本文選題：移動(dòng)終端　切入點(diǎn)：敏感信息　出處：《西安電子科技大學(xué)》2014年碩士論文

【摘要】：隨著信息化技術(shù)的高速發(fā)展,擁有全國乃至海外分支機(jī)構(gòu)的大型企事業(yè)單位,其內(nèi)部交互的重要、敏感信息越來越多,而且出差在外的員工利用公開網(wǎng)絡(luò)與單位內(nèi)網(wǎng)之間進(jìn)行業(yè)務(wù)傳遞的情況也越來越頻繁,因此,研究在公開網(wǎng)絡(luò)環(huán)境中敏感信息在移動(dòng)終端的隔離防護(hù)技術(shù)具有較高的理論意義和實(shí)際應(yīng)用價(jià)值。本文首先詳細(xì)分析了隔離防護(hù)技術(shù)的研究現(xiàn)狀,包括國內(nèi)外現(xiàn)有信息安全保障體系、可信計(jì)算技術(shù)以及隔離交換技術(shù)和美國GIG網(wǎng)中高保障IP加密機(jī)技術(shù),然后對敏感信息在移動(dòng)終端可能面臨的主要攻擊形式進(jìn)行了分析,為后續(xù)方案的安全性設(shè)計(jì)提供重要參考；接著重點(diǎn)研究了移動(dòng)終端與企事業(yè)內(nèi)網(wǎng)之間傳輸敏感信息的應(yīng)用場景,根據(jù)應(yīng)用場景提出了敏感信息在移動(dòng)終端隔離防護(hù)的安全模型,并對安全模型中各模塊的功能進(jìn)行了詳細(xì)的設(shè)計(jì)；隨后在把握設(shè)計(jì)原則的基礎(chǔ)上,提出了敏感信息在移動(dòng)終端的隔離防護(hù)方案。利用可信計(jì)算技術(shù)提供底層安全,設(shè)計(jì)自定義協(xié)議對內(nèi)部傳輸通道進(jìn)行隔離,通過拆分和重組數(shù)據(jù)并采用不同傳輸通道以降低可能出現(xiàn)的漏洞攻擊。最后,對方案中的關(guān)鍵技術(shù)進(jìn)行了編程實(shí)現(xiàn),包括身份認(rèn)證與密鑰協(xié)商過程以及數(shù)據(jù)的拆分與重組。并且從軟硬件兩個(gè)層面分別就方案的抗攻擊機(jī)制和安全防護(hù)機(jī)制的安全性進(jìn)行了分析,表明方案具有較高的安全性。
[Abstract]:With the rapid development of information technology, large enterprises and institutions with branches throughout the country and even overseas have more and more important and sensitive information in their internal interactions. Moreover, the use of the open network and the internal network for business transfer is also becoming more and more frequent, so, It has high theoretical significance and practical application value to study the isolation and protection technology of sensitive information in mobile terminal in the open network environment. It includes the existing information security system at home and abroad, trusted computing technology, isolation and exchange technology and high security IP encryption machine technology in American GIG network. Then the main attack forms that sensitive information may face in mobile terminal are analyzed. It provides an important reference for the security design of the subsequent scheme, and then focuses on the application scenario of transmitting sensitive information between the mobile terminal and the enterprise Intranet, and puts forward a security model for the isolation and protection of the sensitive information in the mobile terminal according to the application scenario. The function of each module in the security model is designed in detail, and then, on the basis of grasping the design principle, the isolation and protection scheme of sensitive information in mobile terminal is put forward, and the underlying security is provided by using trusted computing technology. A custom protocol is designed to isolate the internal transmission channels and to reduce the possible vulnerability attacks by splitting and reorganizing the data and adopting different transmission channels. Finally, the key technologies in the scheme are programmed and implemented. It includes the process of identity authentication and key agreement as well as the split and recombination of data, and analyzes the security of the anti-attack mechanism and the security protection mechanism from the two aspects of software and hardware, which shows that the scheme has high security.
【學(xué)位授予單位】：西安電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TN918.4

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 虞文進(jìn);李健俊;;基于IATF思想的網(wǎng)絡(luò)安全設(shè)計(jì)和建設(shè)[J];信息安全與通信保密;2010年01期

，

本文編號(hào)：1691384