(duì)用戶訪問(wèn)的應(yīng)用服務(wù)與資源過(guò)程進(jìn)行管理,制定更為精細(xì)的策略來(lái)控制信息流動(dòng),維護(hù)信息安全,與此同時(shí)需要加強(qiáng)安全策略信息的管理,實(shí)現(xiàn)策略實(shí)時(shí)匹配,為上述過(guò)程提供保障。針對(duì)上述問(wèn)題,本文提出并設(shè)計(jì)了一種基于標(biāo)簽的策略管理系統(tǒng)解決方案,主要工作包括:(1)深入調(diào)研并分析了現(xiàn)今相關(guān)的訪問(wèn)控制架構(gòu)模型,設(shè)計(jì)服務(wù)和用戶等的標(biāo)簽生成、分類驗(yàn)證方法;(2)提出了基于標(biāo)簽的策略管理系統(tǒng)解決方案;(3)設(shè)計(jì)并實(shí)現(xiàn)了基于標(biāo)簽的策略管理系統(tǒng),可以在保證系統(tǒng)性能、安全、可靠的同時(shí),實(shí)現(xiàn)高效、快速的策略匹配過(guò)程;(4)針對(duì)實(shí)際應(yīng)用情況對(duì)基于標(biāo)簽的策略系統(tǒng)搭建了系統(tǒng)測(cè)試環(huán)境,并進(jìn)行了詳細(xì)的測(cè)試評(píng)估。經(jīng)過(guò)詳細(xì)的功能驗(yàn)證和性能的測(cè)試,測(cè)試結(jié)果表明,本文所提出的方案能夠?qū)崟r(shí)更新訪問(wèn)控制策略,策略管理系統(tǒng)能夠很好地管理系統(tǒng)用戶對(duì)服務(wù)的訪問(wèn)行為,同時(shí)系統(tǒng)性能方面沒(méi)有因?yàn)橛脩舻脑黾赢a(chǎn)生明顯的影響。
[Abstract]:With the rapid development of computer technology and the popularization of network application, people enjoy many conveniences brought by the Internet, and the security requirements are also changing. People tend to process information electronically. In order to prevent threats from inside and outside the system, the system requires not only confidentiality, but also the integrity of information. These changes make the problem of ensuring data security increasingly prominent, some access control requirements are difficult to describe and manage by traditional DAC and MAC, so it is necessary to study more perfect access control methods. The process of application service and resources accessed by users is managed, and a more precise strategy is formulated to control the flow of information and maintain information security. At the same time, it is necessary to strengthen the management of security policy information and realize real-time policy matching. To provide security for the above process. In view of the above problems, this paper proposes and designs a policy management system solution based on label. The main work includes: (1) deeply research and analyze the current access control architecture model. Design service and user label generation, classification verification method; (2) the solution of policy management system based on label is put forward. (3) the policy management system based on label is designed and implemented, which can ensure the performance, security and reliability of the system and realize the efficient and fast policy matching process. (4) based on the practical application, the system testing environment is built and the detailed test evaluation is carried out. After detailed functional verification and performance testing, the test results show that the proposed scheme can update the access control strategy in real time, and the policy management system can manage the access behavior of the users to the service. At the same time, the performance of the system has no obvious impact because of the increase in the number of users.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類號(hào)】：TP311.52

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 張磊;張宏莉;韓道軍;沈夏炯;;基于概念格的RBAC模型中角色最小化問(wèn)題的理論與算法[J];電子學(xué)報(bào);2014年12期

2 敬茂華;楊義先;汪韜;辛陽(yáng);;新穎的正則NFA引擎構(gòu)造方法[J];通信學(xué)報(bào);2014年10期

3 牛德華;馬建峰;馬卓;李辰楠;王蕾;;基于統(tǒng)計(jì)分析優(yōu)化的高性能XACML策略評(píng)估引擎[J];通信學(xué)報(bào);2014年08期

4 馬曉普;李爭(zhēng)艷;魯劍鋒;;訪問(wèn)控制策略描述語(yǔ)言與策略沖突研究[J];計(jì)算機(jī)工程與科學(xué);2012年10期

5 周捷;禹明剛;;基于Ponder2語(yǔ)言的訪問(wèn)控制策略描述方法研究[J];計(jì)算機(jī)與現(xiàn)代化;2012年02期

6 王雅哲;馮登國(guó);張立武;張敏;;基于多層次優(yōu)化技術(shù)的XACML策略評(píng)估引擎[J];軟件學(xué)報(bào);2011年02期

7 范九倫;張雪鋒;;分段Logistic混沌映射及其性能分析[J];電子學(xué)報(bào);2009年04期

8 高寶建;王薇;汪俊;;基于線性分組碼標(biāo)準(zhǔn)陣列的數(shù)據(jù)分組隱藏方法[J];通信學(xué)報(bào);2009年03期

9 王雅哲;馮登國(guó);;一種XACML規(guī)則沖突及冗余分析方法[J];計(jì)算機(jī)學(xué)報(bào);2009年03期

10 王興元;王明軍;;二維Logistic映射的混沌控制[J];物理學(xué)報(bào);2008年02期

相關(guān)博士學(xué)位論文 前4條

1 傅瑜;數(shù)字圖像隱寫算法安全性與性能優(yōu)化研究[D];北京郵電大學(xué);2010年

2 杜紅珍;數(shù)字簽名技術(shù)的若干問(wèn)題研究[D];北京郵電大學(xué);2009年

3 林植;基于策略的訪問(wèn)控制關(guān)鍵技術(shù)研究[D];華中科技大學(xué);2006年

4 葉春曉;基于角色訪問(wèn)控制（RBAC）中屬性約束委托模型研究[D];重慶大學(xué);2005年

相關(guān)碩士學(xué)位論文 前2條

1 秦元坤;正則表達(dá)式匹配中的DFA優(yōu)化技術(shù)研究[D];清華大學(xué);2008年

2 陶欣予;基于PDL的策略管理系統(tǒng)研究[D];吉林大學(xué);2006年

，

本文編號(hào)：2367293